################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2025-11-14 09:14:07 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.91.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707766/; classtype:trojan-activity;sid:84570866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.21.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707765/; classtype:trojan-activity;sid:84570865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.51.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707763/; classtype:trojan-activity;sid:84570863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.1.26.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707762/; classtype:trojan-activity;sid:84570862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.28.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707761/; classtype:trojan-activity;sid:84570861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.35.78.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707760/; classtype:trojan-activity;sid:84570860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707756)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"162.83.157.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707756/; classtype:trojan-activity;sid:84570856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.122.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707755/; classtype:trojan-activity;sid:84570855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.227.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707753/; classtype:trojan-activity;sid:84570853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.254.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707754/; classtype:trojan-activity;sid:84570854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.201.25.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707752/; classtype:trojan-activity;sid:84570852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.152.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707751/; classtype:trojan-activity;sid:84570851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.212.125.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707750/; classtype:trojan-activity;sid:84570850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.39.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707748/; classtype:trojan-activity;sid:84570848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.243.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707747/; classtype:trojan-activity;sid:84570847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.49.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707746/; classtype:trojan-activity;sid:84570846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707745)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/pzap5ci.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707745/; classtype:trojan-activity;sid:84570845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.24.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707744/; classtype:trojan-activity;sid:84570844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.134.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707743/; classtype:trojan-activity;sid:84570843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707742/; classtype:trojan-activity;sid:84570842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.104.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707741/; classtype:trojan-activity;sid:84570841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.115.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707740/; classtype:trojan-activity;sid:84570840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.152.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707739/; classtype:trojan-activity;sid:84570839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.214.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707737/; classtype:trojan-activity;sid:84570837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.48.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707736/; classtype:trojan-activity;sid:84570836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.141.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707735/; classtype:trojan-activity;sid:84570835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.104.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707734/; classtype:trojan-activity;sid:84570834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.125.128.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707733/; classtype:trojan-activity;sid:84570833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.49.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707732/; classtype:trojan-activity;sid:84570832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.115.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707731/; classtype:trojan-activity;sid:84570831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707730/; classtype:trojan-activity;sid:84570830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.141.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707729/; classtype:trojan-activity;sid:84570829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.125.128.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707728/; classtype:trojan-activity;sid:84570828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707726)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.6.197.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707726/; classtype:trojan-activity;sid:84570826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707719)"; flow:established,from_client; content:"GET"; http_method; content:"/j1sp7110.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyuw8.lat"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707719/; classtype:trojan-activity;sid:84570819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707720)"; flow:established,from_client; content:"GET"; http_method; content:"/tv-garden_ver_12.03.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tv-garden-new15.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707720/; classtype:trojan-activity;sid:84570820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707718)"; flow:established,from_client; content:"GET"; http_method; content:"/tv-garden_ver_12.03.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tv-garden-new16.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707718/; classtype:trojan-activity;sid:84570818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707717)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tikpro18prem.sbs"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707717/; classtype:trojan-activity;sid:84570817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707714)"; flow:established,from_client; content:"GET"; http_method; content:"/installing/party_highlights_2025.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"silverglassinstaller.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707714/; classtype:trojan-activity;sid:84570814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707715)"; flow:established,from_client; content:"GET"; http_method; content:"/msteamssetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"3la6ol.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707715/; classtype:trojan-activity;sid:84570815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest|7c|26|7c|c=g4181x|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c="; http_uri; depth:165; isdataat:!1,relative; nocase; content:"freshpitaclub.screenconnect.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707713/; classtype:trojan-activity;sid:84570813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707712)"; flow:established,from_client; content:"GET"; http_method; content:"/com.movseek.app_release1.0.1.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"movseek.pages.dev"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707712/; classtype:trojan-activity;sid:84570812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707711)"; flow:established,from_client; content:"GET"; http_method; content:"/skyrim/copy/skyrimsetup.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"skyrim-specialedition-download-free-togetherreborn.pages.dev"; http_host; depth:60; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707711/; classtype:trojan-activity;sid:84570811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707709)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/1win.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"1win-android.help"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707709/; classtype:trojan-activity;sid:84570809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707710)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/1cs-app-v-1.2.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ak47financialservices.shop"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707710/; classtype:trojan-activity;sid:84570810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707707)"; flow:established,from_client; content:"GET"; http_method; content:"/safevision.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kameradoma1.store"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707707/; classtype:trojan-activity;sid:84570807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707708)"; flow:established,from_client; content:"GET"; http_method; content:"/download/direct/431d379b-7a6a-4cd1-812f-769a6f8e5622/remittance%20advice.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"store9.gofile.io"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707708/; classtype:trojan-activity;sid:84570808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707703)"; flow:established,from_client; content:"GET"; http_method; content:"/static/file/kankan_kk360setup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"asjdkaskjwecmeitu01.top"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707703/; classtype:trojan-activity;sid:84570803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707704)"; flow:established,from_client; content:"GET"; http_method; content:"/onsko%20wznawia%c4%87.apk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"onskplaymrket.live"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707704/; classtype:trojan-activity;sid:84570804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707705)"; flow:established,from_client; content:"GET"; http_method; content:"/m/downloads/starjoker88.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"starvina.cfd"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707705/; classtype:trojan-activity;sid:84570805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.180.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707706/; classtype:trojan-activity;sid:84570806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707700)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/digislot_1.0.0.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"digislotsr.lat"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707700/; classtype:trojan-activity;sid:84570800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707702)"; flow:established,from_client; content:"GET"; http_method; content:"/pclient.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gic-sn.online"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707702/; classtype:trojan-activity;sid:84570802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707697)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/04/pieletjf.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"theoremaoliveoil.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707697/; classtype:trojan-activity;sid:84570797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707698)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/cici303_1.0.0.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cici303now.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707698/; classtype:trojan-activity;sid:84570798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707699)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/04/pieletjf_vm.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"theoremaoliveoil.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707699/; classtype:trojan-activity;sid:84570799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707696)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/bojek567_1.1.5.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"citra567latih.site"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707696/; classtype:trojan-activity;sid:84570796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707695)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"59.97.180.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707695/; classtype:trojan-activity;sid:84570795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707691)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/49evsjr.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707691/; classtype:trojan-activity;sid:84570791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.194.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707692/; classtype:trojan-activity;sid:84570792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707693)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/bojek567_1.1.5.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"citra567santai.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707693/; classtype:trojan-activity;sid:84570793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.243.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707685/; classtype:trojan-activity;sid:84570785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707683/; classtype:trojan-activity;sid:84570783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.48.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707681/; classtype:trojan-activity;sid:84570781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.194.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707682/; classtype:trojan-activity;sid:84570782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.156.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707660/; classtype:trojan-activity;sid:84570760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.243.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707659/; classtype:trojan-activity;sid:84570759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.184.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707658/; classtype:trojan-activity;sid:84570758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.34.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707656/; classtype:trojan-activity;sid:84570756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.206.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707657/; classtype:trojan-activity;sid:84570757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.181.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707655/; classtype:trojan-activity;sid:84570755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.156.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707653/; classtype:trojan-activity;sid:84570753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.123.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707652/; classtype:trojan-activity;sid:84570752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.184.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707651/; classtype:trojan-activity;sid:84570751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.19.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707650/; classtype:trojan-activity;sid:84570750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.24.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707649/; classtype:trojan-activity;sid:84570749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.6.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707648/; classtype:trojan-activity;sid:84570748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707647/; classtype:trojan-activity;sid:84570747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.227.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707646/; classtype:trojan-activity;sid:84570746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.79.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707644/; classtype:trojan-activity;sid:84570744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.100.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707643/; classtype:trojan-activity;sid:84570743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.6.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707642/; classtype:trojan-activity;sid:84570742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707641/; classtype:trojan-activity;sid:84570741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.95.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707640/; classtype:trojan-activity;sid:84570740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.196.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707639/; classtype:trojan-activity;sid:84570739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.63.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707638/; classtype:trojan-activity;sid:84570738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.227.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707637/; classtype:trojan-activity;sid:84570737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.93.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707635/; classtype:trojan-activity;sid:84570735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.85.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707634/; classtype:trojan-activity;sid:84570734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.174.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707633/; classtype:trojan-activity;sid:84570733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.201.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707632/; classtype:trojan-activity;sid:84570732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.157.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707630/; classtype:trojan-activity;sid:84570730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.27.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707628/; classtype:trojan-activity;sid:84570728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.85.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707629/; classtype:trojan-activity;sid:84570729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.81.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707627/; classtype:trojan-activity;sid:84570727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.201.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707624/; classtype:trojan-activity;sid:84570724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.17.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707625/; classtype:trojan-activity;sid:84570725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.243.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707623/; classtype:trojan-activity;sid:84570723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.157.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707622/; classtype:trojan-activity;sid:84570722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.122.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707621/; classtype:trojan-activity;sid:84570721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.27.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707620/; classtype:trojan-activity;sid:84570720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.214.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707619/; classtype:trojan-activity;sid:84570719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.13.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707617/; classtype:trojan-activity;sid:84570717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.81.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707615/; classtype:trojan-activity;sid:84570715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707611/; classtype:trojan-activity;sid:84570711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.134.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707609/; classtype:trojan-activity;sid:84570709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.214.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707610/; classtype:trojan-activity;sid:84570710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.32.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707608/; classtype:trojan-activity;sid:84570708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.252.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707607/; classtype:trojan-activity;sid:84570707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.252.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707606/; classtype:trojan-activity;sid:84570706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707224)"; flow:established,from_client; content:"GET"; http_method; content:"/merged.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"zora-unhappy-allie.ngrok-free.dev"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707224/; classtype:trojan-activity;sid:84570324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.32.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704914/; classtype:trojan-activity;sid:84568014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.56.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704913/; classtype:trojan-activity;sid:84568013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.29.28.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704912/; classtype:trojan-activity;sid:84568012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.122.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704911/; classtype:trojan-activity;sid:84568011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.178.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704909/; classtype:trojan-activity;sid:84568009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704908)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6526700278/ghzl9l2.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704908/; classtype:trojan-activity;sid:84568008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.29.28.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704906/; classtype:trojan-activity;sid:84568006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.252.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704905/; classtype:trojan-activity;sid:84568005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.122.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704903/; classtype:trojan-activity;sid:84568003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.115.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704902/; classtype:trojan-activity;sid:84568002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704901)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6736376409/1v3jhap.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704901/; classtype:trojan-activity;sid:84568001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.70.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704900/; classtype:trojan-activity;sid:84568000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.94.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704899/; classtype:trojan-activity;sid:84567999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.169.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704897/; classtype:trojan-activity;sid:84567997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.200.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704896/; classtype:trojan-activity;sid:84567996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.167.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704894/; classtype:trojan-activity;sid:84567994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704892)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.58.247.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704892/; classtype:trojan-activity;sid:84567992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704893)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.58.247.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704893/; classtype:trojan-activity;sid:84567993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.70.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704891/; classtype:trojan-activity;sid:84567991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.100.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704888/; classtype:trojan-activity;sid:84567988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.200.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704887/; classtype:trojan-activity;sid:84567987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704886)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/osddjnj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704886/; classtype:trojan-activity;sid:84567986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.199.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704885/; classtype:trojan-activity;sid:84567985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.231.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704882/; classtype:trojan-activity;sid:84567982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.100.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704881/; classtype:trojan-activity;sid:84567981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.53.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704880/; classtype:trojan-activity;sid:84567980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.31.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704879/; classtype:trojan-activity;sid:84567979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.74.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704878/; classtype:trojan-activity;sid:84567978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.53.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704877/; classtype:trojan-activity;sid:84567977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.44.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704875/; classtype:trojan-activity;sid:84567975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.231.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704876/; classtype:trojan-activity;sid:84567976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.238.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704874/; classtype:trojan-activity;sid:84567974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.74.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704873/; classtype:trojan-activity;sid:84567973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.238.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704869/; classtype:trojan-activity;sid:84567969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.44.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704870/; classtype:trojan-activity;sid:84567970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.68.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704868/; classtype:trojan-activity;sid:84567968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.36.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704865/; classtype:trojan-activity;sid:84567965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.214.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704864/; classtype:trojan-activity;sid:84567964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.36.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704863/; classtype:trojan-activity;sid:84567963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.14.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704859/; classtype:trojan-activity;sid:84567959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704858)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.255.209.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704858/; classtype:trojan-activity;sid:84567958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704856)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.255.209.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704856/; classtype:trojan-activity;sid:84567956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704857)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.255.209.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704857/; classtype:trojan-activity;sid:84567957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704854)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.255.209.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704854/; classtype:trojan-activity;sid:84567954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704855)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.255.209.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704855/; classtype:trojan-activity;sid:84567955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704849)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.255.209.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704849/; classtype:trojan-activity;sid:84567949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704850)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.255.209.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704850/; classtype:trojan-activity;sid:84567950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704851)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"213.255.209.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704851/; classtype:trojan-activity;sid:84567951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704852)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.255.209.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704852/; classtype:trojan-activity;sid:84567952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704853)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.255.209.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704853/; classtype:trojan-activity;sid:84567953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.116.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704848/; classtype:trojan-activity;sid:84567948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.227.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704847/; classtype:trojan-activity;sid:84567947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.76.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704845/; classtype:trojan-activity;sid:84567945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.111.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704844/; classtype:trojan-activity;sid:84567944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704843/; classtype:trojan-activity;sid:84567943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704842)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6437444697/cie2zkz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704842/; classtype:trojan-activity;sid:84567942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.116.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704841/; classtype:trojan-activity;sid:84567941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704839)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8471326122/kan6gr5.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704839/; classtype:trojan-activity;sid:84567939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704837)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/lj5iwxn.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704837/; classtype:trojan-activity;sid:84567937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704834)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5222311384/5ugxsdo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704834/; classtype:trojan-activity;sid:84567934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704835)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8434554557/zibamzm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704835/; classtype:trojan-activity;sid:84567935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704836)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6589084083/mca4srr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704836/; classtype:trojan-activity;sid:84567936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.194.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704832/; classtype:trojan-activity;sid:84567932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3704831/; classtype:trojan-activity;sid:84567931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.197.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704830/; classtype:trojan-activity;sid:84567930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.109.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704829/; classtype:trojan-activity;sid:84567929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.76.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704828/; classtype:trojan-activity;sid:84567928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.19.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704827/; classtype:trojan-activity;sid:84567927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704826)"; flow:established,from_client; content:"GET"; http_method; content:"/4owp6w4n"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ufer.acornhollow.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704826/; classtype:trojan-activity;sid:84567926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.3.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704825/; classtype:trojan-activity;sid:84567925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.109.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704824/; classtype:trojan-activity;sid:84567924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704823/; classtype:trojan-activity;sid:84567923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.183.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704822/; classtype:trojan-activity;sid:84567922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704821)"; flow:established,from_client; content:"GET"; http_method; content:"/tyyocdpv"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moos.ivyvale.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704821/; classtype:trojan-activity;sid:84567921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704820/; classtype:trojan-activity;sid:84567920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.197.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704819/; classtype:trojan-activity;sid:84567919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.224.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704818/; classtype:trojan-activity;sid:84567918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.3.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704817/; classtype:trojan-activity;sid:84567917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.224.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704816/; classtype:trojan-activity;sid:84567916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.13.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704815/; classtype:trojan-activity;sid:84567915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.217.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704814/; classtype:trojan-activity;sid:84567914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.153.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704813/; classtype:trojan-activity;sid:84567913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.224.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704812/; classtype:trojan-activity;sid:84567912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.138.113.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704811/; classtype:trojan-activity;sid:84567911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.25.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704810/; classtype:trojan-activity;sid:84567910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.17.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704809/; classtype:trojan-activity;sid:84567909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.41.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704808/; classtype:trojan-activity;sid:84567908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704807/; classtype:trojan-activity;sid:84567907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.138.113.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704806/; classtype:trojan-activity;sid:84567906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.134.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704805/; classtype:trojan-activity;sid:84567905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.153.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704804/; classtype:trojan-activity;sid:84567904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704803)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704803/; classtype:trojan-activity;sid:84567903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704792)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704792/; classtype:trojan-activity;sid:84567892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704793)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/o.xml"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704793/; classtype:trojan-activity;sid:84567893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704794)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704794/; classtype:trojan-activity;sid:84567894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704795)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704795/; classtype:trojan-activity;sid:84567895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704796)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704796/; classtype:trojan-activity;sid:84567896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704797)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704797/; classtype:trojan-activity;sid:84567897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704798)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704798/; classtype:trojan-activity;sid:84567898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704799)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704799/; classtype:trojan-activity;sid:84567899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704800)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704800/; classtype:trojan-activity;sid:84567900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704801)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704801/; classtype:trojan-activity;sid:84567901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704802)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704802/; classtype:trojan-activity;sid:84567902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704786)"; flow:established,from_client; content:"GET"; http_method; content:"/2.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704786/; classtype:trojan-activity;sid:84567886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704787)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704787/; classtype:trojan-activity;sid:84567887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704788)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704788/; classtype:trojan-activity;sid:84567888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704789)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704789/; classtype:trojan-activity;sid:84567889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704790)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704790/; classtype:trojan-activity;sid:84567890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704791)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704791/; classtype:trojan-activity;sid:84567891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704785)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704785/; classtype:trojan-activity;sid:84567885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704784)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"41.216.189.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704784/; classtype:trojan-activity;sid:84567884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.59.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704783/; classtype:trojan-activity;sid:84567883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704782)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.208.158.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704782/; classtype:trojan-activity;sid:84567882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.25.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704781/; classtype:trojan-activity;sid:84567881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704780)"; flow:established,from_client; content:"GET"; http_method; content:"/4m6fnbi0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"stahl.goldtalon.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704780/; classtype:trojan-activity;sid:84567880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.47.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704779/; classtype:trojan-activity;sid:84567879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.223.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704778/; classtype:trojan-activity;sid:84567878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.134.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704777/; classtype:trojan-activity;sid:84567877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.4.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704776/; classtype:trojan-activity;sid:84567876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704775/; classtype:trojan-activity;sid:84567875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.115.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704774/; classtype:trojan-activity;sid:84567874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704773)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6437444697/hgkgl9m.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704773/; classtype:trojan-activity;sid:84567873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.40.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704772/; classtype:trojan-activity;sid:84567872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.69.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704770/; classtype:trojan-activity;sid:84567870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.223.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704771/; classtype:trojan-activity;sid:84567871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.170.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704769/; classtype:trojan-activity;sid:84567869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.199.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704768/; classtype:trojan-activity;sid:84567868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.104.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704767/; classtype:trojan-activity;sid:84567867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704766)"; flow:established,from_client; content:"GET"; http_method; content:"/ioc.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704766/; classtype:trojan-activity;sid:84567866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.115.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704765/; classtype:trojan-activity;sid:84567865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704764/; classtype:trojan-activity;sid:84567864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.119.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704763/; classtype:trojan-activity;sid:84567863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.86.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704762/; classtype:trojan-activity;sid:84567862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.180.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704761/; classtype:trojan-activity;sid:84567861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.193.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704760/; classtype:trojan-activity;sid:84567860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704759)"; flow:established,from_client; content:"GET"; http_method; content:"/b1s073we"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"stern.brinewald.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704759/; classtype:trojan-activity;sid:84567859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.72.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704758/; classtype:trojan-activity;sid:84567858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.13.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704757/; classtype:trojan-activity;sid:84567857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.79.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704756/; classtype:trojan-activity;sid:84567856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.70.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704755/; classtype:trojan-activity;sid:84567855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.199.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704754/; classtype:trojan-activity;sid:84567854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.117.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704753/; classtype:trojan-activity;sid:84567853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704752)"; flow:established,from_client; content:"GET"; http_method; content:"/j1egc9j4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moor.brinewald.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704752/; classtype:trojan-activity;sid:84567852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.244.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704751/; classtype:trojan-activity;sid:84567851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.239.192.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704750/; classtype:trojan-activity;sid:84567850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704749)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/bof.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"centaurustermas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704749/; classtype:trojan-activity;sid:84567849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704748)"; flow:established,from_client; content:"GET"; http_method; content:"/4nnjson.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.iconconsultants.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704748/; classtype:trojan-activity;sid:84567848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704747)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"centaurustermas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704747/; classtype:trojan-activity;sid:84567847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704745/; classtype:trojan-activity;sid:84567845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704746/; classtype:trojan-activity;sid:84567846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.187.104.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704739/; classtype:trojan-activity;sid:84567839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.245.35.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704740/; classtype:trojan-activity;sid:84567840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.24.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704741/; classtype:trojan-activity;sid:84567841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.105.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704742/; classtype:trojan-activity;sid:84567842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.91.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704743/; classtype:trojan-activity;sid:84567843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.56.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704744/; classtype:trojan-activity;sid:84567844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.53.106.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704735/; classtype:trojan-activity;sid:84567835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704736)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.157.106.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704736/; classtype:trojan-activity;sid:84567836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.187.104.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704737/; classtype:trojan-activity;sid:84567837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.126.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704738/; classtype:trojan-activity;sid:84567838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704734)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.59.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704734/; classtype:trojan-activity;sid:84567834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704733)"; flow:established,from_client; content:"GET"; http_method; content:"/0k5k5mzy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hafen.brinewald.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704733/; classtype:trojan-activity;sid:84567833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.72.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704732/; classtype:trojan-activity;sid:84567832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704731/; classtype:trojan-activity;sid:84567831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.13.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704730/; classtype:trojan-activity;sid:84567830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.125.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704729/; classtype:trojan-activity;sid:84567829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.214.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704728/; classtype:trojan-activity;sid:84567828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.235.242.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704727/; classtype:trojan-activity;sid:84567827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704726)"; flow:established,from_client; content:"GET"; http_method; content:"/woeeeavd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dorn.slatefalke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704726/; classtype:trojan-activity;sid:84567826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.111.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704725/; classtype:trojan-activity;sid:84567825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.253.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704724/; classtype:trojan-activity;sid:84567824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.244.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704723/; classtype:trojan-activity;sid:84567823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.161.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704722/; classtype:trojan-activity;sid:84567822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704721)"; flow:established,from_client; content:"GET"; http_method; content:"/d1xoggz4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"blitz.elmfalter.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704721/; classtype:trojan-activity;sid:84567821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704720)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8471326122/kan6gr5.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704720/; classtype:trojan-activity;sid:84567820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.95.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704719/; classtype:trojan-activity;sid:84567819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.95.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704718/; classtype:trojan-activity;sid:84567818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.89.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704717/; classtype:trojan-activity;sid:84567817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704716)"; flow:established,from_client; content:"GET"; http_method; content:"/aautzr1p8a/tcrond"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"90.156.218.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704716/; classtype:trojan-activity;sid:84567816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704713)"; flow:established,from_client; content:"GET"; http_method; content:"/zpjgbeevph/x522"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"90.156.218.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704713/; classtype:trojan-activity;sid:84567813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704714)"; flow:established,from_client; content:"GET"; http_method; content:"/pbp2n7vsdg/x521"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"90.156.218.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704714/; classtype:trojan-activity;sid:84567814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704715)"; flow:established,from_client; content:"GET"; http_method; content:"/vky0b4j9k3/x640"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"90.156.218.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704715/; classtype:trojan-activity;sid:84567815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.30.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704712/; classtype:trojan-activity;sid:84567812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.161.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704711/; classtype:trojan-activity;sid:84567811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.116.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704710/; classtype:trojan-activity;sid:84567810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.227.128.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704709/; classtype:trojan-activity;sid:84567809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.59.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704708/; classtype:trojan-activity;sid:84567808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.95.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704707/; classtype:trojan-activity;sid:84567807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.93.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704706/; classtype:trojan-activity;sid:84567806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704705)"; flow:established,from_client; content:"GET"; http_method; content:"/vrbjvsus"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"klee.walnutsteg.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704705/; classtype:trojan-activity;sid:84567805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704704/; classtype:trojan-activity;sid:84567804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.210.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704703/; classtype:trojan-activity;sid:84567803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.116.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704702/; classtype:trojan-activity;sid:84567802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.231.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704701/; classtype:trojan-activity;sid:84567801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704700)"; flow:established,from_client; content:"GET"; http_method; content:"/hjxokeqh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rune.walnutsteg.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704700/; classtype:trojan-activity;sid:84567800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.59.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704699/; classtype:trojan-activity;sid:84567799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.69.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704698/; classtype:trojan-activity;sid:84567798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704697)"; flow:established,from_client; content:"GET"; http_method; content:"/2km2br1h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bach.walnutsteg.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704697/; classtype:trojan-activity;sid:84567797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.59.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704696/; classtype:trojan-activity;sid:84567796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.30.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704695/; classtype:trojan-activity;sid:84567795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.231.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704694/; classtype:trojan-activity;sid:84567794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.28.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704693/; classtype:trojan-activity;sid:84567793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.107.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704692/; classtype:trojan-activity;sid:84567792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.69.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704691/; classtype:trojan-activity;sid:84567791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704690)"; flow:established,from_client; content:"GET"; http_method; content:"/qtat6le0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"licht.oryxbucht.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704690/; classtype:trojan-activity;sid:84567790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704689/; classtype:trojan-activity;sid:84567789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704687)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704687/; classtype:trojan-activity;sid:84567787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704688)"; flow:established,from_client; content:"GET"; http_method; content:"/3el9r9p6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nebel.eiderquelle.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704688/; classtype:trojan-activity;sid:84567788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704686)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704686/; classtype:trojan-activity;sid:84567786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704672)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704672/; classtype:trojan-activity;sid:84567772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704673)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704673/; classtype:trojan-activity;sid:84567773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704674)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704674/; classtype:trojan-activity;sid:84567774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704675)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704675/; classtype:trojan-activity;sid:84567775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704676)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704676/; classtype:trojan-activity;sid:84567776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704677)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704677/; classtype:trojan-activity;sid:84567777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704678)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704678/; classtype:trojan-activity;sid:84567778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704679)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704679/; classtype:trojan-activity;sid:84567779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704680)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704680/; classtype:trojan-activity;sid:84567780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704681)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704681/; classtype:trojan-activity;sid:84567781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704682)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704682/; classtype:trojan-activity;sid:84567782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704683)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704683/; classtype:trojan-activity;sid:84567783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704684)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7553285948/7eio0wu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704684/; classtype:trojan-activity;sid:84567784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704685)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"154.6.197.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704685/; classtype:trojan-activity;sid:84567785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704671)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704671/; classtype:trojan-activity;sid:84567771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.41.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704670/; classtype:trojan-activity;sid:84567770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704663)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704663/; classtype:trojan-activity;sid:84567763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704664)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704664/; classtype:trojan-activity;sid:84567764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704665)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704665/; classtype:trojan-activity;sid:84567765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704666)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704666/; classtype:trojan-activity;sid:84567766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704667)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704667/; classtype:trojan-activity;sid:84567767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704668)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704668/; classtype:trojan-activity;sid:84567768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704669)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704669/; classtype:trojan-activity;sid:84567769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704655)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704655/; classtype:trojan-activity;sid:84567755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704656)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704656/; classtype:trojan-activity;sid:84567756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704657)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704657/; classtype:trojan-activity;sid:84567757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704658)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704658/; classtype:trojan-activity;sid:84567758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704659)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704659/; classtype:trojan-activity;sid:84567759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704660)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704660/; classtype:trojan-activity;sid:84567760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704661)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704661/; classtype:trojan-activity;sid:84567761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704662)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.133.73.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704662/; classtype:trojan-activity;sid:84567762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704640)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704640/; classtype:trojan-activity;sid:84567740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704641)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704641/; classtype:trojan-activity;sid:84567741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704642)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704642/; classtype:trojan-activity;sid:84567742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704643)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704643/; classtype:trojan-activity;sid:84567743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704644)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704644/; classtype:trojan-activity;sid:84567744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704645)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704645/; classtype:trojan-activity;sid:84567745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704646)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704646/; classtype:trojan-activity;sid:84567746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704647)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704647/; classtype:trojan-activity;sid:84567747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704648)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704648/; classtype:trojan-activity;sid:84567748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704649)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704649/; classtype:trojan-activity;sid:84567749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704650)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704650/; classtype:trojan-activity;sid:84567750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704651)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704651/; classtype:trojan-activity;sid:84567751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704652)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704652/; classtype:trojan-activity;sid:84567752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704653)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704653/; classtype:trojan-activity;sid:84567753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704654)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704654/; classtype:trojan-activity;sid:84567754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704639)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"2.56.179.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704639/; classtype:trojan-activity;sid:84567739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704638)"; flow:established,from_client; content:"GET"; http_method; content:"/a/fucktheamericanpeople.mipsel"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"85.90.245.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704638/; classtype:trojan-activity;sid:84567738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704637)"; flow:established,from_client; content:"GET"; http_method; content:"/a/fucktheamericanpeople.x86_64"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"85.90.245.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704637/; classtype:trojan-activity;sid:84567737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704629)"; flow:established,from_client; content:"GET"; http_method; content:"/a/fucktheamericanpeople.sh"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"85.90.245.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704629/; classtype:trojan-activity;sid:84567729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704630)"; flow:established,from_client; content:"GET"; http_method; content:"/a/fucktheamericanpeople.arm64"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"85.90.245.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704630/; classtype:trojan-activity;sid:84567730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704631)"; flow:established,from_client; content:"GET"; http_method; content:"/a/fucktheamericanpeople.mips"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.90.245.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704631/; classtype:trojan-activity;sid:84567731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704632)"; flow:established,from_client; content:"GET"; http_method; content:"/a/fucktheamericanpeople.i686"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.90.245.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704632/; classtype:trojan-activity;sid:84567732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704633)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.90.245.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704633/; classtype:trojan-activity;sid:84567733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704634)"; flow:established,from_client; content:"GET"; http_method; content:"/a/fucktheamericanpeople.arm7"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.90.245.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704634/; classtype:trojan-activity;sid:84567734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704635)"; flow:established,from_client; content:"GET"; http_method; content:"/a/fucktheamericanpeople.arm4"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.90.245.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704635/; classtype:trojan-activity;sid:84567735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704636)"; flow:established,from_client; content:"GET"; http_method; content:"/a/fucktheamericanpeople.arm5"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"85.90.245.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704636/; classtype:trojan-activity;sid:84567736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704628)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.60.102.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704628/; classtype:trojan-activity;sid:84567728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704622)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.246.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704622/; classtype:trojan-activity;sid:84567722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704623)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.48.123.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704623/; classtype:trojan-activity;sid:84567723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704624)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.55.60.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704624/; classtype:trojan-activity;sid:84567724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704625)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.233.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704625/; classtype:trojan-activity;sid:84567725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704626)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.53.39.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704626/; classtype:trojan-activity;sid:84567726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704627)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.148.5.67"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704627/; classtype:trojan-activity;sid:84567727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704620)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.235.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704620/; classtype:trojan-activity;sid:84567720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704621)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.235.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704621/; classtype:trojan-activity;sid:84567721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704614)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.120.198.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704614/; classtype:trojan-activity;sid:84567714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704615)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"206.237.12.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704615/; classtype:trojan-activity;sid:84567715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704616)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"4.201.220.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704616/; classtype:trojan-activity;sid:84567716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704617)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.221.215.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704617/; classtype:trojan-activity;sid:84567717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704618)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"137.220.194.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704618/; classtype:trojan-activity;sid:84567718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704619)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"125.122.97.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704619/; classtype:trojan-activity;sid:84567719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704613)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.105.200.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704613/; classtype:trojan-activity;sid:84567713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704612)"; flow:established,from_client; content:"GET"; http_method; content:"/68d043kc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"glut.eiderquelle.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704612/; classtype:trojan-activity;sid:84567712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704611)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.152.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704611/; classtype:trojan-activity;sid:84567711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.151.169.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704605/; classtype:trojan-activity;sid:84567705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.44.233.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704606/; classtype:trojan-activity;sid:84567706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.236.127.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704607/; classtype:trojan-activity;sid:84567707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.245.115.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704608/; classtype:trojan-activity;sid:84567708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.62.138.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704609/; classtype:trojan-activity;sid:84567709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704610)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.245.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704610/; classtype:trojan-activity;sid:84567710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.94.33.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704599/; classtype:trojan-activity;sid:84567699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704600)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704600/; classtype:trojan-activity;sid:84567700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704601)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.116.57.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704601/; classtype:trojan-activity;sid:84567701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704602/; classtype:trojan-activity;sid:84567702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.173.105.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704603/; classtype:trojan-activity;sid:84567703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.235.192.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704604/; classtype:trojan-activity;sid:84567704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704598/; classtype:trojan-activity;sid:84567698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704597)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704597/; classtype:trojan-activity;sid:84567697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704596)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704596/; classtype:trojan-activity;sid:84567696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704595)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704595/; classtype:trojan-activity;sid:84567695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704594)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704594/; classtype:trojan-activity;sid:84567694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704593)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704593/; classtype:trojan-activity;sid:84567693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704585)"; flow:established,from_client; content:"GET"; http_method; content:"/httd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704585/; classtype:trojan-activity;sid:84567685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704586)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el_softfloat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704586/; classtype:trojan-activity;sid:84567686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704587)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704587/; classtype:trojan-activity;sid:84567687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704588)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704588/; classtype:trojan-activity;sid:84567688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704589)"; flow:established,from_client; content:"GET"; http_method; content:"/jiedian"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704589/; classtype:trojan-activity;sid:84567689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704590)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704590/; classtype:trojan-activity;sid:84567690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704591)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704591/; classtype:trojan-activity;sid:84567691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704592)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704592/; classtype:trojan-activity;sid:84567692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704583)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_softfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704583/; classtype:trojan-activity;sid:84567683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704584)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64el"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704584/; classtype:trojan-activity;sid:84567684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704582)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704582/; classtype:trojan-activity;sid:84567682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704580)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704580/; classtype:trojan-activity;sid:84567680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704581)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704581/; classtype:trojan-activity;sid:84567681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704579)"; flow:established,from_client; content:"GET"; http_method; content:"/user.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"39.97.229.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704579/; classtype:trojan-activity;sid:84567679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704578)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.6.197.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704578/; classtype:trojan-activity;sid:84567678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704575)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.6.197.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704575/; classtype:trojan-activity;sid:84567675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704576)"; flow:established,from_client; content:"GET"; http_method; content:"/x32"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.6.197.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704576/; classtype:trojan-activity;sid:84567676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704577)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.6.197.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704577/; classtype:trojan-activity;sid:84567677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704567)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.6.197.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704567/; classtype:trojan-activity;sid:84567667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704568)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.6.197.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704568/; classtype:trojan-activity;sid:84567668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704569)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.6.197.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704569/; classtype:trojan-activity;sid:84567669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704570)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.6.197.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704570/; classtype:trojan-activity;sid:84567670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704571)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.6.197.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704571/; classtype:trojan-activity;sid:84567671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704572)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.6.197.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704572/; classtype:trojan-activity;sid:84567672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704573)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.6.197.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704573/; classtype:trojan-activity;sid:84567673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704574)"; flow:established,from_client; content:"GET"; http_method; content:"/milan.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.6.197.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704574/; classtype:trojan-activity;sid:84567674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704566)"; flow:established,from_client; content:"GET"; http_method; content:"/0jnlxly3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ufer.eiderquelle.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704566/; classtype:trojan-activity;sid:84567666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.42.90.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704565/; classtype:trojan-activity;sid:84567665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.50.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704564/; classtype:trojan-activity;sid:84567664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704563/; classtype:trojan-activity;sid:84567663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.194.158.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704562/; classtype:trojan-activity;sid:84567662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.208.202.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704561/; classtype:trojan-activity;sid:84567661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704551/; classtype:trojan-activity;sid:84567651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704552/; classtype:trojan-activity;sid:84567652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704553/; classtype:trojan-activity;sid:84567653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704554/; classtype:trojan-activity;sid:84567654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704555/; classtype:trojan-activity;sid:84567655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm5n"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704556/; classtype:trojan-activity;sid:84567656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704557/; classtype:trojan-activity;sid:84567657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm5n"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704558/; classtype:trojan-activity;sid:84567658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704559/; classtype:trojan-activity;sid:84567659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704560/; classtype:trojan-activity;sid:84567660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.53.21.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704550/; classtype:trojan-activity;sid:84567650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.154.181.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704549/; classtype:trojan-activity;sid:84567649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704545)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.armv7a"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704545/; classtype:trojan-activity;sid:84567645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704546/; classtype:trojan-activity;sid:84567646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.78.182.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704547/; classtype:trojan-activity;sid:84567647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.152.225.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704548/; classtype:trojan-activity;sid:84567648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704536)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704536/; classtype:trojan-activity;sid:84567636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704537)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704537/; classtype:trojan-activity;sid:84567637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704538)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704538/; classtype:trojan-activity;sid:84567638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704539)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704539/; classtype:trojan-activity;sid:84567639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704540/; classtype:trojan-activity;sid:84567640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704541/; classtype:trojan-activity;sid:84567641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704542/; classtype:trojan-activity;sid:84567642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704543/; classtype:trojan-activity;sid:84567643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.armv7a"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"2.192.102.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704544/; classtype:trojan-activity;sid:84567644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704534)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.178.210.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704534/; classtype:trojan-activity;sid:84567634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704535)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.178.210.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704535/; classtype:trojan-activity;sid:84567635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704533)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.147.201.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704533/; classtype:trojan-activity;sid:84567633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704529)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"75.237.250.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704529/; classtype:trojan-activity;sid:84567629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704530)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.147.201.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704530/; classtype:trojan-activity;sid:84567630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704531)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.147.201.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704531/; classtype:trojan-activity;sid:84567631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704532)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.147.201.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704532/; classtype:trojan-activity;sid:84567632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704527)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.74.80.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704527/; classtype:trojan-activity;sid:84567627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704528)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.119.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704528/; classtype:trojan-activity;sid:84567628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704523)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704523/; classtype:trojan-activity;sid:84567623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.132.8.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704524/; classtype:trojan-activity;sid:84567624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704525)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.242.40.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704525/; classtype:trojan-activity;sid:84567625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704526)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.250.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704526/; classtype:trojan-activity;sid:84567626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704521)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.159.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704521/; classtype:trojan-activity;sid:84567621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704522)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.133.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704522/; classtype:trojan-activity;sid:84567622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704520)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.12.13.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704520/; classtype:trojan-activity;sid:84567620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704519)"; flow:established,from_client; content:"GET"; http_method; content:"/3i7zczv1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"harz.ferretpfad.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704519/; classtype:trojan-activity;sid:84567619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.243.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704518/; classtype:trojan-activity;sid:84567618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.159.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704517/; classtype:trojan-activity;sid:84567617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.107.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704516/; classtype:trojan-activity;sid:84567616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704515)"; flow:established,from_client; content:"GET"; http_method; content:"/hlv8480j"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"weiss.ferretpfad.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704515/; classtype:trojan-activity;sid:84567615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.84.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704514/; classtype:trojan-activity;sid:84567614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.48.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704513/; classtype:trojan-activity;sid:84567613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.193.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704512/; classtype:trojan-activity;sid:84567612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.3.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704511/; classtype:trojan-activity;sid:84567611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704510)"; flow:established,from_client; content:"GET"; http_method; content:"/files/946643047/ulwkqfg.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704510/; classtype:trojan-activity;sid:84567610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.196.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704509/; classtype:trojan-activity;sid:84567609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704508)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5222311384/5ugxsdo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704508/; classtype:trojan-activity;sid:84567608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.159.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704507/; classtype:trojan-activity;sid:84567607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.140.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704506/; classtype:trojan-activity;sid:84567606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.26.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704505/; classtype:trojan-activity;sid:84567605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704504)"; flow:established,from_client; content:"GET"; http_method; content:"/system.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.129.230.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704504/; classtype:trojan-activity;sid:84567604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704503)"; flow:established,from_client; content:"GET"; http_method; content:"/saa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.129.230.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704503/; classtype:trojan-activity;sid:84567603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704502)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.129.230.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704502/; classtype:trojan-activity;sid:84567602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704500)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.58.247.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704500/; classtype:trojan-activity;sid:84567600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704501)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.58.247.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704501/; classtype:trojan-activity;sid:84567601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704499)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.58.247.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704499/; classtype:trojan-activity;sid:84567599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704498)"; flow:established,from_client; content:"GET"; http_method; content:"/bumqzm7r"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kamm.knollhafen.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704498/; classtype:trojan-activity;sid:84567598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704491)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.58.247.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704491/; classtype:trojan-activity;sid:84567591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704492)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.58.247.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704492/; classtype:trojan-activity;sid:84567592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704493)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.58.247.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704493/; classtype:trojan-activity;sid:84567593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704494)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.58.247.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704494/; classtype:trojan-activity;sid:84567594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704495)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.58.247.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704495/; classtype:trojan-activity;sid:84567595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704496)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.58.247.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704496/; classtype:trojan-activity;sid:84567596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704497)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.58.247.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704497/; classtype:trojan-activity;sid:84567597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704490)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.208.158.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704490/; classtype:trojan-activity;sid:84567590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.196.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704489/; classtype:trojan-activity;sid:84567589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704487)"; flow:established,from_client; content:"GET"; http_method; content:"/files/remcos.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"18.230.45.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704487/; classtype:trojan-activity;sid:84567587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704488)"; flow:established,from_client; content:"GET"; http_method; content:"/files/class3.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"18.230.45.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704488/; classtype:trojan-activity;sid:84567588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704486)"; flow:established,from_client; content:"GET"; http_method; content:"/files/venum.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"18.230.45.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704486/; classtype:trojan-activity;sid:84567586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704484)"; flow:established,from_client; content:"GET"; http_method; content:"/files/entry.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"18.230.45.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704484/; classtype:trojan-activity;sid:84567584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704485)"; flow:established,from_client; content:"GET"; http_method; content:"/files/class1.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"18.230.45.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704485/; classtype:trojan-activity;sid:84567585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.159.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704483/; classtype:trojan-activity;sid:84567583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704482)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"220.245.245.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704482/; classtype:trojan-activity;sid:84567582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704481)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"220.245.245.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704481/; classtype:trojan-activity;sid:84567581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704480)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"220.245.245.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704480/; classtype:trojan-activity;sid:84567580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704479)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"220.245.245.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704479/; classtype:trojan-activity;sid:84567579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704478)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"220.245.245.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704478/; classtype:trojan-activity;sid:84567578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704477)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"220.245.245.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704477/; classtype:trojan-activity;sid:84567577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704476)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"220.245.245.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704476/; classtype:trojan-activity;sid:84567576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704475)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"220.245.245.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704475/; classtype:trojan-activity;sid:84567575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704471)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"220.245.245.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704471/; classtype:trojan-activity;sid:84567571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704472)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"220.245.245.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704472/; classtype:trojan-activity;sid:84567572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704473)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/voicemail/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"220.245.245.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704473/; classtype:trojan-activity;sid:84567573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704474)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"220.245.245.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704474/; classtype:trojan-activity;sid:84567574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704470)"; flow:established,from_client; content:"GET"; http_method; content:"/rv9ect94"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moor.knollhafen.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704470/; classtype:trojan-activity;sid:84567570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.48.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704469/; classtype:trojan-activity;sid:84567569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.13.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704468/; classtype:trojan-activity;sid:84567568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704467/; classtype:trojan-activity;sid:84567567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704466)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gaggimusic.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704466/; classtype:trojan-activity;sid:84567566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.3.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704465/; classtype:trojan-activity;sid:84567565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.237.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704463/; classtype:trojan-activity;sid:84567563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.77.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704464/; classtype:trojan-activity;sid:84567564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704462)"; flow:established,from_client; content:"GET"; http_method; content:"/wf7lic4h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fjord.knollhafen.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704462/; classtype:trojan-activity;sid:84567562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.193.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704461/; classtype:trojan-activity;sid:84567561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.150.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704460/; classtype:trojan-activity;sid:84567560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704459)"; flow:established,from_client; content:"GET"; http_method; content:"/redlocker.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.k20nyubuypoku1t3oya.duckdns.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704459/; classtype:trojan-activity;sid:84567559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704458)"; flow:established,from_client; content:"GET"; http_method; content:"/installer%20%281%29.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.k20nyubuypoku1t3oya.duckdns.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704458/; classtype:trojan-activity;sid:84567558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704457)"; flow:established,from_client; content:"GET"; http_method; content:"/installer%20%281%29.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.120.165.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704457/; classtype:trojan-activity;sid:84567557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.13.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704456/; classtype:trojan-activity;sid:84567556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704454)"; flow:established,from_client; content:"GET"; http_method; content:"/installer%20%281%29.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.fcb2g0dzvnyzd0tfwzb.duckdns.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704454/; classtype:trojan-activity;sid:84567554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.83.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704455/; classtype:trojan-activity;sid:84567555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704452)"; flow:established,from_client; content:"GET"; http_method; content:"/redlocker.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.fcb2g0dzvnyzd0tfwzb.duckdns.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704452/; classtype:trojan-activity;sid:84567552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704453)"; flow:established,from_client; content:"GET"; http_method; content:"/ic.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.k20nyubuypoku1t3oya.duckdns.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704453/; classtype:trojan-activity;sid:84567553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704449)"; flow:established,from_client; content:"GET"; http_method; content:"/ic.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.120.165.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704449/; classtype:trojan-activity;sid:84567549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704450)"; flow:established,from_client; content:"GET"; http_method; content:"/redlocker.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.120.165.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704450/; classtype:trojan-activity;sid:84567550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704451)"; flow:established,from_client; content:"GET"; http_method; content:"/ic.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"www.fcb2g0dzvnyzd0tfwzb.duckdns.org"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704451/; classtype:trojan-activity;sid:84567551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704448)"; flow:established,from_client; content:"GET"; http_method; content:"/40jmrqw0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wolke.sprigkompass.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704448/; classtype:trojan-activity;sid:84567548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704447)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.192.229.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704447/; classtype:trojan-activity;sid:84567547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704446)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.192.229.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704446/; classtype:trojan-activity;sid:84567546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704438)"; flow:established,from_client; content:"GET"; http_method; content:"/9jf4fd8sd/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.92.243.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704438/; classtype:trojan-activity;sid:84567538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.222.165.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704439/; classtype:trojan-activity;sid:84567539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704440)"; flow:established,from_client; content:"GET"; http_method; content:"/9jf4fd8sd/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"adeyqa.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704440/; classtype:trojan-activity;sid:84567540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.77.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704441/; classtype:trojan-activity;sid:84567541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.184.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704442/; classtype:trojan-activity;sid:84567542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.42.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704443/; classtype:trojan-activity;sid:84567543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.255.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704444/; classtype:trojan-activity;sid:84567544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.166.86.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704445/; classtype:trojan-activity;sid:84567545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704437)"; flow:established,from_client; content:"GET"; http_method; content:"/9jf4fd8sd/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.92.243.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704437/; classtype:trojan-activity;sid:84567537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704436)"; flow:established,from_client; content:"GET"; http_method; content:"/9jf4fd8sd/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"adeyqa.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704436/; classtype:trojan-activity;sid:84567536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704434)"; flow:established,from_client; content:"GET"; http_method; content:"/9jf4fd8sd/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.92.243.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704434/; classtype:trojan-activity;sid:84567534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704435)"; flow:established,from_client; content:"GET"; http_method; content:"/9jf4fd8sd/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"adeyqa.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704435/; classtype:trojan-activity;sid:84567535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704433)"; flow:established,from_client; content:"GET"; http_method; content:"/9jf4fd8sd/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"adeyqa.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704433/; classtype:trojan-activity;sid:84567533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704430)"; flow:established,from_client; content:"GET"; http_method; content:"/9jf4fd8sd/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.92.243.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704430/; classtype:trojan-activity;sid:84567530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704431)"; flow:established,from_client; content:"GET"; http_method; content:"/9jf4fd8sd/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.92.243.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704431/; classtype:trojan-activity;sid:84567531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704432)"; flow:established,from_client; content:"GET"; http_method; content:"/9jf4fd8sd/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"adeyqa.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704432/; classtype:trojan-activity;sid:84567532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704429)"; flow:established,from_client; content:"GET"; http_method; content:"/blackburn"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"abcdefg.ic0n1cvalley.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704429/; classtype:trojan-activity;sid:84567529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.112.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704428/; classtype:trojan-activity;sid:84567528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.83.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704422/; classtype:trojan-activity;sid:84567522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.63.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704423/; classtype:trojan-activity;sid:84567523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.86.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704424/; classtype:trojan-activity;sid:84567524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.222.165.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704425/; classtype:trojan-activity;sid:84567525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.225.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704426/; classtype:trojan-activity;sid:84567526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.122.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704427/; classtype:trojan-activity;sid:84567527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704421)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.226.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704421/; classtype:trojan-activity;sid:84567521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.210.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704418/; classtype:trojan-activity;sid:84567518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.42.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704419/; classtype:trojan-activity;sid:84567519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.255.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704420/; classtype:trojan-activity;sid:84567520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704417)"; flow:established,from_client; content:"GET"; http_method; content:"/vxu6mqzd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"trace4.raven-flux.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704417/; classtype:trojan-activity;sid:84567517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704416)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.31.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704416/; classtype:trojan-activity;sid:84567516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704415)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.83.31.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704415/; classtype:trojan-activity;sid:84567515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704414)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.200.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704414/; classtype:trojan-activity;sid:84567514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704413)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.156.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704413/; classtype:trojan-activity;sid:84567513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704412)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.59.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704412/; classtype:trojan-activity;sid:84567512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704411)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.20.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704411/; classtype:trojan-activity;sid:84567511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704410)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.156.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704410/; classtype:trojan-activity;sid:84567510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704408)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704408/; classtype:trojan-activity;sid:84567508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704409)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704409/; classtype:trojan-activity;sid:84567509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704407)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.51.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704407/; classtype:trojan-activity;sid:84567507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704405)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.51.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704405/; classtype:trojan-activity;sid:84567505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704406)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.188.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704406/; classtype:trojan-activity;sid:84567506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704404)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.188.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704404/; classtype:trojan-activity;sid:84567504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704403)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.94.250.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704403/; classtype:trojan-activity;sid:84567503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704401)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.94.250.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704401/; classtype:trojan-activity;sid:84567501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704402)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.94.250.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704402/; classtype:trojan-activity;sid:84567502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704399)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.223.240.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704399/; classtype:trojan-activity;sid:84567499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704400)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.240.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704400/; classtype:trojan-activity;sid:84567500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704398)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.240.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704398/; classtype:trojan-activity;sid:84567498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704397)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.31.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704397/; classtype:trojan-activity;sid:84567497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704396)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.223.240.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704396/; classtype:trojan-activity;sid:84567496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704395)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.94.250.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704395/; classtype:trojan-activity;sid:84567495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704394)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.53.171.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704394/; classtype:trojan-activity;sid:84567494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704393)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.53.171.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704393/; classtype:trojan-activity;sid:84567493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704391)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.94.250.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704391/; classtype:trojan-activity;sid:84567491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704392)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.240.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704392/; classtype:trojan-activity;sid:84567492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704386)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"90.63.201.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704386/; classtype:trojan-activity;sid:84567486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704387)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.223.240.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704387/; classtype:trojan-activity;sid:84567487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704388)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.94.250.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704388/; classtype:trojan-activity;sid:84567488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704389)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.240.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704389/; classtype:trojan-activity;sid:84567489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704390)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.94.250.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704390/; classtype:trojan-activity;sid:84567490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704385)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.248.193.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704385/; classtype:trojan-activity;sid:84567485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704384)"; flow:established,from_client; content:"GET"; http_method; content:"/21svuxuo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"spark6.raven-flux.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704384/; classtype:trojan-activity;sid:84567484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.225.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704383/; classtype:trojan-activity;sid:84567483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.210.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704382/; classtype:trojan-activity;sid:84567482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.168.0.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704381/; classtype:trojan-activity;sid:84567481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.221.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704380/; classtype:trojan-activity;sid:84567480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704379/; classtype:trojan-activity;sid:84567479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704378)"; flow:established,from_client; content:"GET"; http_method; content:"/nylo26yl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nt3e.nib-snap.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704378/; classtype:trojan-activity;sid:84567478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.30.52"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704377/; classtype:trojan-activity;sid:84567477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.239.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704375/; classtype:trojan-activity;sid:84567475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.245.35.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704376/; classtype:trojan-activity;sid:84567476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.145.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704373/; classtype:trojan-activity;sid:84567473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.227.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704374/; classtype:trojan-activity;sid:84567474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.235.242.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704372/; classtype:trojan-activity;sid:84567472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.47.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704367/; classtype:trojan-activity;sid:84567467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.64.135.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704368/; classtype:trojan-activity;sid:84567468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.37.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704369/; classtype:trojan-activity;sid:84567469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.244.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704370/; classtype:trojan-activity;sid:84567470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.14.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704371/; classtype:trojan-activity;sid:84567471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.150.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704365/; classtype:trojan-activity;sid:84567465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.118.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704366/; classtype:trojan-activity;sid:84567466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.163.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704362/; classtype:trojan-activity;sid:84567462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.115.102.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704363/; classtype:trojan-activity;sid:84567463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.196.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704364/; classtype:trojan-activity;sid:84567464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.173.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704361/; classtype:trojan-activity;sid:84567461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.115.102.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704360/; classtype:trojan-activity;sid:84567460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.213.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704359/; classtype:trojan-activity;sid:84567459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704358/; classtype:trojan-activity;sid:84567458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704357)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1313579977/y5pifkm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704357/; classtype:trojan-activity;sid:84567457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.47.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704356/; classtype:trojan-activity;sid:84567456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.79.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704355/; classtype:trojan-activity;sid:84567455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.155.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704354/; classtype:trojan-activity;sid:84567454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704353)"; flow:established,from_client; content:"GET"; http_method; content:"/zvbr7w7t"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"blink.foamswitch.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704353/; classtype:trojan-activity;sid:84567453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.54.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704352/; classtype:trojan-activity;sid:84567452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.155.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704351/; classtype:trojan-activity;sid:84567451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704350)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.28.61.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704350/; classtype:trojan-activity;sid:84567450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.203.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704349/; classtype:trojan-activity;sid:84567449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704348/; classtype:trojan-activity;sid:84567448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.79.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704347/; classtype:trojan-activity;sid:84567447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.48.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704346/; classtype:trojan-activity;sid:84567446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.193.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704345/; classtype:trojan-activity;sid:84567445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.134.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704344/; classtype:trojan-activity;sid:84567444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.213.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704343/; classtype:trojan-activity;sid:84567443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.217.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704342/; classtype:trojan-activity;sid:84567442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.236.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704341/; classtype:trojan-activity;sid:84567441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.134.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704340/; classtype:trojan-activity;sid:84567440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.249.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704339/; classtype:trojan-activity;sid:84567439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.96.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704338/; classtype:trojan-activity;sid:84567438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.183.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704337/; classtype:trojan-activity;sid:84567437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704336/; classtype:trojan-activity;sid:84567436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.217.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704335/; classtype:trojan-activity;sid:84567435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.236.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704334/; classtype:trojan-activity;sid:84567434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704333)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1313579977/hjz9hho.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704333/; classtype:trojan-activity;sid:84567433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704332)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7048135242/r9xctxh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704332/; classtype:trojan-activity;sid:84567432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.17.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704331/; classtype:trojan-activity;sid:84567431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.34.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704330/; classtype:trojan-activity;sid:84567430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704329)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.231.222.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704329/; classtype:trojan-activity;sid:84567429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704326)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.231.222.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704326/; classtype:trojan-activity;sid:84567426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704327)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.231.222.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704327/; classtype:trojan-activity;sid:84567427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704328)"; flow:established,from_client; content:"GET"; http_method; content:"/sep"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.231.222.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704328/; classtype:trojan-activity;sid:84567428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704321)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.231.222.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704321/; classtype:trojan-activity;sid:84567421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704322)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.231.222.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704322/; classtype:trojan-activity;sid:84567422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704323)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.231.222.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704323/; classtype:trojan-activity;sid:84567423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704324)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.231.222.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704324/; classtype:trojan-activity;sid:84567424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704325)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.231.222.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704325/; classtype:trojan-activity;sid:84567425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704318)"; flow:established,from_client; content:"GET"; http_method; content:"/z"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.231.222.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704318/; classtype:trojan-activity;sid:84567418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704319)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.231.222.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704319/; classtype:trojan-activity;sid:84567419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704320)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.231.222.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704320/; classtype:trojan-activity;sid:84567420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.86.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704317/; classtype:trojan-activity;sid:84567417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.249.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704316/; classtype:trojan-activity;sid:84567416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.245.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704315/; classtype:trojan-activity;sid:84567415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.69.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704313/; classtype:trojan-activity;sid:84567413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.183.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704314/; classtype:trojan-activity;sid:84567414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704312)"; flow:established,from_client; content:"GET"; http_method; content:"/oh09gflu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"qcq8.pulse-knob.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704312/; classtype:trojan-activity;sid:84567412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704311)"; flow:established,from_client; content:"GET"; http_method; content:"/xr3qukql"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1yd0a.pulse-knob.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704311/; classtype:trojan-activity;sid:84567411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704310)"; flow:established,from_client; content:"GET"; http_method; content:"/pmrkb5mb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"quartz3.quartz-flip.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704310/; classtype:trojan-activity;sid:84567410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.83.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704309/; classtype:trojan-activity;sid:84567409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.72.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704308/; classtype:trojan-activity;sid:84567408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704307)"; flow:established,from_client; content:"GET"; http_method; content:"/rr29ijxx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vlr.quartz-flip.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704307/; classtype:trojan-activity;sid:84567407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704306)"; flow:established,from_client; content:"GET"; http_method; content:"/dwo877cu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hg.quartz-flip.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704306/; classtype:trojan-activity;sid:84567406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.138.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704305/; classtype:trojan-activity;sid:84567405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.83.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704304/; classtype:trojan-activity;sid:84567404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.58.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704303/; classtype:trojan-activity;sid:84567403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.65.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704302/; classtype:trojan-activity;sid:84567402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.255.129.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704301/; classtype:trojan-activity;sid:84567401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.96.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704299/; classtype:trojan-activity;sid:84567399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.48.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704300/; classtype:trojan-activity;sid:84567400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.164.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704298/; classtype:trojan-activity;sid:84567398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704297)"; flow:established,from_client; content:"GET"; http_method; content:"/cai8s25x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ctf.nibsnap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704297/; classtype:trojan-activity;sid:84567397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.7.192"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704296/; classtype:trojan-activity;sid:84567396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.169.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704295/; classtype:trojan-activity;sid:84567395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.43.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704294/; classtype:trojan-activity;sid:84567394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.200.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704293/; classtype:trojan-activity;sid:84567393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.48.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704292/; classtype:trojan-activity;sid:84567392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.193.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704291/; classtype:trojan-activity;sid:84567391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.7.192"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704290/; classtype:trojan-activity;sid:84567390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.86.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704289/; classtype:trojan-activity;sid:84567389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.232.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704288/; classtype:trojan-activity;sid:84567388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.104.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704287/; classtype:trojan-activity;sid:84567387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704286)"; flow:established,from_client; content:"GET"; http_method; content:"/r6is15vh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vmzts.g0b1ncore.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704286/; classtype:trojan-activity;sid:84567386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.43.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704285/; classtype:trojan-activity;sid:84567385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.51.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704284/; classtype:trojan-activity;sid:84567384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704283)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/2_0_50727/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704283/; classtype:trojan-activity;sid:84567383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704282)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21425_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704282/; classtype:trojan-activity;sid:84567382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704281)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21625_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704281/; classtype:trojan-activity;sid:84567381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704279)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_12424_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704279/; classtype:trojan-activity;sid:84567379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704280)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_22025_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704280/; classtype:trojan-activity;sid:84567380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704278)"; flow:established,from_client; content:"GET"; http_method; content:"/efm39.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pauselonger839em.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704278/; classtype:trojan-activity;sid:84567378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704276)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_22225_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704276/; classtype:trojan-activity;sid:84567376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704277)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_12525_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704277/; classtype:trojan-activity;sid:84567377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704275)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_22225_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704275/; classtype:trojan-activity;sid:84567375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.168.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704274/; classtype:trojan-activity;sid:84567374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.211.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704273/; classtype:trojan-activity;sid:84567373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.238.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704272/; classtype:trojan-activity;sid:84567372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.237.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704271/; classtype:trojan-activity;sid:84567371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.36.188.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704270/; classtype:trojan-activity;sid:84567370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704269)"; flow:established,from_client; content:"GET"; http_method; content:"/m4ssox2e"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.zeromint.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704269/; classtype:trojan-activity;sid:84567369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.231.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704268/; classtype:trojan-activity;sid:84567368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704267)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/kyfcrpk.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704267/; classtype:trojan-activity;sid:84567367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704266)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8079848160/quabfwd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704266/; classtype:trojan-activity;sid:84567366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.235.201.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704265/; classtype:trojan-activity;sid:84567365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.211.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704264/; classtype:trojan-activity;sid:84567364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.225.55.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704263/; classtype:trojan-activity;sid:84567363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.95.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704262/; classtype:trojan-activity;sid:84567362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.93.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704261/; classtype:trojan-activity;sid:84567361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.168.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704260/; classtype:trojan-activity;sid:84567360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.221.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704259/; classtype:trojan-activity;sid:84567359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704258)"; flow:established,from_client; content:"GET"; http_method; content:"/ygc9bme8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1apde.zeromint.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704258/; classtype:trojan-activity;sid:84567358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704257)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.157.106.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704257/; classtype:trojan-activity;sid:84567357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.36.188.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704256/; classtype:trojan-activity;sid:84567356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704254)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.157.106.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704254/; classtype:trojan-activity;sid:84567354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.244.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704255/; classtype:trojan-activity;sid:84567355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.231.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704253/; classtype:trojan-activity;sid:84567353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.93.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704252/; classtype:trojan-activity;sid:84567352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.235.201.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704251/; classtype:trojan-activity;sid:84567351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704250)"; flow:established,from_client; content:"GET"; http_method; content:"/p64ofz3q"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"flux3.t1nkerbay.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704250/; classtype:trojan-activity;sid:84567350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.94.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704249/; classtype:trojan-activity;sid:84567349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704248)"; flow:established,from_client; content:"GET"; http_method; content:"/kalyan786.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kb786matkaapp.store"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704248/; classtype:trojan-activity;sid:84567348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704247)"; flow:established,from_client; content:"GET"; http_method; content:"/tower%20tour%20bd.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"download.towertour.appleoffortune.xyz"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704247/; classtype:trojan-activity;sid:84567347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704246)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip/haozip_v6.5.2.11245.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"dl.2345.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704246/; classtype:trojan-activity;sid:84567346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704245)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/lotteryminer.iov1.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"lotteryminer-site.pages.dev"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704245/; classtype:trojan-activity;sid:84567345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704241)"; flow:established,from_client; content:"GET"; http_method; content:"/download/app"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"files.vk-plusing.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704241/; classtype:trojan-activity;sid:84567341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704242)"; flow:established,from_client; content:"GET"; http_method; content:"/app_upload/kingpe.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"kingpe.online"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704242/; classtype:trojan-activity;sid:84567342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704243)"; flow:established,from_client; content:"GET"; http_method; content:"/images/5/3.5.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"mt526-github-io.pages.dev"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704243/; classtype:trojan-activity;sid:84567343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704244)"; flow:established,from_client; content:"GET"; http_method; content:"/tv-garden_ver_12.03.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tv-garden-new4.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704244/; classtype:trojan-activity;sid:84567344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704237)"; flow:established,from_client; content:"GET"; http_method; content:"/app/foodlava.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"foodlava.store"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704237/; classtype:trojan-activity;sid:84567337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704238)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/acted.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"acted.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704238/; classtype:trojan-activity;sid:84567338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704239)"; flow:established,from_client; content:"GET"; http_method; content:"/alert-it.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"alertit.co.uk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704239/; classtype:trojan-activity;sid:84567339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704240)"; flow:established,from_client; content:"GET"; http_method; content:"/files/wexastealersrc.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fenorp.lol"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704240/; classtype:trojan-activity;sid:84567340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704236)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/cici303_1.0.0.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cici303now.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704236/; classtype:trojan-activity;sid:84567336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704235)"; flow:established,from_client; content:"GET"; http_method; content:"/1n9o8nl8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"loom.quartzflip.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704235/; classtype:trojan-activity;sid:84567335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704234)"; flow:established,from_client; content:"GET"; http_method; content:"/38fne.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pause8349ge.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704234/; classtype:trojan-activity;sid:84567334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704232)"; flow:established,from_client; content:"GET"; http_method; content:"/egn39.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eifpausee3.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704232/; classtype:trojan-activity;sid:84567332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704233)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/tfklxk1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704233/; classtype:trojan-activity;sid:84567333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.189.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704231/; classtype:trojan-activity;sid:84567331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.250.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704230/; classtype:trojan-activity;sid:84567330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.80.8.97"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704229/; classtype:trojan-activity;sid:84567329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.94.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704228/; classtype:trojan-activity;sid:84567328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.146.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704227/; classtype:trojan-activity;sid:84567327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.154.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704226/; classtype:trojan-activity;sid:84567326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.247.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704225/; classtype:trojan-activity;sid:84567325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.79.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704224/; classtype:trojan-activity;sid:84567324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.189.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704223/; classtype:trojan-activity;sid:84567323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.250.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704222/; classtype:trojan-activity;sid:84567322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.80.8.97"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704221/; classtype:trojan-activity;sid:84567321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.46.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704220/; classtype:trojan-activity;sid:84567320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704219)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704219/; classtype:trojan-activity;sid:84567319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704218)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704218/; classtype:trojan-activity;sid:84567318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704217)"; flow:established,from_client; content:"GET"; http_method; content:"/9upczjxz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pulse.shevypro.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704217/; classtype:trojan-activity;sid:84567317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.163.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704216/; classtype:trojan-activity;sid:84567316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.146.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704215/; classtype:trojan-activity;sid:84567315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.182.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704214/; classtype:trojan-activity;sid:84567314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.168.0.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704213/; classtype:trojan-activity;sid:84567313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.50.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704212/; classtype:trojan-activity;sid:84567312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.40.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704211/; classtype:trojan-activity;sid:84567311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.55.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704210/; classtype:trojan-activity;sid:84567310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.20.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704209/; classtype:trojan-activity;sid:84567309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.182.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704208/; classtype:trojan-activity;sid:84567308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.182.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704207/; classtype:trojan-activity;sid:84567307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.189.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704206/; classtype:trojan-activity;sid:84567306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.182.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704205/; classtype:trojan-activity;sid:84567305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.91.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704204/; classtype:trojan-activity;sid:84567304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.19.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704203/; classtype:trojan-activity;sid:84567303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.122.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704201/; classtype:trojan-activity;sid:84567301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.247.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704202/; classtype:trojan-activity;sid:84567302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704200)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.9.25.160"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704200/; classtype:trojan-activity;sid:84567300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.91.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704199/; classtype:trojan-activity;sid:84567299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.247.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704198/; classtype:trojan-activity;sid:84567298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.189.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704197/; classtype:trojan-activity;sid:84567297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.106.64.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704196/; classtype:trojan-activity;sid:84567296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.108.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704195/; classtype:trojan-activity;sid:84567295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704194)"; flow:established,from_client; content:"GET"; http_method; content:"/evxt6zvq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hover.trickilygrey.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704194/; classtype:trojan-activity;sid:84567294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.95.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704193/; classtype:trojan-activity;sid:84567293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.212.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704192/; classtype:trojan-activity;sid:84567292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.98.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704191/; classtype:trojan-activity;sid:84567291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.81.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704190/; classtype:trojan-activity;sid:84567290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.108.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704189/; classtype:trojan-activity;sid:84567289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704188)"; flow:established,from_client; content:"GET"; http_method; content:"/j129oi2x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"beacon6.trickilygrey.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704188/; classtype:trojan-activity;sid:84567288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704187)"; flow:established,from_client; content:"GET"; http_method; content:"/z0k6fyn8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"blink.trickilygrey.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704187/; classtype:trojan-activity;sid:84567287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704186)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8428202012/dyh4upe.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704186/; classtype:trojan-activity;sid:84567286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.228.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704185/; classtype:trojan-activity;sid:84567285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704184/; classtype:trojan-activity;sid:84567284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.162.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704183/; classtype:trojan-activity;sid:84567283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.84.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704182/; classtype:trojan-activity;sid:84567282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704180)"; flow:established,from_client; content:"GET"; http_method; content:"/q2h8mqavnqeokbiygj/mdvaztdngvdqfmavn6"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"185.236.20.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704180/; classtype:trojan-activity;sid:84567280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704181)"; flow:established,from_client; content:"GET"; http_method; content:"/q2h8mqavnqeokbiygj/test.txt"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.236.20.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704181/; classtype:trojan-activity;sid:84567281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.230.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704179/; classtype:trojan-activity;sid:84567279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.95.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704178/; classtype:trojan-activity;sid:84567278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.124.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704177/; classtype:trojan-activity;sid:84567277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.124.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704176/; classtype:trojan-activity;sid:84567276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.65.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704175/; classtype:trojan-activity;sid:84567275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.61.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704173/; classtype:trojan-activity;sid:84567273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.57.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704174/; classtype:trojan-activity;sid:84567274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704172)"; flow:established,from_client; content:"GET"; http_method; content:"/qdoixci9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"node3.trickilygrey.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704172/; classtype:trojan-activity;sid:84567272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.231.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704171/; classtype:trojan-activity;sid:84567271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.243.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704170/; classtype:trojan-activity;sid:84567270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704169/; classtype:trojan-activity;sid:84567269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.208.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704168/; classtype:trojan-activity;sid:84567268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.208.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704167/; classtype:trojan-activity;sid:84567267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.40.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704165/; classtype:trojan-activity;sid:84567265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.164.206.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704166/; classtype:trojan-activity;sid:84567266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.162.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704164/; classtype:trojan-activity;sid:84567264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704163)"; flow:established,from_client; content:"GET"; http_method; content:"/mass"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704163/; classtype:trojan-activity;sid:84567263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.230.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704162/; classtype:trojan-activity;sid:84567262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.57.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704160/; classtype:trojan-activity;sid:84567260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.65.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704161/; classtype:trojan-activity;sid:84567261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704159)"; flow:established,from_client; content:"GET"; http_method; content:"/nmdwocccuo.dat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cdn-1415.venuspatronize.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704159/; classtype:trojan-activity;sid:84567259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704158)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/raw/refs/heads/main/dev.msi"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704158/; classtype:trojan-activity;sid:84567258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.243.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704157/; classtype:trojan-activity;sid:84567257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.79.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704156/; classtype:trojan-activity;sid:84567256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704155)"; flow:established,from_client; content:"GET"; http_method; content:"/va6lx6tr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s5.inktrap.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704155/; classtype:trojan-activity;sid:84567255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.182.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704154/; classtype:trojan-activity;sid:84567254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704153/; classtype:trojan-activity;sid:84567253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704152/; classtype:trojan-activity;sid:84567252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.209.187.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704150/; classtype:trojan-activity;sid:84567250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.79.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704151/; classtype:trojan-activity;sid:84567251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.160.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704149/; classtype:trojan-activity;sid:84567249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704148)"; flow:established,from_client; content:"GET"; http_method; content:"/2v29my06"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gleam.inktrap.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704148/; classtype:trojan-activity;sid:84567248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704147)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.109.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704147/; classtype:trojan-activity;sid:84567247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704146)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.18.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704146/; classtype:trojan-activity;sid:84567246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704145)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.18.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704145/; classtype:trojan-activity;sid:84567245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704144)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.210.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704144/; classtype:trojan-activity;sid:84567244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704142)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.210.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704142/; classtype:trojan-activity;sid:84567242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704143)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.25.210.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704143/; classtype:trojan-activity;sid:84567243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704141)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.213.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704141/; classtype:trojan-activity;sid:84567241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704140)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.213.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704140/; classtype:trojan-activity;sid:84567240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704139)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.213.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704139/; classtype:trojan-activity;sid:84567239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704138)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.28.109.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704138/; classtype:trojan-activity;sid:84567238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704137)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.81.140.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704137/; classtype:trojan-activity;sid:84567237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704136)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.140.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704136/; classtype:trojan-activity;sid:84567236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704134)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.218.213.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704134/; classtype:trojan-activity;sid:84567234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704135)"; flow:established,from_client; content:"GET"; http_method; content:"/u/adobeacrobat.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cwwgg-p5wdxtar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704135/; classtype:trojan-activity;sid:84567235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704133)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"191.25.210.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704133/; classtype:trojan-activity;sid:84567233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704128)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.84.233.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704128/; classtype:trojan-activity;sid:84567228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704129)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.140.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704129/; classtype:trojan-activity;sid:84567229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704130)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.233.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704130/; classtype:trojan-activity;sid:84567230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704131)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.52.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704131/; classtype:trojan-activity;sid:84567231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704132)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.52.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704132/; classtype:trojan-activity;sid:84567232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704127)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/app/fire-kirin-for-android-2025.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"firekirinonline.download"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704127/; classtype:trojan-activity;sid:84567227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704126)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.28.109.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704126/; classtype:trojan-activity;sid:84567226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704123)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/08/av.scr"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704123/; classtype:trojan-activity;sid:84567223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704124)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/02/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704124/; classtype:trojan-activity;sid:84567224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704125)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.72.124.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704125/; classtype:trojan-activity;sid:84567225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704121)"; flow:established,from_client; content:"GET"; http_method; content:"/guruji777.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"guruji777.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704121/; classtype:trojan-activity;sid:84567221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704122)"; flow:established,from_client; content:"GET"; http_method; content:"/adobereader.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cwwgg-p5wdxtar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704122/; classtype:trojan-activity;sid:84567222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704120)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201803/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704120/; classtype:trojan-activity;sid:84567220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704119)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.213.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704119/; classtype:trojan-activity;sid:84567219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704113)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201601/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704113/; classtype:trojan-activity;sid:84567213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704114)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.109.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704114/; classtype:trojan-activity;sid:84567214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704115)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.28.109.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704115/; classtype:trojan-activity;sid:84567215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704116)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201801/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704116/; classtype:trojan-activity;sid:84567216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704117)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/05/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704117/; classtype:trojan-activity;sid:84567217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704118)"; flow:established,from_client; content:"GET"; http_method; content:"/10/items/msi-pro-with-b-64_20251111/msi_pro_with_b64.png"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"ia801409.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704118/; classtype:trojan-activity;sid:84567218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704110)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.109.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704110/; classtype:trojan-activity;sid:84567210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704111)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8446126312/xxxw42h.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704111/; classtype:trojan-activity;sid:84567211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704112)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201606/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704112/; classtype:trojan-activity;sid:84567212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704103)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.213.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704103/; classtype:trojan-activity;sid:84567203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704104)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.25.210.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704104/; classtype:trojan-activity;sid:84567204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704105)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"59.92.91.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704105/; classtype:trojan-activity;sid:84567205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704106)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.210.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704106/; classtype:trojan-activity;sid:84567206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704107)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.210.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704107/; classtype:trojan-activity;sid:84567207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704108)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/01/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704108/; classtype:trojan-activity;sid:84567208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704109)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tiktok18uzb.sbs"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704109/; classtype:trojan-activity;sid:84567209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704099)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.213.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704099/; classtype:trojan-activity;sid:84567199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704100)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201804/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704100/; classtype:trojan-activity;sid:84567200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704101)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201608/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704101/; classtype:trojan-activity;sid:84567201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704102)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202007/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704102/; classtype:trojan-activity;sid:84567202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704098)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/06/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704098/; classtype:trojan-activity;sid:84567198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704097)"; flow:established,from_client; content:"GET"; http_method; content:"/zu/windows/download.php"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zoom.girirajpaudel.com.np"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704097/; classtype:trojan-activity;sid:84567197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704096)"; flow:established,from_client; content:"GET"; http_method; content:"/94662bwboasgladnoubjjopdbyjsvrmuh_730l0aq0ubozdmk_e60w9csatjzhfwrmkdwkdqer3dvtvoftugw3wzbiskbj9gpephau0mmgimeisvrbpwjjewypcyejfrwertgaxzzguxde5amhzt2zscnmbmzs4dz5vtqwf4e4r-oa/aq7zclabpjvcm0i/5fy3ev37rn.exe"; http_uri; depth:206; isdataat:!1,relative; nocase; content:"download856.mediafire.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704096/; classtype:trojan-activity;sid:84567196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.91.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704095/; classtype:trojan-activity;sid:84567195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704093)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7553285948/amwx7cm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704093/; classtype:trojan-activity;sid:84567193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704094)"; flow:established,from_client; content:"GET"; http_method; content:"/qwertyplokmnbvcxzuiopasdfghjklrtyu/adobereader.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"thedeadcassettes.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704094/; classtype:trojan-activity;sid:84567194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.173.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704092/; classtype:trojan-activity;sid:84567192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704091)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/zaitnzz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704091/; classtype:trojan-activity;sid:84567191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704090/; classtype:trojan-activity;sid:84567190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.55.21.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704089/; classtype:trojan-activity;sid:84567189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.116.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704088/; classtype:trojan-activity;sid:84567188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704087)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.234.205.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704087/; classtype:trojan-activity;sid:84567187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.78.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704086/; classtype:trojan-activity;sid:84567186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704085)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.i586"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704085/; classtype:trojan-activity;sid:84567185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.55.21.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704084/; classtype:trojan-activity;sid:84567184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.54.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704083/; classtype:trojan-activity;sid:84567183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.191.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704082/; classtype:trojan-activity;sid:84567182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.186.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704081/; classtype:trojan-activity;sid:84567181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.186.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704080/; classtype:trojan-activity;sid:84567180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.116.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704079/; classtype:trojan-activity;sid:84567179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.167.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704078/; classtype:trojan-activity;sid:84567178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.231.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704077/; classtype:trojan-activity;sid:84567177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704076)"; flow:established,from_client; content:"GET"; http_method; content:"/6f8ahf53"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mesh.papervolt.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704076/; classtype:trojan-activity;sid:84567176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.169.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704075/; classtype:trojan-activity;sid:84567175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.75.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704074/; classtype:trojan-activity;sid:84567174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.78.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704073/; classtype:trojan-activity;sid:84567173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.38.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704071/; classtype:trojan-activity;sid:84567171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.48.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704072/; classtype:trojan-activity;sid:84567172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.191.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704070/; classtype:trojan-activity;sid:84567170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.210.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704069/; classtype:trojan-activity;sid:84567169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.54.95.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704067/; classtype:trojan-activity;sid:84567167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.122.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704068/; classtype:trojan-activity;sid:84567168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.167.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704066/; classtype:trojan-activity;sid:84567166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.75.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704065/; classtype:trojan-activity;sid:84567165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.209.187.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704064/; classtype:trojan-activity;sid:84567164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.65.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704063/; classtype:trojan-activity;sid:84567163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.153.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704062/; classtype:trojan-activity;sid:84567162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704061)"; flow:established,from_client; content:"GET"; http_method; content:"/s4j4j1t6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"byte.jaxdrill.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704061/; classtype:trojan-activity;sid:84567161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704060)"; flow:established,from_client; content:"GET"; http_method; content:"/gmicnbax"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vale.zenith-snap.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704060/; classtype:trojan-activity;sid:84567160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.92.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704059/; classtype:trojan-activity;sid:84567159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704058)"; flow:established,from_client; content:"GET"; http_method; content:"/8rsosywc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rift.zenith-snap.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704058/; classtype:trojan-activity;sid:84567158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704057)"; flow:established,from_client; content:"GET"; http_method; content:"/2czt9iwb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"012.zenith-snap.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704057/; classtype:trojan-activity;sid:84567157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.200.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704056/; classtype:trojan-activity;sid:84567156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.10.66.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704055/; classtype:trojan-activity;sid:84567155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.17.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704054/; classtype:trojan-activity;sid:84567154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.38.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704053/; classtype:trojan-activity;sid:84567153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.51.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704052/; classtype:trojan-activity;sid:84567152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.79.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704051/; classtype:trojan-activity;sid:84567151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.146.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704047/; classtype:trojan-activity;sid:84567147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.178.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704048/; classtype:trojan-activity;sid:84567148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.146.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704049/; classtype:trojan-activity;sid:84567149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.129.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704050/; classtype:trojan-activity;sid:84567150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704046)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.231.222.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704046/; classtype:trojan-activity;sid:84567146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.244.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704044/; classtype:trojan-activity;sid:84567144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.122.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704045/; classtype:trojan-activity;sid:84567145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.153.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704043/; classtype:trojan-activity;sid:84567143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.147.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704042/; classtype:trojan-activity;sid:84567142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.93.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704041/; classtype:trojan-activity;sid:84567141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.147.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704040/; classtype:trojan-activity;sid:84567140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.244.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704039/; classtype:trojan-activity;sid:84567139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.56.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704038/; classtype:trojan-activity;sid:84567138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704037)"; flow:established,from_client; content:"GET"; http_method; content:"/kn53mlr7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nz.echozig.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704037/; classtype:trojan-activity;sid:84567137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704036/; classtype:trojan-activity;sid:84567136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.40.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704035/; classtype:trojan-activity;sid:84567135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.177.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704034/; classtype:trojan-activity;sid:84567134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.150.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704033/; classtype:trojan-activity;sid:84567133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.243.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704032/; classtype:trojan-activity;sid:84567132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.93.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704031/; classtype:trojan-activity;sid:84567131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.117.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704030/; classtype:trojan-activity;sid:84567130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704029)"; flow:established,from_client; content:"GET"; http_method; content:"/ol7khikw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"grid6.wreckly.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704029/; classtype:trojan-activity;sid:84567129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704028)"; flow:established,from_client; content:"GET"; http_method; content:"/52qwailp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"grid6.wreckly.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704028/; classtype:trojan-activity;sid:84567128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.243.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704027/; classtype:trojan-activity;sid:84567127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704026)"; flow:established,from_client; content:"GET"; http_method; content:"/6we5kzfz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7r.wreckly.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704026/; classtype:trojan-activity;sid:84567126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704025/; classtype:trojan-activity;sid:84567125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.172.77.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704024/; classtype:trojan-activity;sid:84567124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.231.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704023/; classtype:trojan-activity;sid:84567123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.163.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704022/; classtype:trojan-activity;sid:84567122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.255.129.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704021/; classtype:trojan-activity;sid:84567121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.160.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704020/; classtype:trojan-activity;sid:84567120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.105.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704019/; classtype:trojan-activity;sid:84567119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.42.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704018/; classtype:trojan-activity;sid:84567118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704017)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.231.222.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704017/; classtype:trojan-activity;sid:84567117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.195.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704016/; classtype:trojan-activity;sid:84567116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.108.89.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704015/; classtype:trojan-activity;sid:84567115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703999)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/woah/nignak/wewe3.johnsmith"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703999/; classtype:trojan-activity;sid:84567099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704000)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/woah/nignak/wewe4.johnsmith"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704000/; classtype:trojan-activity;sid:84567100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704001)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/woah/nignak/wewe11.johnsmith"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704001/; classtype:trojan-activity;sid:84567101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704002)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/woah/nignak/wewe7.johnsmith"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704002/; classtype:trojan-activity;sid:84567102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704003)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/woah/nignak/wewe9.johnsmith"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704003/; classtype:trojan-activity;sid:84567103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704004)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/woah/nignak/wewe10.johnsmith"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704004/; classtype:trojan-activity;sid:84567104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704005)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/hijacked/hidden"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704005/; classtype:trojan-activity;sid:84567105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704006)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/woah/nignak/wewe8.johnsmith"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704006/; classtype:trojan-activity;sid:84567106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704007)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/woah/nignak/wewe6.johnsmith"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704007/; classtype:trojan-activity;sid:84567107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704008)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/imagine/ohhellnawyoufoundme"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704008/; classtype:trojan-activity;sid:84567108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704009)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/woah/nignak/wewe12.johnsmith"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704009/; classtype:trojan-activity;sid:84567109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704010)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/woah/nignak/wewe1.johnsmith"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704010/; classtype:trojan-activity;sid:84567110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704011)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/woah/nignak/wewe5.johnsmith"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704011/; classtype:trojan-activity;sid:84567111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704012)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/woah/tpfuckyoulink"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704012/; classtype:trojan-activity;sid:84567112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704013)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/woah/tpfuckyoulink.sh"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704013/; classtype:trojan-activity;sid:84567113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704014)"; flow:established,from_client; content:"GET"; http_method; content:"/chuckfuck/woah/nignak/wewe2.johnsmith"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704014/; classtype:trojan-activity;sid:84567114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.208.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703998/; classtype:trojan-activity;sid:84567098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703997)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2020593187/ec8jqpr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703997/; classtype:trojan-activity;sid:84567097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.42.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703996/; classtype:trojan-activity;sid:84567096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.50.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703995/; classtype:trojan-activity;sid:84567095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.108.89.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703994/; classtype:trojan-activity;sid:84567094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.195.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703993/; classtype:trojan-activity;sid:84567093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.61.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703992/; classtype:trojan-activity;sid:84567092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.95.235.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703991/; classtype:trojan-activity;sid:84567091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703989/; classtype:trojan-activity;sid:84567089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.100.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703990/; classtype:trojan-activity;sid:84567090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703988)"; flow:established,from_client; content:"GET"; http_method; content:"/ohmygawdignoreme/wewe5.johnsmith"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703988/; classtype:trojan-activity;sid:84567088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703984)"; flow:established,from_client; content:"GET"; http_method; content:"/ohmygawdignoreme/wewe1.johnsmith"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703984/; classtype:trojan-activity;sid:84567084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703985)"; flow:established,from_client; content:"GET"; http_method; content:"/ohmygawdignoreme/wewe9.johnsmith"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703985/; classtype:trojan-activity;sid:84567085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703986)"; flow:established,from_client; content:"GET"; http_method; content:"/ohmygawdignoreme/wewe12.johnsmith"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703986/; classtype:trojan-activity;sid:84567086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703987)"; flow:established,from_client; content:"GET"; http_method; content:"/ohmygawdignoreme/wewe2.johnsmith"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703987/; classtype:trojan-activity;sid:84567087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703977)"; flow:established,from_client; content:"GET"; http_method; content:"/ohmygawdignoreme/wewe8.johnsmith"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703977/; classtype:trojan-activity;sid:84567077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703978)"; flow:established,from_client; content:"GET"; http_method; content:"/ohmygawdignoreme/wewe11.johnsmith"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703978/; classtype:trojan-activity;sid:84567078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703979)"; flow:established,from_client; content:"GET"; http_method; content:"/ohmygawdignoreme/wewe7.johnsmith"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703979/; classtype:trojan-activity;sid:84567079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703980)"; flow:established,from_client; content:"GET"; http_method; content:"/ohmygawdignoreme/wewe3.johnsmith"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703980/; classtype:trojan-activity;sid:84567080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703981)"; flow:established,from_client; content:"GET"; http_method; content:"/ohmygawdignoreme/wewe4.johnsmith"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703981/; classtype:trojan-activity;sid:84567081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703982)"; flow:established,from_client; content:"GET"; http_method; content:"/ohmygawdignoreme/wewe6.johnsmith"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703982/; classtype:trojan-activity;sid:84567082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703983)"; flow:established,from_client; content:"GET"; http_method; content:"/ohmygawdignoreme/wewe10.johnsmith"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"94.183.232.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703983/; classtype:trojan-activity;sid:84567083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.57.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703976/; classtype:trojan-activity;sid:84567076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.78.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703975/; classtype:trojan-activity;sid:84567075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.79.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703974/; classtype:trojan-activity;sid:84567074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.102.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3703973/; classtype:trojan-activity;sid:84567073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703972/; classtype:trojan-activity;sid:84567072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703971)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.153.ptr.pfcloud.network"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703971/; classtype:trojan-activity;sid:84567071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703970)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.153.ptr.pfcloud.network"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703970/; classtype:trojan-activity;sid:84567070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703967)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.148.153.ptr.pfcloud.network"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703967/; classtype:trojan-activity;sid:84567067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703968)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.153.ptr.pfcloud.network"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703968/; classtype:trojan-activity;sid:84567068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703969)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.148.153.ptr.pfcloud.network"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703969/; classtype:trojan-activity;sid:84567069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703961)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703961/; classtype:trojan-activity;sid:84567061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703962)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703962/; classtype:trojan-activity;sid:84567062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703963)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703963/; classtype:trojan-activity;sid:84567063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703964)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703964/; classtype:trojan-activity;sid:84567064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703965)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.153.ptr.pfcloud.network"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703965/; classtype:trojan-activity;sid:84567065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703966)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703966/; classtype:trojan-activity;sid:84567066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703960)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703960/; classtype:trojan-activity;sid:84567060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703956)"; flow:established,from_client; content:"GET"; http_method; content:"/router.draytek-rep.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.148.153.ptr.pfcloud.network"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703956/; classtype:trojan-activity;sid:84567056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703957)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.tvt-rep.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.148.153.ptr.pfcloud.network"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703957/; classtype:trojan-activity;sid:84567057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703958)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.lilin-rep.sh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.148.153.ptr.pfcloud.network"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703958/; classtype:trojan-activity;sid:84567058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703959)"; flow:established,from_client; content:"GET"; http_method; content:"/ipcam.goahead-rep.sh"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.148.153.ptr.pfcloud.network"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703959/; classtype:trojan-activity;sid:84567059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703955)"; flow:established,from_client; content:"GET"; http_method; content:"/router.lblink-rep.sh"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.148.153.ptr.pfcloud.network"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703955/; classtype:trojan-activity;sid:84567055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703954)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.jaws.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.153.ptr.pfcloud.network"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703954/; classtype:trojan-activity;sid:84567054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703953)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.148.153.ptr.pfcloud.network"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703953/; classtype:trojan-activity;sid:84567053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703949)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703949/; classtype:trojan-activity;sid:84567049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703950)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703950/; classtype:trojan-activity;sid:84567050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703951)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.jaws.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703951/; classtype:trojan-activity;sid:84567051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703952)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.153.ptr.pfcloud.network"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703952/; classtype:trojan-activity;sid:84567052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.81.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703948/; classtype:trojan-activity;sid:84567048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.78.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703947/; classtype:trojan-activity;sid:84567047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.56.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703946/; classtype:trojan-activity;sid:84567046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.46.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703945/; classtype:trojan-activity;sid:84567045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703944/; classtype:trojan-activity;sid:84567044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.225.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703943/; classtype:trojan-activity;sid:84567043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703942)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8438458984/surao4f.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703942/; classtype:trojan-activity;sid:84567042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.233.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703941/; classtype:trojan-activity;sid:84567041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.156.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703940/; classtype:trojan-activity;sid:84567040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.46.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703939/; classtype:trojan-activity;sid:84567039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703938)"; flow:established,from_client; content:"GET"; http_method; content:"/wwnjlnj1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ux.twist-nova.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703938/; classtype:trojan-activity;sid:84567038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703937)"; flow:established,from_client; content:"GET"; http_method; content:"/p.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.160.56.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703937/; classtype:trojan-activity;sid:84567037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.225.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703936/; classtype:trojan-activity;sid:84567036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.11.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703935/; classtype:trojan-activity;sid:84567035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.126.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703934/; classtype:trojan-activity;sid:84567034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.34.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703933/; classtype:trojan-activity;sid:84567033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.3.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703932/; classtype:trojan-activity;sid:84567032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703931)"; flow:established,from_client; content:"GET"; http_method; content:"/updater.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.137.250.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703931/; classtype:trojan-activity;sid:84567031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.35.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703930/; classtype:trojan-activity;sid:84567030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.191.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703929/; classtype:trojan-activity;sid:84567029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.129.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703928/; classtype:trojan-activity;sid:84567028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.11.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703927/; classtype:trojan-activity;sid:84567027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.120.56.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703926/; classtype:trojan-activity;sid:84567026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.126.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703925/; classtype:trojan-activity;sid:84567025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.91.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703924/; classtype:trojan-activity;sid:84567024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.208.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703923/; classtype:trojan-activity;sid:84567023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.176.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703922/; classtype:trojan-activity;sid:84567022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.225.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703921/; classtype:trojan-activity;sid:84567021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.169.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703920/; classtype:trojan-activity;sid:84567020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.177.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703919/; classtype:trojan-activity;sid:84567019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703918)"; flow:established,from_client; content:"GET"; http_method; content:"/4h3bzvb7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"loom.vorticeye.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703918/; classtype:trojan-activity;sid:84567018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.225.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703917/; classtype:trojan-activity;sid:84567017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703916/; classtype:trojan-activity;sid:84567016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703915/; classtype:trojan-activity;sid:84567015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703914)"; flow:established,from_client; content:"GET"; http_method; content:"/tnyfn4id"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"echo.vorticeye.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703914/; classtype:trojan-activity;sid:84567014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.47.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703913/; classtype:trojan-activity;sid:84567013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.176.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703912/; classtype:trojan-activity;sid:84567012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.47.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703911/; classtype:trojan-activity;sid:84567011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.47.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703910/; classtype:trojan-activity;sid:84567010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.241.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703909/; classtype:trojan-activity;sid:84567009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703908/; classtype:trojan-activity;sid:84567008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703907)"; flow:established,from_client; content:"GET"; http_method; content:"/qm5atb0u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"echo9.vorticeye.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703907/; classtype:trojan-activity;sid:84567007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.40.64.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703905/; classtype:trojan-activity;sid:84567005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.253.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703906/; classtype:trojan-activity;sid:84567006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.99.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703904/; classtype:trojan-activity;sid:84567004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703903/; classtype:trojan-activity;sid:84567003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.30.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703901/; classtype:trojan-activity;sid:84567001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.3.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703902/; classtype:trojan-activity;sid:84567002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.84.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703899/; classtype:trojan-activity;sid:84566999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.84.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703900/; classtype:trojan-activity;sid:84567000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.103.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703898/; classtype:trojan-activity;sid:84566998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703897)"; flow:established,from_client; content:"GET"; http_method; content:"/q5flocrt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nova1.st3elflare.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703897/; classtype:trojan-activity;sid:84566997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703896)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.227.244.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703896/; classtype:trojan-activity;sid:84566996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.40.64.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703895/; classtype:trojan-activity;sid:84566995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.40.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703894/; classtype:trojan-activity;sid:84566994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703893)"; flow:established,from_client; content:"GET"; http_method; content:"/cmh8msvh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vector.zenithsnap.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703893/; classtype:trojan-activity;sid:84566993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.133.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703892/; classtype:trojan-activity;sid:84566992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.40.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703891/; classtype:trojan-activity;sid:84566991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.225.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703890/; classtype:trojan-activity;sid:84566990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.234.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703889/; classtype:trojan-activity;sid:84566989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703888)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.58.58.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703888/; classtype:trojan-activity;sid:84566988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.40.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703887/; classtype:trojan-activity;sid:84566987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703886/; classtype:trojan-activity;sid:84566986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703885)"; flow:established,from_client; content:"GET"; http_method; content:"/xuib.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703885/; classtype:trojan-activity;sid:84566985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.64.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703884/; classtype:trojan-activity;sid:84566984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.50.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703883/; classtype:trojan-activity;sid:84566983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.74.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703882/; classtype:trojan-activity;sid:84566982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703881)"; flow:established,from_client; content:"GET"; http_method; content:"/emfmyxz1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lz3y.gl1tchgarden.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703881/; classtype:trojan-activity;sid:84566981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.234.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703880/; classtype:trojan-activity;sid:84566980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.218.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703878/; classtype:trojan-activity;sid:84566978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703879/; classtype:trojan-activity;sid:84566979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703877/; classtype:trojan-activity;sid:84566977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703876/; classtype:trojan-activity;sid:84566976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703875)"; flow:established,from_client; content:"GET"; http_method; content:"/yc0da8ow"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"l5sd.gl1tchgarden.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703875/; classtype:trojan-activity;sid:84566975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.48.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703874/; classtype:trojan-activity;sid:84566974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703873)"; flow:established,from_client; content:"GET"; http_method; content:"/gmrj34xy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8bg.bashglider.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703873/; classtype:trojan-activity;sid:84566973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.80.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703872/; classtype:trojan-activity;sid:84566972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703871)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7948739500/osrr1dz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703871/; classtype:trojan-activity;sid:84566971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.50.158"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703870/; classtype:trojan-activity;sid:84566970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.50.158"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703869/; classtype:trojan-activity;sid:84566969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.62.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703868/; classtype:trojan-activity;sid:84566968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.48.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703867/; classtype:trojan-activity;sid:84566967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703866)"; flow:established,from_client; content:"GET"; http_method; content:"/0jfecums"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zil.bashglider.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703866/; classtype:trojan-activity;sid:84566966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.21.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703865/; classtype:trojan-activity;sid:84566965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.62.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703864/; classtype:trojan-activity;sid:84566964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703863)"; flow:established,from_client; content:"GET"; http_method; content:"/zh2mh78i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kamm.starfiare.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703863/; classtype:trojan-activity;sid:84566963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.230.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703862/; classtype:trojan-activity;sid:84566962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.62.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703861/; classtype:trojan-activity;sid:84566961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.234.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703860/; classtype:trojan-activity;sid:84566960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.49.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703859/; classtype:trojan-activity;sid:84566959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703858)"; flow:established,from_client; content:"GET"; http_method; content:"/hnosqsh7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"glow.starfiare.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703858/; classtype:trojan-activity;sid:84566958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703857)"; flow:established,from_client; content:"GET"; http_method; content:"/y5wh236v"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"licht.cioudbr1nk.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703857/; classtype:trojan-activity;sid:84566957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.92.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703856/; classtype:trojan-activity;sid:84566956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703854)"; flow:established,from_client; content:"GET"; http_method; content:"/filea.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hostingdanfe.store"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703854/; classtype:trojan-activity;sid:84566954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703855)"; flow:established,from_client; content:"GET"; http_method; content:"/fileb.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hostingdanfe.store"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703855/; classtype:trojan-activity;sid:84566955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703853)"; flow:established,from_client; content:"GET"; http_method; content:"/39gne.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eiopause934.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703853/; classtype:trojan-activity;sid:84566953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.230.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703852/; classtype:trojan-activity;sid:84566952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.245.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703851/; classtype:trojan-activity;sid:84566951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.119.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703850/; classtype:trojan-activity;sid:84566950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.109.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703849/; classtype:trojan-activity;sid:84566949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703848)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.71.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703848/; classtype:trojan-activity;sid:84566948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.171.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703847/; classtype:trojan-activity;sid:84566947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.47.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703845/; classtype:trojan-activity;sid:84566945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703846)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8079848160/65dnqel.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703846/; classtype:trojan-activity;sid:84566946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703844)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5765596543/zf0zwq7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703844/; classtype:trojan-activity;sid:84566944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703843)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"2zoouumin.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703843/; classtype:trojan-activity;sid:84566943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703842)"; flow:established,from_client; content:"GET"; http_method; content:"/kamet1.wav"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.120.126.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703842/; classtype:trojan-activity;sid:84566942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703841)"; flow:established,from_client; content:"GET"; http_method; content:"/saraeco.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"saraeco.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703841/; classtype:trojan-activity;sid:84566941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703840)"; flow:established,from_client; content:"GET"; http_method; content:"/ct.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.253.249.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703840/; classtype:trojan-activity;sid:84566940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.109.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703839/; classtype:trojan-activity;sid:84566939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.78.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703838/; classtype:trojan-activity;sid:84566938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703836)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.78.111.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703836/; classtype:trojan-activity;sid:84566936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703837)"; flow:established,from_client; content:"GET"; http_method; content:"/page/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"2zoouunntoday.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703837/; classtype:trojan-activity;sid:84566937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703835)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.191.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703835/; classtype:trojan-activity;sid:84566935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703834)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jbnrdfg.sbs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703834/; classtype:trojan-activity;sid:84566934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703833)"; flow:established,from_client; content:"GET"; http_method; content:"/zxc/app.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"halesmp.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703833/; classtype:trojan-activity;sid:84566933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703832)"; flow:established,from_client; content:"GET"; http_method; content:"/1122.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"195.10.205.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703832/; classtype:trojan-activity;sid:84566932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703828)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|qr=cp|7c|26|7c|zqs=7b316683d180dc6d4d0cff6c7363c521"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"api.easybugpixolanefreeapp.monster"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703828/; classtype:trojan-activity;sid:84566928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703829)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.78.111.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703829/; classtype:trojan-activity;sid:84566929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703830)"; flow:established,from_client; content:"GET"; http_method; content:"/us05web/secure/zoominvite/1mxw7mvr41xvk1rxjdue23edbmb6jadovzc77s/windows/download.php"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"virtual04access.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703830/; classtype:trojan-activity;sid:84566930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703831)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.151.160.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703831/; classtype:trojan-activity;sid:84566931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703811)"; flow:established,from_client; content:"GET"; http_method; content:"/fie93.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pausevi493.come"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703811/; classtype:trojan-activity;sid:84566911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703812)"; flow:established,from_client; content:"GET"; http_method; content:"/38f8e.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fmeoau3pause.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703812/; classtype:trojan-activity;sid:84566912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703813)"; flow:established,from_client; content:"GET"; http_method; content:"/enmgioe.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gmegpauseee.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703813/; classtype:trojan-activity;sid:84566913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703814)"; flow:established,from_client; content:"GET"; http_method; content:"/g949jg.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pausei49gm3.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703814/; classtype:trojan-activity;sid:84566914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703815)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/mkf8ugd.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703815/; classtype:trojan-activity;sid:84566915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703816)"; flow:established,from_client; content:"GET"; http_method; content:"/ef93.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fmeapau3se.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703816/; classtype:trojan-activity;sid:84566916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703817)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/vkjynog.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703817/; classtype:trojan-activity;sid:84566917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703818)"; flow:established,from_client; content:"GET"; http_method; content:"/83fe.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"emgpausef3.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703818/; classtype:trojan-activity;sid:84566918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703819)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/l7po3el.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703819/; classtype:trojan-activity;sid:84566919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703820)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/biotkwy.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703820/; classtype:trojan-activity;sid:84566920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703821)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/jvnlxnv.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703821/; classtype:trojan-activity;sid:84566921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703822)"; flow:established,from_client; content:"GET"; http_method; content:"/ei3x.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3pausecmeor.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703822/; classtype:trojan-activity;sid:84566922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703823)"; flow:established,from_client; content:"GET"; http_method; content:"/eig4.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"emgipause.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703823/; classtype:trojan-activity;sid:84566923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703824)"; flow:established,from_client; content:"GET"; http_method; content:"/gner9.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fierpausemg93.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703824/; classtype:trojan-activity;sid:84566924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703825)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8438458984/ucxx7tp.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703825/; classtype:trojan-activity;sid:84566925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703826)"; flow:established,from_client; content:"GET"; http_method; content:"/39gm3.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mgiorpause.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703826/; classtype:trojan-activity;sid:84566926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703827)"; flow:established,from_client; content:"GET"; http_method; content:"/enmg3.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pause49gj3.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703827/; classtype:trojan-activity;sid:84566927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703810)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.4.242"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703810/; classtype:trojan-activity;sid:84566910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703808)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.4.242"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703808/; classtype:trojan-activity;sid:84566908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703809)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.185.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703809/; classtype:trojan-activity;sid:84566909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703807)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.165.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703807/; classtype:trojan-activity;sid:84566907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703806)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.185.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703806/; classtype:trojan-activity;sid:84566906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703805)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.109.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703805/; classtype:trojan-activity;sid:84566905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703804)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.109.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703804/; classtype:trojan-activity;sid:84566904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703803)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.29.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703803/; classtype:trojan-activity;sid:84566903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703802)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.221.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703802/; classtype:trojan-activity;sid:84566902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703801)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703801/; classtype:trojan-activity;sid:84566901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703800)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.71.108.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703800/; classtype:trojan-activity;sid:84566900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703798)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.71.108.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703798/; classtype:trojan-activity;sid:84566898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703799)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.151.160.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703799/; classtype:trojan-activity;sid:84566899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703797)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.191.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703797/; classtype:trojan-activity;sid:84566897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703796)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.28.133.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703796/; classtype:trojan-activity;sid:84566896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703795)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.29.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703795/; classtype:trojan-activity;sid:84566895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703794)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.151.160.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703794/; classtype:trojan-activity;sid:84566894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703793)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.71.108.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703793/; classtype:trojan-activity;sid:84566893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703791)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.248.191.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703791/; classtype:trojan-activity;sid:84566891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703792)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.228.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703792/; classtype:trojan-activity;sid:84566892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703789)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703789/; classtype:trojan-activity;sid:84566889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703790)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.191.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703790/; classtype:trojan-activity;sid:84566890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703788)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.21.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703788/; classtype:trojan-activity;sid:84566888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703787)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.191.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703787/; classtype:trojan-activity;sid:84566887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703786)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.215.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703786/; classtype:trojan-activity;sid:84566886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703782)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.151.160.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703782/; classtype:trojan-activity;sid:84566882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703783)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.21.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703783/; classtype:trojan-activity;sid:84566883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703784)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101424_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703784/; classtype:trojan-activity;sid:84566884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703785)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10325_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703785/; classtype:trojan-activity;sid:84566885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703780)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.151.160.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703780/; classtype:trojan-activity;sid:84566880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703781)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.133.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703781/; classtype:trojan-activity;sid:84566881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703779)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.78.111.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703779/; classtype:trojan-activity;sid:84566879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703777)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11424_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703777/; classtype:trojan-activity;sid:84566877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703778)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102624_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703778/; classtype:trojan-activity;sid:84566878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703775)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.71.108.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703775/; classtype:trojan-activity;sid:84566875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703776)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.78.111.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703776/; classtype:trojan-activity;sid:84566876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703773)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.78.111.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703773/; classtype:trojan-activity;sid:84566873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703774)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.78.111.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703774/; classtype:trojan-activity;sid:84566874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703771)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialimage/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703771/; classtype:trojan-activity;sid:84566871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703772)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.133.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703772/; classtype:trojan-activity;sid:84566872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703769)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"60.26.218.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703769/; classtype:trojan-activity;sid:84566869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703770)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.83.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703770/; classtype:trojan-activity;sid:84566870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703767)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_61924_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703767/; classtype:trojan-activity;sid:84566867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703768)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703768/; classtype:trojan-activity;sid:84566868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703766)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201705/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703766/; classtype:trojan-activity;sid:84566866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703765)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.83.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703765/; classtype:trojan-activity;sid:84566865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703764)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703764/; classtype:trojan-activity;sid:84566864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703761)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.133.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703761/; classtype:trojan-activity;sid:84566861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703762)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.78.111.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703762/; classtype:trojan-activity;sid:84566862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703763)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_61424_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703763/; classtype:trojan-activity;sid:84566863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703759)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82325_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703759/; classtype:trojan-activity;sid:84566859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703760)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11125_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703760/; classtype:trojan-activity;sid:84566860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703746)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.133.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703746/; classtype:trojan-activity;sid:84566846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703747)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_31025_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703747/; classtype:trojan-activity;sid:84566847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703748)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21025_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703748/; classtype:trojan-activity;sid:84566848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703749)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_6424_mahal-node1/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703749/; classtype:trojan-activity;sid:84566849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703750)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.28.133.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703750/; classtype:trojan-activity;sid:84566850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703751)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.139.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703751/; classtype:trojan-activity;sid:84566851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703752)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.108.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703752/; classtype:trojan-activity;sid:84566852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703753)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.21.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703753/; classtype:trojan-activity;sid:84566853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703754)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.139.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703754/; classtype:trojan-activity;sid:84566854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703755)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201805/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703755/; classtype:trojan-activity;sid:84566855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703756)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_71824_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703756/; classtype:trojan-activity;sid:84566856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703757)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.228.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703757/; classtype:trojan-activity;sid:84566857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703758)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.40.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703758/; classtype:trojan-activity;sid:84566858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703742)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.28.133.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703742/; classtype:trojan-activity;sid:84566842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703743)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_62124_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703743/; classtype:trojan-activity;sid:84566843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703744)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_112724_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703744/; classtype:trojan-activity;sid:84566844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703745)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101124_mahal-server/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703745/; classtype:trojan-activity;sid:84566845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703740)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.151.160.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703740/; classtype:trojan-activity;sid:84566840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703741)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.71.108.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703741/; classtype:trojan-activity;sid:84566841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703737)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_91824_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703737/; classtype:trojan-activity;sid:84566837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703738)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10824_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703738/; classtype:trojan-activity;sid:84566838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703739)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102524_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703739/; classtype:trojan-activity;sid:84566839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703733)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.71.108.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703733/; classtype:trojan-activity;sid:84566833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703734)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101824_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703734/; classtype:trojan-activity;sid:84566834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703735)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_9924_mahal-node1/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703735/; classtype:trojan-activity;sid:84566835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703736)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_52324_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703736/; classtype:trojan-activity;sid:84566836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.191.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703732/; classtype:trojan-activity;sid:84566832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703731)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703731/; classtype:trojan-activity;sid:84566831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703724)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703724/; classtype:trojan-activity;sid:84566824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703725)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.191.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703725/; classtype:trojan-activity;sid:84566825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703726)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201604/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703726/; classtype:trojan-activity;sid:84566826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703727)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_9425_mahal-node1/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703727/; classtype:trojan-activity;sid:84566827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703728)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102124_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703728/; classtype:trojan-activity;sid:84566828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703729)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_122624_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703729/; classtype:trojan-activity;sid:84566829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703730)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.151.160.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703730/; classtype:trojan-activity;sid:84566830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.78.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703723/; classtype:trojan-activity;sid:84566823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.118.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703722/; classtype:trojan-activity;sid:84566822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.231.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703721/; classtype:trojan-activity;sid:84566821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.35.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703720/; classtype:trojan-activity;sid:84566820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703719)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8330368940/aa00lf4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703719/; classtype:trojan-activity;sid:84566819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.254.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703718/; classtype:trojan-activity;sid:84566818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.112.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703717/; classtype:trojan-activity;sid:84566817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.47.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703716/; classtype:trojan-activity;sid:84566816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.196.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703715/; classtype:trojan-activity;sid:84566815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.121.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703714/; classtype:trojan-activity;sid:84566814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.29.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703713/; classtype:trojan-activity;sid:84566813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.118.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703712/; classtype:trojan-activity;sid:84566812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.231.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703711/; classtype:trojan-activity;sid:84566811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.160.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703710/; classtype:trojan-activity;sid:84566810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.13.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703709/; classtype:trojan-activity;sid:84566809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.112.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703708/; classtype:trojan-activity;sid:84566808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.251.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703707/; classtype:trojan-activity;sid:84566807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.196.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703706/; classtype:trojan-activity;sid:84566806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.84.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703705/; classtype:trojan-activity;sid:84566805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.84.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703694/; classtype:trojan-activity;sid:84566794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.84.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703695/; classtype:trojan-activity;sid:84566795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703696)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.58.58.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703696/; classtype:trojan-activity;sid:84566796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.84.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703697/; classtype:trojan-activity;sid:84566797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703698)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.58.58.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703698/; classtype:trojan-activity;sid:84566798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703699)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.58.58.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703699/; classtype:trojan-activity;sid:84566799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703700)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.58.58.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703700/; classtype:trojan-activity;sid:84566800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703701)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.58.58.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703701/; classtype:trojan-activity;sid:84566801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703702)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.58.58.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703702/; classtype:trojan-activity;sid:84566802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703703)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.58.58.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703703/; classtype:trojan-activity;sid:84566803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.13.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703704/; classtype:trojan-activity;sid:84566804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.84.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703693/; classtype:trojan-activity;sid:84566793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.205.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703687/; classtype:trojan-activity;sid:84566787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.84.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703688/; classtype:trojan-activity;sid:84566788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703689)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.58.58.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703689/; classtype:trojan-activity;sid:84566789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.84.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703690/; classtype:trojan-activity;sid:84566790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703691)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.58.58.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703691/; classtype:trojan-activity;sid:84566791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703692)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.58.58.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703692/; classtype:trojan-activity;sid:84566792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.67.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703686/; classtype:trojan-activity;sid:84566786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.164.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703685/; classtype:trojan-activity;sid:84566785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.205.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703684/; classtype:trojan-activity;sid:84566784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.24.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703683/; classtype:trojan-activity;sid:84566783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.191.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703682/; classtype:trojan-activity;sid:84566782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.157.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703681/; classtype:trojan-activity;sid:84566781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.241.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703680/; classtype:trojan-activity;sid:84566780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.74.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703679/; classtype:trojan-activity;sid:84566779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.60.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703677/; classtype:trojan-activity;sid:84566777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.86.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703678/; classtype:trojan-activity;sid:84566778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.169.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703676/; classtype:trojan-activity;sid:84566776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.252.159.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703675/; classtype:trojan-activity;sid:84566775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.176.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703674/; classtype:trojan-activity;sid:84566774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.164.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703673/; classtype:trojan-activity;sid:84566773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.184.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703672/; classtype:trojan-activity;sid:84566772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.193.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703671/; classtype:trojan-activity;sid:84566771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.251.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703670/; classtype:trojan-activity;sid:84566770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.79.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703669/; classtype:trojan-activity;sid:84566769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.84.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703668/; classtype:trojan-activity;sid:84566768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.184.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703667/; classtype:trojan-activity;sid:84566767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.193.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703666/; classtype:trojan-activity;sid:84566766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.10.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703665/; classtype:trojan-activity;sid:84566765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.253.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703664/; classtype:trojan-activity;sid:84566764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.24.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703663/; classtype:trojan-activity;sid:84566763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.155.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703662/; classtype:trojan-activity;sid:84566762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703661)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2020593187/x4l2tva.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703661/; classtype:trojan-activity;sid:84566761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.127.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703660/; classtype:trojan-activity;sid:84566760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.130.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703659/; classtype:trojan-activity;sid:84566759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.92.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703658/; classtype:trojan-activity;sid:84566758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703657)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.234.199.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703657/; classtype:trojan-activity;sid:84566757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.43.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703656/; classtype:trojan-activity;sid:84566756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.155.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703655/; classtype:trojan-activity;sid:84566755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.120.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703654/; classtype:trojan-activity;sid:84566754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.234.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703653/; classtype:trojan-activity;sid:84566753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.198.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703652/; classtype:trojan-activity;sid:84566752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.253.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703651/; classtype:trojan-activity;sid:84566751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.148.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703650/; classtype:trojan-activity;sid:84566750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.88.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703649/; classtype:trojan-activity;sid:84566749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.78.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703648/; classtype:trojan-activity;sid:84566748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.15.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703647/; classtype:trojan-activity;sid:84566747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.90.191.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703646/; classtype:trojan-activity;sid:84566746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.78.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703645/; classtype:trojan-activity;sid:84566745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.114.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703644/; classtype:trojan-activity;sid:84566744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703643/; classtype:trojan-activity;sid:84566743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.10.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703642/; classtype:trojan-activity;sid:84566742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.90.191.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703641/; classtype:trojan-activity;sid:84566741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.80.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703640/; classtype:trojan-activity;sid:84566740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.15.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703639/; classtype:trojan-activity;sid:84566739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.161.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703638/; classtype:trojan-activity;sid:84566738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.114.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703637/; classtype:trojan-activity;sid:84566737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.143.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703636/; classtype:trojan-activity;sid:84566736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.80.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703635/; classtype:trojan-activity;sid:84566735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.119.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703632/; classtype:trojan-activity;sid:84566732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.42.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703633/; classtype:trojan-activity;sid:84566733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703634/; classtype:trojan-activity;sid:84566734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703631/; classtype:trojan-activity;sid:84566731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.199.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703630/; classtype:trojan-activity;sid:84566730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.207.64.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703629/; classtype:trojan-activity;sid:84566729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.105.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703628/; classtype:trojan-activity;sid:84566728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.232.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703626/; classtype:trojan-activity;sid:84566726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.189.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703627/; classtype:trojan-activity;sid:84566727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.13.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703625/; classtype:trojan-activity;sid:84566725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.119.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703624/; classtype:trojan-activity;sid:84566724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.133.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703623/; classtype:trojan-activity;sid:84566723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.166.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703622/; classtype:trojan-activity;sid:84566722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.189.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703621/; classtype:trojan-activity;sid:84566721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.62.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703620/; classtype:trojan-activity;sid:84566720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.48.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703619/; classtype:trojan-activity;sid:84566719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.178.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703618/; classtype:trojan-activity;sid:84566718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.13.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703617/; classtype:trojan-activity;sid:84566717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.48.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703616/; classtype:trojan-activity;sid:84566716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.47.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703615/; classtype:trojan-activity;sid:84566715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.133.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703614/; classtype:trojan-activity;sid:84566714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.135.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703613/; classtype:trojan-activity;sid:84566713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.5.74"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703612/; classtype:trojan-activity;sid:84566712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.160.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703611/; classtype:trojan-activity;sid:84566711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.107.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703610/; classtype:trojan-activity;sid:84566710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"142.90.3.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703609/; classtype:trojan-activity;sid:84566709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"142.90.3.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703608/; classtype:trojan-activity;sid:84566708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.214.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703607/; classtype:trojan-activity;sid:84566707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.135.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703606/; classtype:trojan-activity;sid:84566706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.206.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703605/; classtype:trojan-activity;sid:84566705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.146.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703604/; classtype:trojan-activity;sid:84566704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.181.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703603/; classtype:trojan-activity;sid:84566703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.130.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703602/; classtype:trojan-activity;sid:84566702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.107.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703601/; classtype:trojan-activity;sid:84566701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703600)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.77.246.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703600/; classtype:trojan-activity;sid:84566700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703589)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.77.246.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703589/; classtype:trojan-activity;sid:84566689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703590)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.77.246.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703590/; classtype:trojan-activity;sid:84566690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703591)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.77.246.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703591/; classtype:trojan-activity;sid:84566691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703592)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.77.246.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703592/; classtype:trojan-activity;sid:84566692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703593)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.77.246.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703593/; classtype:trojan-activity;sid:84566693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703594)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86-64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.77.246.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703594/; classtype:trojan-activity;sid:84566694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703595)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.77.246.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703595/; classtype:trojan-activity;sid:84566695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703596)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.77.246.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703596/; classtype:trojan-activity;sid:84566696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703597)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.77.246.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703597/; classtype:trojan-activity;sid:84566697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703598)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.77.246.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703598/; classtype:trojan-activity;sid:84566698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703599)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.77.246.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703599/; classtype:trojan-activity;sid:84566699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.67.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703588/; classtype:trojan-activity;sid:84566688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.220.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703587/; classtype:trojan-activity;sid:84566687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.80.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703586/; classtype:trojan-activity;sid:84566686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703585/; classtype:trojan-activity;sid:84566685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.120.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703584/; classtype:trojan-activity;sid:84566684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703583)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.55.3.72"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703583/; classtype:trojan-activity;sid:84566683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.63.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703582/; classtype:trojan-activity;sid:84566682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.15.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703578/; classtype:trojan-activity;sid:84566678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.146.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703579/; classtype:trojan-activity;sid:84566679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.29.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703580/; classtype:trojan-activity;sid:84566680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.26.227.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703581/; classtype:trojan-activity;sid:84566681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.68.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703570/; classtype:trojan-activity;sid:84566670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.98.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703571/; classtype:trojan-activity;sid:84566671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.146.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703572/; classtype:trojan-activity;sid:84566672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.234.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703573/; classtype:trojan-activity;sid:84566673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.40.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703574/; classtype:trojan-activity;sid:84566674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.173.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703575/; classtype:trojan-activity;sid:84566675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.202.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703576/; classtype:trojan-activity;sid:84566676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.179.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703577/; classtype:trojan-activity;sid:84566677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.214.174.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703566/; classtype:trojan-activity;sid:84566666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.3.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703567/; classtype:trojan-activity;sid:84566667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.199.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703568/; classtype:trojan-activity;sid:84566668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.42.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703569/; classtype:trojan-activity;sid:84566669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.197.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703565/; classtype:trojan-activity;sid:84566665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.80.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703564/; classtype:trojan-activity;sid:84566664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.52.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703563/; classtype:trojan-activity;sid:84566663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.114.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703562/; classtype:trojan-activity;sid:84566662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.61.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703561/; classtype:trojan-activity;sid:84566661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.120.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703560/; classtype:trojan-activity;sid:84566660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.244.165.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703559/; classtype:trojan-activity;sid:84566659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.52.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703558/; classtype:trojan-activity;sid:84566658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703557)"; flow:established,from_client; content:"GET"; http_method; content:"/tv-garden_ver_12.03.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tv-garden-new7.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703557/; classtype:trojan-activity;sid:84566657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703556)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201701/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703556/; classtype:trojan-activity;sid:84566656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703555)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/cafe4d_1.0.0.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"cafe4dv1.store"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703555/; classtype:trojan-activity;sid:84566655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703554)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tukitoko-golge.sbs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703554/; classtype:trojan-activity;sid:84566654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703553)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/boboslot_1.0.0.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"boboslot6.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703553/; classtype:trojan-activity;sid:84566653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703552)"; flow:established,from_client; content:"GET"; http_method; content:"/atomicwallet.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"atomicdesktop-version.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703552/; classtype:trojan-activity;sid:84566652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703550)"; flow:established,from_client; content:"GET"; http_method; content:"/spk/spk-smart-moora-ci-3%20%282%29.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"kopibrb.my.id"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703550/; classtype:trojan-activity;sid:84566650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703551)"; flow:established,from_client; content:"GET"; http_method; content:"/download/cerex_pcui_1.3.1_20250102_prd.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dfohs.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703551/; classtype:trojan-activity;sid:84566651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703549)"; flow:established,from_client; content:"GET"; http_method; content:"/atomicwallet.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"atomicdeskapps.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703549/; classtype:trojan-activity;sid:84566649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703547)"; flow:established,from_client; content:"GET"; http_method; content:"/iranian.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"vamir.pro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703547/; classtype:trojan-activity;sid:84566647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703548)"; flow:established,from_client; content:"GET"; http_method; content:"/groovesync.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"groovesyncmusic.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703548/; classtype:trojan-activity;sid:84566648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.92.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703546/; classtype:trojan-activity;sid:84566646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703544)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201611/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703544/; classtype:trojan-activity;sid:84566644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703545)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/olympus178.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rsjayapura.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703545/; classtype:trojan-activity;sid:84566645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703539)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"120.61.92.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703539/; classtype:trojan-activity;sid:84566639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703540)"; flow:established,from_client; content:"GET"; http_method; content:"/m/downloads/download.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"clubeyang.ink"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703540/; classtype:trojan-activity;sid:84566640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703541)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201707/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703541/; classtype:trojan-activity;sid:84566641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703542)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201606/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703542/; classtype:trojan-activity;sid:84566642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703543)"; flow:established,from_client; content:"GET"; http_method; content:"/m/downloads/toto919.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"toto919fast.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703543/; classtype:trojan-activity;sid:84566643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703536)"; flow:established,from_client; content:"GET"; http_method; content:"/m/downloads/bar88.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"mintqrisbar88.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703536/; classtype:trojan-activity;sid:84566636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703537)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201907/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703537/; classtype:trojan-activity;sid:84566637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703538)"; flow:established,from_client; content:"GET"; http_method; content:"/soulsync.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"soulsync.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703538/; classtype:trojan-activity;sid:84566638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703535)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/boboslot_1.0.0.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"boboslotm.cfd"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703535/; classtype:trojan-activity;sid:84566635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703534)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201603/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703534/; classtype:trojan-activity;sid:84566634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703533)"; flow:established,from_client; content:"GET"; http_method; content:"/files/file.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tukutoks-pp.sbs"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703533/; classtype:trojan-activity;sid:84566633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703529)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202109/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703529/; classtype:trojan-activity;sid:84566629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703530)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201611/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703530/; classtype:trojan-activity;sid:84566630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703531)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201610/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703531/; classtype:trojan-activity;sid:84566631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703532)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202008/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703532/; classtype:trojan-activity;sid:84566632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703515)"; flow:established,from_client; content:"GET"; http_method; content:"/dzqwbev9gsyd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"158.94.208.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703515/; classtype:trojan-activity;sid:84566615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703516)"; flow:established,from_client; content:"GET"; http_method; content:"/fe0fwqhji1a2vw1xd93d"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"158.94.208.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703516/; classtype:trojan-activity;sid:84566616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703517)"; flow:established,from_client; content:"GET"; http_method; content:"/xohfsxklyhitm75h"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"158.94.208.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703517/; classtype:trojan-activity;sid:84566617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703518)"; flow:established,from_client; content:"GET"; http_method; content:"/xd0sehqo6o8o0xums"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"158.94.208.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703518/; classtype:trojan-activity;sid:84566618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703519)"; flow:established,from_client; content:"GET"; http_method; content:"/bkhvembhedasyhjufbyuqx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"158.94.208.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703519/; classtype:trojan-activity;sid:84566619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703520)"; flow:established,from_client; content:"GET"; http_method; content:"/uuzkcm19s6pdhzlus"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"158.94.208.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703520/; classtype:trojan-activity;sid:84566620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703521)"; flow:established,from_client; content:"GET"; http_method; content:"/o3bqgukn0r3be7qldyf35"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"158.94.208.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703521/; classtype:trojan-activity;sid:84566621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703522)"; flow:established,from_client; content:"GET"; http_method; content:"/iqslkiiulcpbyb4uekxg6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"158.94.208.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703522/; classtype:trojan-activity;sid:84566622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703523)"; flow:established,from_client; content:"GET"; http_method; content:"/dvot7th2b0lh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"158.94.208.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703523/; classtype:trojan-activity;sid:84566623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703524)"; flow:established,from_client; content:"GET"; http_method; content:"/pb8deshdtgx2wvlmqqdo"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"158.94.208.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703524/; classtype:trojan-activity;sid:84566624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703525)"; flow:established,from_client; content:"GET"; http_method; content:"/okhtyypp02hq8hnni33k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"158.94.208.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703525/; classtype:trojan-activity;sid:84566625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703526)"; flow:established,from_client; content:"GET"; http_method; content:"/w1rcodn87qi20w"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"158.94.208.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703526/; classtype:trojan-activity;sid:84566626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703527)"; flow:established,from_client; content:"GET"; http_method; content:"/6bc7rqhz0com22cyqekr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"158.94.208.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703527/; classtype:trojan-activity;sid:84566627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703528)"; flow:established,from_client; content:"GET"; http_method; content:"/lamzjdpus8tbbwoypxq"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"158.94.208.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703528/; classtype:trojan-activity;sid:84566628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.14.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703514/; classtype:trojan-activity;sid:84566614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.95.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703513/; classtype:trojan-activity;sid:84566613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.61.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703512/; classtype:trojan-activity;sid:84566612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.84.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703511/; classtype:trojan-activity;sid:84566611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.96.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703510/; classtype:trojan-activity;sid:84566610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.86.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703509/; classtype:trojan-activity;sid:84566609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703508/; classtype:trojan-activity;sid:84566608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.14.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703507/; classtype:trojan-activity;sid:84566607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.97.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703506/; classtype:trojan-activity;sid:84566606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.114.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703505/; classtype:trojan-activity;sid:84566605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.176.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703504/; classtype:trojan-activity;sid:84566604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703503)"; flow:established,from_client; content:"GET"; http_method; content:"/z9zlurkg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"geist.cioudbr1nk.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703503/; classtype:trojan-activity;sid:84566603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.244.165.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703502/; classtype:trojan-activity;sid:84566602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.193.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703499/; classtype:trojan-activity;sid:84566599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.27.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703500/; classtype:trojan-activity;sid:84566600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703501/; classtype:trojan-activity;sid:84566601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703498/; classtype:trojan-activity;sid:84566598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.129.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703497/; classtype:trojan-activity;sid:84566597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703496/; classtype:trojan-activity;sid:84566596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703495)"; flow:established,from_client; content:"GET"; http_method; content:"/mosncaeh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pfad.embertarn.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703495/; classtype:trojan-activity;sid:84566595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.176.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703494/; classtype:trojan-activity;sid:84566594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.97.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703493/; classtype:trojan-activity;sid:84566593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703492/; classtype:trojan-activity;sid:84566592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.129.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703491/; classtype:trojan-activity;sid:84566591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703490)"; flow:established,from_client; content:"GET"; http_method; content:"/sdmrpiy8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rune.ic0n1cforge.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703490/; classtype:trojan-activity;sid:84566590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.51.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703489/; classtype:trojan-activity;sid:84566589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703488)"; flow:established,from_client; content:"GET"; http_method; content:"/fdiygj2i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wolke.ic0n1cforge.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703488/; classtype:trojan-activity;sid:84566588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.75.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703487/; classtype:trojan-activity;sid:84566587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.44.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703485/; classtype:trojan-activity;sid:84566585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.14.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703486/; classtype:trojan-activity;sid:84566586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703484)"; flow:established,from_client; content:"GET"; http_method; content:"/sjn2c37h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fjord.ny4lp8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703484/; classtype:trojan-activity;sid:84566584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.220.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703483/; classtype:trojan-activity;sid:84566583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703482)"; flow:established,from_client; content:"GET"; http_method; content:"/ev7n0yjl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kamm.ny4lp8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703482/; classtype:trojan-activity;sid:84566582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.228.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703481/; classtype:trojan-activity;sid:84566581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.220.145.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703480/; classtype:trojan-activity;sid:84566580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.173.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703479/; classtype:trojan-activity;sid:84566579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.14.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703478/; classtype:trojan-activity;sid:84566578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.220.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703477/; classtype:trojan-activity;sid:84566577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703476)"; flow:established,from_client; content:"GET"; http_method; content:"/1lvdq2zz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"glow.l2-1-w2.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703476/; classtype:trojan-activity;sid:84566576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703475)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/azqibxg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703475/; classtype:trojan-activity;sid:84566575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.193.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703474/; classtype:trojan-activity;sid:84566574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703473)"; flow:established,from_client; content:"GET"; http_method; content:"/vbpppvl0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rune.l2-1-w2.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703473/; classtype:trojan-activity;sid:84566573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.228.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703472/; classtype:trojan-activity;sid:84566572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.24.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703471/; classtype:trojan-activity;sid:84566571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703470)"; flow:established,from_client; content:"GET"; http_method; content:"/ai1xqf5p"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wald.l2-1-w2.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703470/; classtype:trojan-activity;sid:84566570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.1.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703469/; classtype:trojan-activity;sid:84566569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.24.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703468/; classtype:trojan-activity;sid:84566568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.34.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703467/; classtype:trojan-activity;sid:84566567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703466/; classtype:trojan-activity;sid:84566566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.162.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703465/; classtype:trojan-activity;sid:84566565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703464)"; flow:established,from_client; content:"GET"; http_method; content:"/zirhjaca"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hwv.rumble-kin.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703464/; classtype:trojan-activity;sid:84566564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.26.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703463/; classtype:trojan-activity;sid:84566563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.34.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703462/; classtype:trojan-activity;sid:84566562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.1.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703461/; classtype:trojan-activity;sid:84566561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703460)"; flow:established,from_client; content:"GET"; http_method; content:"/y4pa4jt3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"byte.rumble-kin.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703460/; classtype:trojan-activity;sid:84566560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.197.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703459/; classtype:trojan-activity;sid:84566559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.191.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703458/; classtype:trojan-activity;sid:84566558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.194.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703457/; classtype:trojan-activity;sid:84566557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.21.172"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703456/; classtype:trojan-activity;sid:84566556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.162.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703455/; classtype:trojan-activity;sid:84566555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703454)"; flow:established,from_client; content:"GET"; http_method; content:"/p16i34yh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kaf.c0sm1cweld.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703454/; classtype:trojan-activity;sid:84566554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.154.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703453/; classtype:trojan-activity;sid:84566553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.51.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703452/; classtype:trojan-activity;sid:84566552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.234.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703451/; classtype:trojan-activity;sid:84566551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.198.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703450/; classtype:trojan-activity;sid:84566550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.208.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703449/; classtype:trojan-activity;sid:84566549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703448)"; flow:established,from_client; content:"GET"; http_method; content:"/a7q6h3l7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sparkle.c0sm1cweld.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703448/; classtype:trojan-activity;sid:84566548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.21.172"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703447/; classtype:trojan-activity;sid:84566547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.93.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703446/; classtype:trojan-activity;sid:84566546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.37.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703445/; classtype:trojan-activity;sid:84566545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703444)"; flow:established,from_client; content:"GET"; http_method; content:"/py9hix7c"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"trail5.rift-cog.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703444/; classtype:trojan-activity;sid:84566544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.148.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703443/; classtype:trojan-activity;sid:84566543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.148.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703442/; classtype:trojan-activity;sid:84566542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703441)"; flow:established,from_client; content:"GET"; http_method; content:"/55046ca8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dj2op.rift-cog.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703441/; classtype:trojan-activity;sid:84566541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.93.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703440/; classtype:trojan-activity;sid:84566540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.227.128.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703439/; classtype:trojan-activity;sid:84566539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.140.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703438/; classtype:trojan-activity;sid:84566538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703437)"; flow:established,from_client; content:"GET"; http_method; content:"/c6ht8jow"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"burst.rift-cog.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703437/; classtype:trojan-activity;sid:84566537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.223.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703436/; classtype:trojan-activity;sid:84566536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.208.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703435/; classtype:trojan-activity;sid:84566535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703434)"; flow:established,from_client; content:"GET"; http_method; content:"/w5nr6gj6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7plpf.spryvolt.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703434/; classtype:trojan-activity;sid:84566534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.202.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703433/; classtype:trojan-activity;sid:84566533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.148.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703431/; classtype:trojan-activity;sid:84566531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.41.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703432/; classtype:trojan-activity;sid:84566532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.87.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703430/; classtype:trojan-activity;sid:84566530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.159.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703429/; classtype:trojan-activity;sid:84566529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.143.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703428/; classtype:trojan-activity;sid:84566528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.191.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703427/; classtype:trojan-activity;sid:84566527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.183.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703426/; classtype:trojan-activity;sid:84566526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.204.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703424/; classtype:trojan-activity;sid:84566524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.133.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703425/; classtype:trojan-activity;sid:84566525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.202.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703423/; classtype:trojan-activity;sid:84566523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703422)"; flow:established,from_client; content:"GET"; http_method; content:"/9u2g4g9u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"trail3.knackquill.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703422/; classtype:trojan-activity;sid:84566522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.87.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703421/; classtype:trojan-activity;sid:84566521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.148.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703420/; classtype:trojan-activity;sid:84566520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.143.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703419/; classtype:trojan-activity;sid:84566519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703418)"; flow:established,from_client; content:"GET"; http_method; content:"/01hn27uf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gv8.knackquill.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703418/; classtype:trojan-activity;sid:84566518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.115.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703417/; classtype:trojan-activity;sid:84566517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.92.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703416/; classtype:trojan-activity;sid:84566516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.188.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703415/; classtype:trojan-activity;sid:84566515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.193.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703414/; classtype:trojan-activity;sid:84566514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.209.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703412/; classtype:trojan-activity;sid:84566512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.189.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703413/; classtype:trojan-activity;sid:84566513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703411)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703411/; classtype:trojan-activity;sid:84566511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703410/; classtype:trojan-activity;sid:84566510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.159.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703409/; classtype:trojan-activity;sid:84566509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.253.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703408/; classtype:trojan-activity;sid:84566508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.115.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703407/; classtype:trojan-activity;sid:84566507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.94.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703406/; classtype:trojan-activity;sid:84566506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.86.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703405/; classtype:trojan-activity;sid:84566505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.40.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703404/; classtype:trojan-activity;sid:84566504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.193.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703403/; classtype:trojan-activity;sid:84566503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703402)"; flow:established,from_client; content:"GET"; http_method; content:"/2vgnpg2z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"u1yee.spry-volt.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703402/; classtype:trojan-activity;sid:84566502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.200.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703401/; classtype:trojan-activity;sid:84566501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.188.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703400/; classtype:trojan-activity;sid:84566500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.171.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703399/; classtype:trojan-activity;sid:84566499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.253.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703398/; classtype:trojan-activity;sid:84566498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.166.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703397/; classtype:trojan-activity;sid:84566497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703396)"; flow:established,from_client; content:"GET"; http_method; content:"/dpv8i417"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kz17u.spry-volt.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703396/; classtype:trojan-activity;sid:84566496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.205.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703395/; classtype:trojan-activity;sid:84566495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.202.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703394/; classtype:trojan-activity;sid:84566494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.145.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703393/; classtype:trojan-activity;sid:84566493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.86.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703392/; classtype:trojan-activity;sid:84566492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.229.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703391/; classtype:trojan-activity;sid:84566491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.81.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703390/; classtype:trojan-activity;sid:84566490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703389)"; flow:established,from_client; content:"GET"; http_method; content:"/b7bczcxr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"b8.c-0-sm-1-cweld.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703389/; classtype:trojan-activity;sid:84566489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.188.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703388/; classtype:trojan-activity;sid:84566488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.188.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703387/; classtype:trojan-activity;sid:84566487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.253.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703386/; classtype:trojan-activity;sid:84566486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.171.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703384/; classtype:trojan-activity;sid:84566484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.57.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703385/; classtype:trojan-activity;sid:84566485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.149.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703383/; classtype:trojan-activity;sid:84566483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.221.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703382/; classtype:trojan-activity;sid:84566482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.202.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703381/; classtype:trojan-activity;sid:84566481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.127.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703379/; classtype:trojan-activity;sid:84566479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.81.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703380/; classtype:trojan-activity;sid:84566480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.41.213.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703378/; classtype:trojan-activity;sid:84566478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.229.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703377/; classtype:trojan-activity;sid:84566477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.196.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703376/; classtype:trojan-activity;sid:84566476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.80.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703375/; classtype:trojan-activity;sid:84566475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.95.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703374/; classtype:trojan-activity;sid:84566474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703373)"; flow:established,from_client; content:"GET"; http_method; content:"/lpajp6s2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"quark5.glitch-pact.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703373/; classtype:trojan-activity;sid:84566473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.191.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703372/; classtype:trojan-activity;sid:84566472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703371/; classtype:trojan-activity;sid:84566471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.138.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703370/; classtype:trojan-activity;sid:84566470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.62.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703369/; classtype:trojan-activity;sid:84566469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.0.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703368/; classtype:trojan-activity;sid:84566468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703367)"; flow:established,from_client; content:"GET"; http_method; content:"/nvn0wrwg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fyp.glitch-pact.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703367/; classtype:trojan-activity;sid:84566467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.73.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703366/; classtype:trojan-activity;sid:84566466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.196.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703365/; classtype:trojan-activity;sid:84566465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.41.213.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703364/; classtype:trojan-activity;sid:84566464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.67.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703363/; classtype:trojan-activity;sid:84566463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.80.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703362/; classtype:trojan-activity;sid:84566462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.191.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703361/; classtype:trojan-activity;sid:84566461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.109.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703360/; classtype:trojan-activity;sid:84566460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.71.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703358/; classtype:trojan-activity;sid:84566458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.242.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703359/; classtype:trojan-activity;sid:84566459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703357)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6437444697/dtqnzpb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703357/; classtype:trojan-activity;sid:84566457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703356/; classtype:trojan-activity;sid:84566456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.194.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703355/; classtype:trojan-activity;sid:84566455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703354)"; flow:established,from_client; content:"GET"; http_method; content:"/uibz4sck"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2yn.polywhiz.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703354/; classtype:trojan-activity;sid:84566454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.209.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703353/; classtype:trojan-activity;sid:84566453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.109.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703352/; classtype:trojan-activity;sid:84566452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.224.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703351/; classtype:trojan-activity;sid:84566451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.242.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703350/; classtype:trojan-activity;sid:84566450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.123.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703349/; classtype:trojan-activity;sid:84566449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.46.152.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703348/; classtype:trojan-activity;sid:84566448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703347/; classtype:trojan-activity;sid:84566447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.190.203.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703346/; classtype:trojan-activity;sid:84566446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.245.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703345/; classtype:trojan-activity;sid:84566445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.42.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703344/; classtype:trojan-activity;sid:84566444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.29.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703343/; classtype:trojan-activity;sid:84566443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.163.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703342/; classtype:trojan-activity;sid:84566442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.248.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703341/; classtype:trojan-activity;sid:84566441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.44.242.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703340/; classtype:trojan-activity;sid:84566440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.86.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703339/; classtype:trojan-activity;sid:84566439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.123.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703338/; classtype:trojan-activity;sid:84566438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.245.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703337/; classtype:trojan-activity;sid:84566437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.44.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703336/; classtype:trojan-activity;sid:84566436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.55.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703335/; classtype:trojan-activity;sid:84566435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.29.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703334/; classtype:trojan-activity;sid:84566434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.164.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703333/; classtype:trojan-activity;sid:84566433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.248.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703332/; classtype:trojan-activity;sid:84566432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703331)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5209749284/joojm4l.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703331/; classtype:trojan-activity;sid:84566431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.209.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703330/; classtype:trojan-activity;sid:84566430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703329)"; flow:established,from_client; content:"GET"; http_method; content:"/ioal70ft"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"forge.joltberry.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703329/; classtype:trojan-activity;sid:84566429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.86.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703328/; classtype:trojan-activity;sid:84566428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.46.152.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703327/; classtype:trojan-activity;sid:84566427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.89.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703325/; classtype:trojan-activity;sid:84566425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.224.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703326/; classtype:trojan-activity;sid:84566426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.46.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703324/; classtype:trojan-activity;sid:84566424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.37.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703323/; classtype:trojan-activity;sid:84566423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703322)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5209749284/osexxbw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703322/; classtype:trojan-activity;sid:84566422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.255.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703321/; classtype:trojan-activity;sid:84566421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.7.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703320/; classtype:trojan-activity;sid:84566420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.232.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703319/; classtype:trojan-activity;sid:84566419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.12.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703318/; classtype:trojan-activity;sid:84566418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.72.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703317/; classtype:trojan-activity;sid:84566417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.55.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703316/; classtype:trojan-activity;sid:84566416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703315)"; flow:established,from_client; content:"GET"; http_method; content:"/02mkm20u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"shift2.glitchpact.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703315/; classtype:trojan-activity;sid:84566415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.7.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703313/; classtype:trojan-activity;sid:84566413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.255.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703314/; classtype:trojan-activity;sid:84566414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.108.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703312/; classtype:trojan-activity;sid:84566412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.224.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703311/; classtype:trojan-activity;sid:84566411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703310)"; flow:established,from_client; content:"GET"; http_method; content:"/nl436okc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yq2z.fluxcrate.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703310/; classtype:trojan-activity;sid:84566410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.143.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703309/; classtype:trojan-activity;sid:84566409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703308/; classtype:trojan-activity;sid:84566408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.200.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703307/; classtype:trojan-activity;sid:84566407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703306)"; flow:established,from_client; content:"GET"; http_method; content:"/rq1ksnz8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ock.turbotap.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703306/; classtype:trojan-activity;sid:84566406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.247.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703305/; classtype:trojan-activity;sid:84566405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703304)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/xth5pi9.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703304/; classtype:trojan-activity;sid:84566404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.81.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703303/; classtype:trojan-activity;sid:84566403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703302/; classtype:trojan-activity;sid:84566402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.143.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703301/; classtype:trojan-activity;sid:84566401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703300)"; flow:established,from_client; content:"GET"; http_method; content:"/uzx5hfob"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"73k03.turbotap.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703300/; classtype:trojan-activity;sid:84566400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.173.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703299/; classtype:trojan-activity;sid:84566399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703296)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703296/; classtype:trojan-activity;sid:84566396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703297)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703297/; classtype:trojan-activity;sid:84566397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703298)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703298/; classtype:trojan-activity;sid:84566398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703289)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703289/; classtype:trojan-activity;sid:84566389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703290)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703290/; classtype:trojan-activity;sid:84566390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703291)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703291/; classtype:trojan-activity;sid:84566391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703292)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703292/; classtype:trojan-activity;sid:84566392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703293)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703293/; classtype:trojan-activity;sid:84566393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703294)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703294/; classtype:trojan-activity;sid:84566394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703295)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703295/; classtype:trojan-activity;sid:84566395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.81.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703288/; classtype:trojan-activity;sid:84566388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703286)"; flow:established,from_client; content:"GET"; http_method; content:"/br3dv2yp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7ws9g.turbotap.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703286/; classtype:trojan-activity;sid:84566386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.247.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703287/; classtype:trojan-activity;sid:84566387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703285/; classtype:trojan-activity;sid:84566385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.200.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703284/; classtype:trojan-activity;sid:84566384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.232.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703283/; classtype:trojan-activity;sid:84566383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.41.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703282/; classtype:trojan-activity;sid:84566382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.173.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703281/; classtype:trojan-activity;sid:84566381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.107.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703280/; classtype:trojan-activity;sid:84566380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.89.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703279/; classtype:trojan-activity;sid:84566379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.92.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703278/; classtype:trojan-activity;sid:84566378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703274)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"79.133.51.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703274/; classtype:trojan-activity;sid:84566374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703275)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.133.51.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703275/; classtype:trojan-activity;sid:84566375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703276)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.133.51.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703276/; classtype:trojan-activity;sid:84566376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703277)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.133.51.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703277/; classtype:trojan-activity;sid:84566377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703273)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"byspotikfy.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703273/; classtype:trojan-activity;sid:84566373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703272)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"79.133.51.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703272/; classtype:trojan-activity;sid:84566372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.161.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703271/; classtype:trojan-activity;sid:84566371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.44.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703269/; classtype:trojan-activity;sid:84566369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.190.188.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703270/; classtype:trojan-activity;sid:84566370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703262)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"79.133.51.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703262/; classtype:trojan-activity;sid:84566362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703263)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"79.133.51.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703263/; classtype:trojan-activity;sid:84566363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703264)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"79.133.51.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703264/; classtype:trojan-activity;sid:84566364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.238.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703265/; classtype:trojan-activity;sid:84566365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703266)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.133.51.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703266/; classtype:trojan-activity;sid:84566366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.195.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703267/; classtype:trojan-activity;sid:84566367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703268)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"79.133.51.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703268/; classtype:trojan-activity;sid:84566368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703261)"; flow:established,from_client; content:"GET"; http_method; content:"/lexer.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"howelllanddevelopment.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703261/; classtype:trojan-activity;sid:84566361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703260)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/bof.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"byspotikfy.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703260/; classtype:trojan-activity;sid:84566360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.143.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703256/; classtype:trojan-activity;sid:84566356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.217.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703257/; classtype:trojan-activity;sid:84566357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.194.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703258/; classtype:trojan-activity;sid:84566358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.43.86.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703259/; classtype:trojan-activity;sid:84566359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.249.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703253/; classtype:trojan-activity;sid:84566353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.79.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703254/; classtype:trojan-activity;sid:84566354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.206.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703255/; classtype:trojan-activity;sid:84566355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703252)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.247.143.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703252/; classtype:trojan-activity;sid:84566352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.130.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703251/; classtype:trojan-activity;sid:84566351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.68.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703250/; classtype:trojan-activity;sid:84566350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703249)"; flow:established,from_client; content:"GET"; http_method; content:"/4jckix3x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"orbit2.turbo-tap.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703249/; classtype:trojan-activity;sid:84566349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.51.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703248/; classtype:trojan-activity;sid:84566348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703247)"; flow:established,from_client; content:"GET"; http_method; content:"/knockknock/monkeyfucker"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.59.138.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703247/; classtype:trojan-activity;sid:84566347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703246)"; flow:established,from_client; content:"GET"; http_method; content:"/o2lksum6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"forge9.codecog.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703246/; classtype:trojan-activity;sid:84566346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.3.66"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703245/; classtype:trojan-activity;sid:84566345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.68.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703244/; classtype:trojan-activity;sid:84566344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.47.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703243/; classtype:trojan-activity;sid:84566343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.94.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703242/; classtype:trojan-activity;sid:84566342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.79.85.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703241/; classtype:trojan-activity;sid:84566341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.79.85.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703240/; classtype:trojan-activity;sid:84566340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.20.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703239/; classtype:trojan-activity;sid:84566339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.55.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703238/; classtype:trojan-activity;sid:84566338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.196.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703237/; classtype:trojan-activity;sid:84566337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.97.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703236/; classtype:trojan-activity;sid:84566336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.4.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703234/; classtype:trojan-activity;sid:84566334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.181.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703235/; classtype:trojan-activity;sid:84566335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703233)"; flow:established,from_client; content:"GET"; http_method; content:"/65dgba4t"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"phase7.zimloop.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703233/; classtype:trojan-activity;sid:84566333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.153.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703232/; classtype:trojan-activity;sid:84566332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.20.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703231/; classtype:trojan-activity;sid:84566331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.113.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703230/; classtype:trojan-activity;sid:84566330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.235.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703229/; classtype:trojan-activity;sid:84566329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.15.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703228/; classtype:trojan-activity;sid:84566328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.97.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703227/; classtype:trojan-activity;sid:84566327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.4.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703226/; classtype:trojan-activity;sid:84566326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.219.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703224/; classtype:trojan-activity;sid:84566324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.153.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703225/; classtype:trojan-activity;sid:84566325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.181.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703223/; classtype:trojan-activity;sid:84566323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703222)"; flow:established,from_client; content:"GET"; http_method; content:"/1z4bxa9p"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jet.zimloop.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703222/; classtype:trojan-activity;sid:84566322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703221)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/iomizzo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703221/; classtype:trojan-activity;sid:84566321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.57.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703220/; classtype:trojan-activity;sid:84566320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703219)"; flow:established,from_client; content:"GET"; http_method; content:"/4s8ksvck"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"490.halfquark.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703219/; classtype:trojan-activity;sid:84566319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.234.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703218/; classtype:trojan-activity;sid:84566318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.118.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703216/; classtype:trojan-activity;sid:84566316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.60.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703217/; classtype:trojan-activity;sid:84566317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.34.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703215/; classtype:trojan-activity;sid:84566315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.219.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703214/; classtype:trojan-activity;sid:84566314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.15.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703213/; classtype:trojan-activity;sid:84566313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703212)"; flow:established,from_client; content:"GET"; http_method; content:"/npl6lxkn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8o6.halfquark.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703212/; classtype:trojan-activity;sid:84566312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703211)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8079848160/6p9fknt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703211/; classtype:trojan-activity;sid:84566311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.19.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703210/; classtype:trojan-activity;sid:84566310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.31.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703209/; classtype:trojan-activity;sid:84566309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703208)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/rsbe3bf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703208/; classtype:trojan-activity;sid:84566308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.57.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703207/; classtype:trojan-activity;sid:84566307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.113.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703203/; classtype:trojan-activity;sid:84566303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.50.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703204/; classtype:trojan-activity;sid:84566304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.220.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703205/; classtype:trojan-activity;sid:84566305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.125.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703206/; classtype:trojan-activity;sid:84566306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703202)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.177.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703202/; classtype:trojan-activity;sid:84566302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703201)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.177.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703201/; classtype:trojan-activity;sid:84566301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.203.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703195/; classtype:trojan-activity;sid:84566295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.194.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703196/; classtype:trojan-activity;sid:84566296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703197/; classtype:trojan-activity;sid:84566297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.40.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703198/; classtype:trojan-activity;sid:84566298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.118.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703199/; classtype:trojan-activity;sid:84566299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.197.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703200/; classtype:trojan-activity;sid:84566300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703194)"; flow:established,from_client; content:"GET"; http_method; content:"/rjggrjjt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"loom.acidwrench.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703194/; classtype:trojan-activity;sid:84566294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703193)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.202.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703193/; classtype:trojan-activity;sid:84566293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703192)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/yo7t8g9.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703192/; classtype:trojan-activity;sid:84566292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.125.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703189/; classtype:trojan-activity;sid:84566289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.203.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703190/; classtype:trojan-activity;sid:84566290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.159.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703191/; classtype:trojan-activity;sid:84566291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703188)"; flow:established,from_client; content:"GET"; http_method; content:"/eginm4.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gi09mn3d.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703188/; classtype:trojan-activity;sid:84566288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703187)"; flow:established,from_client; content:"GET"; http_method; content:"/l04hr3l6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"n7y.drift-meadow.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703187/; classtype:trojan-activity;sid:84566287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703185)"; flow:established,from_client; content:"GET"; http_method; content:"/fmeo.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tpauser9be.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703185/; classtype:trojan-activity;sid:84566285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703186)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8079848160/s8h9o25.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703186/; classtype:trojan-activity;sid:84566286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703184)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.14.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703184/; classtype:trojan-activity;sid:84566284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703182)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.88.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703182/; classtype:trojan-activity;sid:84566282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703183)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.88.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703183/; classtype:trojan-activity;sid:84566283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703181)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703181/; classtype:trojan-activity;sid:84566281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703180)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703180/; classtype:trojan-activity;sid:84566280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703179)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.125.134.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703179/; classtype:trojan-activity;sid:84566279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703177)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.55.3.72"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703177/; classtype:trojan-activity;sid:84566277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703178)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703178/; classtype:trojan-activity;sid:84566278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703176)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703176/; classtype:trojan-activity;sid:84566276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703175)"; flow:established,from_client; content:"GET"; http_method; content:"/prodimg/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703175/; classtype:trojan-activity;sid:84566275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703174)"; flow:established,from_client; content:"GET"; http_method; content:"/application%20files/lockerno_1_0_0_11/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703174/; classtype:trojan-activity;sid:84566274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703171)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703171/; classtype:trojan-activity;sid:84566271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703172)"; flow:established,from_client; content:"GET"; http_method; content:"/docimg/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703172/; classtype:trojan-activity;sid:84566272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703173)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.211.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703173/; classtype:trojan-activity;sid:84566273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.253.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703170/; classtype:trojan-activity;sid:84566270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703168)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.85.177.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703168/; classtype:trojan-activity;sid:84566268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703169)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.177.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703169/; classtype:trojan-activity;sid:84566269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703166)"; flow:established,from_client; content:"GET"; http_method; content:"/prodimg/exportimages_42425_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703166/; classtype:trojan-activity;sid:84566266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703167)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102124_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703167/; classtype:trojan-activity;sid:84566267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703163)"; flow:established,from_client; content:"GET"; http_method; content:"/prodimg/exportimages_42425_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703163/; classtype:trojan-activity;sid:84566263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703164)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10124_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703164/; classtype:trojan-activity;sid:84566264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703165)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703165/; classtype:trojan-activity;sid:84566265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703162)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.211.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703162/; classtype:trojan-activity;sid:84566262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703161)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703161/; classtype:trojan-activity;sid:84566261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.235.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703160/; classtype:trojan-activity;sid:84566260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.152.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703159/; classtype:trojan-activity;sid:84566259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.113.53.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703158/; classtype:trojan-activity;sid:84566258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.51.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703157/; classtype:trojan-activity;sid:84566257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.87.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703156/; classtype:trojan-activity;sid:84566256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.90.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703155/; classtype:trojan-activity;sid:84566255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.220.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703154/; classtype:trojan-activity;sid:84566254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.113.53.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703153/; classtype:trojan-activity;sid:84566253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.236.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703152/; classtype:trojan-activity;sid:84566252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.170.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703151/; classtype:trojan-activity;sid:84566251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703150)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7516825766/tmc5qbu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703150/; classtype:trojan-activity;sid:84566250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.87.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703149/; classtype:trojan-activity;sid:84566249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.3.66"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703148/; classtype:trojan-activity;sid:84566248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703147)"; flow:established,from_client; content:"GET"; http_method; content:"/gl1m3fb9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r4t.storm-ripple.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703147/; classtype:trojan-activity;sid:84566247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.236.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703146/; classtype:trojan-activity;sid:84566246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.170.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703145/; classtype:trojan-activity;sid:84566245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.215.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703144/; classtype:trojan-activity;sid:84566244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.78.51.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703143/; classtype:trojan-activity;sid:84566243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.68.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703142/; classtype:trojan-activity;sid:84566242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.124.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703141/; classtype:trojan-activity;sid:84566241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703140/; classtype:trojan-activity;sid:84566240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.118.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703139/; classtype:trojan-activity;sid:84566239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.215.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703138/; classtype:trojan-activity;sid:84566238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.124.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703137/; classtype:trojan-activity;sid:84566237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703136)"; flow:established,from_client; content:"GET"; http_method; content:"/i86t4lfl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s9p.driftmeadow.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703136/; classtype:trojan-activity;sid:84566236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.117.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703134/; classtype:trojan-activity;sid:84566234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.206.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703135/; classtype:trojan-activity;sid:84566235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.117.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703133/; classtype:trojan-activity;sid:84566233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.131.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703132/; classtype:trojan-activity;sid:84566232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.118.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703131/; classtype:trojan-activity;sid:84566231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703130)"; flow:established,from_client; content:"GET"; http_method; content:"/e0quvjqe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"meadow.driftmeadow.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703130/; classtype:trojan-activity;sid:84566230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.106.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703129/; classtype:trojan-activity;sid:84566229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.5.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703128/; classtype:trojan-activity;sid:84566228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.254.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703127/; classtype:trojan-activity;sid:84566227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703126)"; flow:established,from_client; content:"GET"; http_method; content:"/se84x7wr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"l0v.driftmeadow.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703126/; classtype:trojan-activity;sid:84566226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.152.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703125/; classtype:trojan-activity;sid:84566225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.111.131.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703124/; classtype:trojan-activity;sid:84566224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.215.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703123/; classtype:trojan-activity;sid:84566223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703121)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703121/; classtype:trojan-activity;sid:84566221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703122)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703122/; classtype:trojan-activity;sid:84566222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703120)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703120/; classtype:trojan-activity;sid:84566220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.108.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703119/; classtype:trojan-activity;sid:84566219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.9.247"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703118/; classtype:trojan-activity;sid:84566218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703117/; classtype:trojan-activity;sid:84566217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703116/; classtype:trojan-activity;sid:84566216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703115)"; flow:established,from_client; content:"GET"; http_method; content:"/mm83pctg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"h7x.glimmerstone.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703115/; classtype:trojan-activity;sid:84566215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.200.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703113/; classtype:trojan-activity;sid:84566213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.108.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703114/; classtype:trojan-activity;sid:84566214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.106.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703112/; classtype:trojan-activity;sid:84566212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.254.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703111/; classtype:trojan-activity;sid:84566211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.111.131.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703110/; classtype:trojan-activity;sid:84566210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.207.55.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703109/; classtype:trojan-activity;sid:84566209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.207.55.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703108/; classtype:trojan-activity;sid:84566208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703107)"; flow:established,from_client; content:"GET"; http_method; content:"/mw6y87fw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"spark.glimmerstone.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703107/; classtype:trojan-activity;sid:84566207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.216.220.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703106/; classtype:trojan-activity;sid:84566206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.241.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703105/; classtype:trojan-activity;sid:84566205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.200.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703104/; classtype:trojan-activity;sid:84566204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.20.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703103/; classtype:trojan-activity;sid:84566203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703102)"; flow:established,from_client; content:"GET"; http_method; content:"/dsc6949t"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"g4v.glimmerstone.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703102/; classtype:trojan-activity;sid:84566202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.240.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703101/; classtype:trojan-activity;sid:84566201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.248.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703100/; classtype:trojan-activity;sid:84566200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.78.47.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703099/; classtype:trojan-activity;sid:84566199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703098)"; flow:established,from_client; content:"GET"; http_method; content:"/9fb7lx13"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dawn.emberfrontier.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703098/; classtype:trojan-activity;sid:84566198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.139.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703097/; classtype:trojan-activity;sid:84566197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703096)"; flow:established,from_client; content:"GET"; http_method; content:"/vzxyq571"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f8t.emberfrontier.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703096/; classtype:trojan-activity;sid:84566196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.216.220.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703095/; classtype:trojan-activity;sid:84566195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.30.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703094/; classtype:trojan-activity;sid:84566194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.214.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703093/; classtype:trojan-activity;sid:84566193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.23.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703092/; classtype:trojan-activity;sid:84566192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.106.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703091/; classtype:trojan-activity;sid:84566191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703090)"; flow:established,from_client; content:"GET"; http_method; content:"/vrbq3bas"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"q1r.emberfrontier.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703090/; classtype:trojan-activity;sid:84566190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.47.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703089/; classtype:trojan-activity;sid:84566189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.87.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703088/; classtype:trojan-activity;sid:84566188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.240.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703087/; classtype:trojan-activity;sid:84566187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.139.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703086/; classtype:trojan-activity;sid:84566186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703085)"; flow:established,from_client; content:"GET"; http_method; content:"/45yx5a0h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"h2p.rivermote.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703085/; classtype:trojan-activity;sid:84566185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.209.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703084/; classtype:trojan-activity;sid:84566184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.68.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703083/; classtype:trojan-activity;sid:84566183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.87.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703082/; classtype:trojan-activity;sid:84566182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.23.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703081/; classtype:trojan-activity;sid:84566181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703080)"; flow:established,from_client; content:"GET"; http_method; content:"/qvs5fvmk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"z8n2.st0nesurge.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703080/; classtype:trojan-activity;sid:84566180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.34.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703079/; classtype:trojan-activity;sid:84566179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.197.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703077/; classtype:trojan-activity;sid:84566177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703078/; classtype:trojan-activity;sid:84566178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703076)"; flow:established,from_client; content:"GET"; http_method; content:"/i3tdmasx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m5k.st0nesurge.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703076/; classtype:trojan-activity;sid:84566176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.89.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703075/; classtype:trojan-activity;sid:84566175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.24.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703074/; classtype:trojan-activity;sid:84566174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703072/; classtype:trojan-activity;sid:84566172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.233.57.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703073/; classtype:trojan-activity;sid:84566173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.34.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703071/; classtype:trojan-activity;sid:84566171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703070/; classtype:trojan-activity;sid:84566170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.89.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703069/; classtype:trojan-activity;sid:84566169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.59.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703067/; classtype:trojan-activity;sid:84566167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.69.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703068/; classtype:trojan-activity;sid:84566168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703066/; classtype:trojan-activity;sid:84566166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.233.57.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703065/; classtype:trojan-activity;sid:84566165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.193.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703064/; classtype:trojan-activity;sid:84566164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703063)"; flow:established,from_client; content:"GET"; http_method; content:"/q6ng91as"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"v3n2.opal-hollow.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703063/; classtype:trojan-activity;sid:84566163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703062/; classtype:trojan-activity;sid:84566162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.228.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703061/; classtype:trojan-activity;sid:84566161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703060)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1738668553/0cvm53z.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703060/; classtype:trojan-activity;sid:84566160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703059)"; flow:established,from_client; content:"GET"; http_method; content:"/z4xq3k1i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"g8f.opal-hollow.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703059/; classtype:trojan-activity;sid:84566159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.97.180.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703058/; classtype:trojan-activity;sid:84566158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.254.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703057/; classtype:trojan-activity;sid:84566157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.246.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703056/; classtype:trojan-activity;sid:84566156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.12.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703055/; classtype:trojan-activity;sid:84566155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.59.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703054/; classtype:trojan-activity;sid:84566154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.65.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703053/; classtype:trojan-activity;sid:84566153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.227.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703052/; classtype:trojan-activity;sid:84566152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.193.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703051/; classtype:trojan-activity;sid:84566151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.129.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703050/; classtype:trojan-activity;sid:84566150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.204.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703049/; classtype:trojan-activity;sid:84566149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703048)"; flow:established,from_client; content:"GET"; http_method; content:"/fbkl01ei"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sun.drift-bay.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703048/; classtype:trojan-activity;sid:84566148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703047)"; flow:established,from_client; content:"GET"; http_method; content:"/e893jt.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"39gnmg493.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703047/; classtype:trojan-activity;sid:84566147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.90.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703045/; classtype:trojan-activity;sid:84566145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.97.180.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703046/; classtype:trojan-activity;sid:84566146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703044)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.192.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703044/; classtype:trojan-activity;sid:84566144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703043)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.37.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703043/; classtype:trojan-activity;sid:84566143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703042)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.188.34.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703042/; classtype:trojan-activity;sid:84566142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703041)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.193.69.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703041/; classtype:trojan-activity;sid:84566141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.65.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703040/; classtype:trojan-activity;sid:84566140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.178.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703039/; classtype:trojan-activity;sid:84566139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.227.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703038/; classtype:trojan-activity;sid:84566138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703037)"; flow:established,from_client; content:"GET"; http_method; content:"/bcvv.wav"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.243.18.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703037/; classtype:trojan-activity;sid:84566137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.204.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703036/; classtype:trojan-activity;sid:84566136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703035)"; flow:established,from_client; content:"GET"; http_method; content:"/rosl1011"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fh.zap-kinetic.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703035/; classtype:trojan-activity;sid:84566135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.180.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703033/; classtype:trojan-activity;sid:84566133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.143.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703034/; classtype:trojan-activity;sid:84566134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703032)"; flow:established,from_client; content:"GET"; http_method; content:"/riddlhos"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"iqht.zap-kinetic.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703032/; classtype:trojan-activity;sid:84566132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.192.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703031/; classtype:trojan-activity;sid:84566131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703030/; classtype:trojan-activity;sid:84566130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.5.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703029/; classtype:trojan-activity;sid:84566129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.3.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703028/; classtype:trojan-activity;sid:84566128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.243.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703027/; classtype:trojan-activity;sid:84566127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.59.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703026/; classtype:trojan-activity;sid:84566126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.70.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703025/; classtype:trojan-activity;sid:84566125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703023)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/inspecterrorimage/av.scr"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703023/; classtype:trojan-activity;sid:84566123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703024)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201612/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703024/; classtype:trojan-activity;sid:84566124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703022)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201705/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703022/; classtype:trojan-activity;sid:84566122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703021)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201811/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703021/; classtype:trojan-activity;sid:84566121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703018)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/03/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703018/; classtype:trojan-activity;sid:84566118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703019)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201903/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703019/; classtype:trojan-activity;sid:84566119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703020)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201906/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703020/; classtype:trojan-activity;sid:84566120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703013)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201801/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703013/; classtype:trojan-activity;sid:84566113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703014)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202009/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703014/; classtype:trojan-activity;sid:84566114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703015)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201803/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703015/; classtype:trojan-activity;sid:84566115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703016)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202202/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703016/; classtype:trojan-activity;sid:84566116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703017)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/equipimage/photo.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703017/; classtype:trojan-activity;sid:84566117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.178.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703012/; classtype:trojan-activity;sid:84566112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703011)"; flow:established,from_client; content:"GET"; http_method; content:"/curl/79fbe2e4cccedda99204eeeeab1f4cb93ff81c1d08f2f28dfb1db80c187e1d43"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"nordmest.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703011/; classtype:trojan-activity;sid:84566111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703009)"; flow:established,from_client; content:"GET"; http_method; content:"/efm3.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gmg94g93m.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703009/; classtype:trojan-activity;sid:84566109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703010)"; flow:established,from_client; content:"GET"; http_method; content:"/439gm.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"rig31ebc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703010/; classtype:trojan-activity;sid:84566110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.235.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703008/; classtype:trojan-activity;sid:84566108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703007/; classtype:trojan-activity;sid:84566107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.62.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703005/; classtype:trojan-activity;sid:84566105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.59.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703006/; classtype:trojan-activity;sid:84566106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.143.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703004/; classtype:trojan-activity;sid:84566104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703003)"; flow:established,from_client; content:"GET"; http_method; content:"/ir8928e5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y3a81.gyrodesk.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703003/; classtype:trojan-activity;sid:84566103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703002)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703002/; classtype:trojan-activity;sid:84566102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.179.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703001/; classtype:trojan-activity;sid:84566101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703000)"; flow:established,from_client; content:"GET"; http_method; content:"/ee28hr6x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"core.gyrodesk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703000/; classtype:trojan-activity;sid:84566100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.80.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702999/; classtype:trojan-activity;sid:84566099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.192.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702998/; classtype:trojan-activity;sid:84566098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702997/; classtype:trojan-activity;sid:84566097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702992)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm5"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702992/; classtype:trojan-activity;sid:84566092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702993)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.x86_64"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702993/; classtype:trojan-activity;sid:84566093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702994)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.x86"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702994/; classtype:trojan-activity;sid:84566094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702995)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702995/; classtype:trojan-activity;sid:84566095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702996)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702996/; classtype:trojan-activity;sid:84566096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702983)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.i686"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702983/; classtype:trojan-activity;sid:84566083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702984)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm6"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702984/; classtype:trojan-activity;sid:84566084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702985)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702985/; classtype:trojan-activity;sid:84566085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702986)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.spc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702986/; classtype:trojan-activity;sid:84566086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702987)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.m68k"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702987/; classtype:trojan-activity;sid:84566087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702988)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.sh4"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702988/; classtype:trojan-activity;sid:84566088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702989)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm7"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702989/; classtype:trojan-activity;sid:84566089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702990)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.ppc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702990/; classtype:trojan-activity;sid:84566090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702991)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.mpsl"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702991/; classtype:trojan-activity;sid:84566091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702982/; classtype:trojan-activity;sid:84566082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702981)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.i468"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"load.windy.wtf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702981/; classtype:trojan-activity;sid:84566081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702980)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702980/; classtype:trojan-activity;sid:84566080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702979)"; flow:established,from_client; content:"GET"; http_method; content:"/aeytwjeu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r54v.qu1rkfuse.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702979/; classtype:trojan-activity;sid:84566079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702978)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.213.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702978/; classtype:trojan-activity;sid:84566078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702977)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.187.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702977/; classtype:trojan-activity;sid:84566077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702976)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.130.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702976/; classtype:trojan-activity;sid:84566076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702975)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.187.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702975/; classtype:trojan-activity;sid:84566075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702974)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.28.133.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702974/; classtype:trojan-activity;sid:84566074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702973)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702973/; classtype:trojan-activity;sid:84566073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702972)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.140.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702972/; classtype:trojan-activity;sid:84566072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702970)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.140.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702970/; classtype:trojan-activity;sid:84566070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702971)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.34.86.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702971/; classtype:trojan-activity;sid:84566071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702969)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.133.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702969/; classtype:trojan-activity;sid:84566069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702968)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.34.86.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702968/; classtype:trojan-activity;sid:84566068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702966)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.130.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702966/; classtype:trojan-activity;sid:84566066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702967)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702967/; classtype:trojan-activity;sid:84566067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702962)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.213.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702962/; classtype:trojan-activity;sid:84566062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702963)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.133.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702963/; classtype:trojan-activity;sid:84566063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702964)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.178.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702964/; classtype:trojan-activity;sid:84566064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702965)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.213.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702965/; classtype:trojan-activity;sid:84566065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702961)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.66.121.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702961/; classtype:trojan-activity;sid:84566061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702960)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.152.55.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702960/; classtype:trojan-activity;sid:84566060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702959)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.213.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702959/; classtype:trojan-activity;sid:84566059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702958)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702958/; classtype:trojan-activity;sid:84566058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702957)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.202.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702957/; classtype:trojan-activity;sid:84566057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702956)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.28.133.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702956/; classtype:trojan-activity;sid:84566056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702954)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702954/; classtype:trojan-activity;sid:84566054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702955)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.178.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702955/; classtype:trojan-activity;sid:84566055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702953)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.34.86.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702953/; classtype:trojan-activity;sid:84566053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702951)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.178.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702951/; classtype:trojan-activity;sid:84566051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702952)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/apk/app.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"starlink-br.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702952/; classtype:trojan-activity;sid:84566052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702950)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.152.55.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702950/; classtype:trojan-activity;sid:84566050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702949)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.66.121.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702949/; classtype:trojan-activity;sid:84566049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702944)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.213.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702944/; classtype:trojan-activity;sid:84566044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702945)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.178.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702945/; classtype:trojan-activity;sid:84566045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702946)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"189.152.55.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702946/; classtype:trojan-activity;sid:84566046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702947)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.20.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702947/; classtype:trojan-activity;sid:84566047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702948)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.20.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702948/; classtype:trojan-activity;sid:84566048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702942)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.34.86.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702942/; classtype:trojan-activity;sid:84566042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702943)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.110.187.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702943/; classtype:trojan-activity;sid:84566043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702937)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.152.55.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702937/; classtype:trojan-activity;sid:84566037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702938)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.240.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702938/; classtype:trojan-activity;sid:84566038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702939)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.178.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702939/; classtype:trojan-activity;sid:84566039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702940)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.174.56.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702940/; classtype:trojan-activity;sid:84566040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702941)"; flow:established,from_client; content:"GET"; http_method; content:"/tv-garden_ver_12.03.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tv-garden-new5.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702941/; classtype:trojan-activity;sid:84566041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702936)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.240.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702936/; classtype:trojan-activity;sid:84566036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702935)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.239.181.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702935/; classtype:trojan-activity;sid:84566035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702932)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.85.240.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702932/; classtype:trojan-activity;sid:84566032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702933)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.66.121.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702933/; classtype:trojan-activity;sid:84566033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702934)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.240.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702934/; classtype:trojan-activity;sid:84566034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702927)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.152.55.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702927/; classtype:trojan-activity;sid:84566027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702928)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.66.121.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702928/; classtype:trojan-activity;sid:84566028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702929)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.66.121.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702929/; classtype:trojan-activity;sid:84566029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702930)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.66.121.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702930/; classtype:trojan-activity;sid:84566030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702931)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.240.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702931/; classtype:trojan-activity;sid:84566031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702926)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.218.213.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702926/; classtype:trojan-activity;sid:84566026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702925)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.178.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702925/; classtype:trojan-activity;sid:84566025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702924)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sdgsfdsefrbg.sbs"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702924/; classtype:trojan-activity;sid:84566024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702922)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.28.133.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702922/; classtype:trojan-activity;sid:84566022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702923)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.213.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702923/; classtype:trojan-activity;sid:84566023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702921)"; flow:established,from_client; content:"GET"; http_method; content:"/m/downloads/slot798.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cameraaction.site"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702921/; classtype:trojan-activity;sid:84566021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702915)"; flow:established,from_client; content:"GET"; http_method; content:"/m/downloads/starjoker88.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"starjoker88wing.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702915/; classtype:trojan-activity;sid:84566015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702916)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"goolges-tikitok.sbs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702916/; classtype:trojan-activity;sid:84566016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702917)"; flow:established,from_client; content:"GET"; http_method; content:"/bbwc/exewcsetup-1.0.0.msi"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"d1z0mfyqx7ypd2.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702917/; classtype:trojan-activity;sid:84566017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702918)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/gerbangslot777.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"rtpvip.site"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702918/; classtype:trojan-activity;sid:84566018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702919)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.133.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702919/; classtype:trojan-activity;sid:84566019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702920)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.186.236.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702920/; classtype:trojan-activity;sid:84566020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702914)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702914/; classtype:trojan-activity;sid:84566014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702907)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.178.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702907/; classtype:trojan-activity;sid:84566007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702908)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.34.86.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702908/; classtype:trojan-activity;sid:84566008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702909)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.34.86.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702909/; classtype:trojan-activity;sid:84566009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702910)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.34.86.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702910/; classtype:trojan-activity;sid:84566010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702911)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.152.55.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702911/; classtype:trojan-activity;sid:84566011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702912)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.133.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702912/; classtype:trojan-activity;sid:84566012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702913)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.152.55.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702913/; classtype:trojan-activity;sid:84566013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702905)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702905/; classtype:trojan-activity;sid:84566005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702906)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702906/; classtype:trojan-activity;sid:84566006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702904)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.188.34.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702904/; classtype:trojan-activity;sid:84566004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702902)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.85.255.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702902/; classtype:trojan-activity;sid:84566002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702903)"; flow:established,from_client; content:"GET"; http_method; content:"/tv-garden_ver_12.03.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tv-garden-new1.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702903/; classtype:trojan-activity;sid:84566003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702901)"; flow:established,from_client; content:"GET"; http_method; content:"/3389.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46603.cc"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702901/; classtype:trojan-activity;sid:84566001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702900)"; flow:established,from_client; content:"GET"; http_method; content:"/api/microsoft/update/ff4f4b5dabe53a.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"45.159.189.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702900/; classtype:trojan-activity;sid:84566000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702895)"; flow:established,from_client; content:"GET"; http_method; content:"/439gm.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"rig31ebm.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702895/; classtype:trojan-activity;sid:84565995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702896)"; flow:established,from_client; content:"GET"; http_method; content:"/439gm.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"rigm1egm.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702896/; classtype:trojan-activity;sid:84565996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702897)"; flow:established,from_client; content:"GET"; http_method; content:"/files/987381849/tfdwnlq.msi"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702897/; classtype:trojan-activity;sid:84565997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702898)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/xjlnfcv.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702898/; classtype:trojan-activity;sid:84565998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702899)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1750395237/qazkpvr.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702899/; classtype:trojan-activity;sid:84565999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.62.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702894/; classtype:trojan-activity;sid:84565994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.110.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702893/; classtype:trojan-activity;sid:84565993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.91.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702892/; classtype:trojan-activity;sid:84565992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.179.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702890/; classtype:trojan-activity;sid:84565990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.80.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702891/; classtype:trojan-activity;sid:84565991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.173.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702889/; classtype:trojan-activity;sid:84565989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702888)"; flow:established,from_client; content:"GET"; http_method; content:"/t9wwqrun"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"137z.qu1rkfuse.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702888/; classtype:trojan-activity;sid:84565988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702887/; classtype:trojan-activity;sid:84565987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.120.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702886/; classtype:trojan-activity;sid:84565986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702885)"; flow:established,from_client; content:"GET"; http_method; content:"/j96gus1i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"blink.v1b3forge.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702885/; classtype:trojan-activity;sid:84565985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.174.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702884/; classtype:trojan-activity;sid:84565984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.198.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702883/; classtype:trojan-activity;sid:84565983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.198.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702882/; classtype:trojan-activity;sid:84565982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702881)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702881/; classtype:trojan-activity;sid:84565981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.100.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702880/; classtype:trojan-activity;sid:84565980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.66.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702879/; classtype:trojan-activity;sid:84565979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.203.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702878/; classtype:trojan-activity;sid:84565978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.120.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702877/; classtype:trojan-activity;sid:84565977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.57.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702876/; classtype:trojan-activity;sid:84565976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.33.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702875/; classtype:trojan-activity;sid:84565975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702874)"; flow:established,from_client; content:"GET"; http_method; content:"/oyam6dfe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vbq6.v1b3forge.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702874/; classtype:trojan-activity;sid:84565974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702873)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5159081591/eisiif4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702873/; classtype:trojan-activity;sid:84565973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.198.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702872/; classtype:trojan-activity;sid:84565972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702871)"; flow:established,from_client; content:"GET"; http_method; content:"/8xcdoa4h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f9r.v0rt3xlab.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702871/; classtype:trojan-activity;sid:84565971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.6.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702870/; classtype:trojan-activity;sid:84565970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.61.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702869/; classtype:trojan-activity;sid:84565969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.34.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702866/; classtype:trojan-activity;sid:84565966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.146.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702867/; classtype:trojan-activity;sid:84565967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.146.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702868/; classtype:trojan-activity;sid:84565968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.96.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702861/; classtype:trojan-activity;sid:84565961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.110.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702862/; classtype:trojan-activity;sid:84565962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702863/; classtype:trojan-activity;sid:84565963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.174.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702864/; classtype:trojan-activity;sid:84565964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.134.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702865/; classtype:trojan-activity;sid:84565965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.226.192.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702860/; classtype:trojan-activity;sid:84565960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.13.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702859/; classtype:trojan-activity;sid:84565959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.183.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702856/; classtype:trojan-activity;sid:84565956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.12.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702857/; classtype:trojan-activity;sid:84565957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.155.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702858/; classtype:trojan-activity;sid:84565958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.212.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702854/; classtype:trojan-activity;sid:84565954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.206.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702855/; classtype:trojan-activity;sid:84565955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702853/; classtype:trojan-activity;sid:84565953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.57.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702852/; classtype:trojan-activity;sid:84565952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.180.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702850/; classtype:trojan-activity;sid:84565950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702851/; classtype:trojan-activity;sid:84565951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.133.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702849/; classtype:trojan-activity;sid:84565949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.46.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702848/; classtype:trojan-activity;sid:84565948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.243.12.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702847/; classtype:trojan-activity;sid:84565947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702846)"; flow:established,from_client; content:"GET"; http_method; content:"/opn9alvc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2n6w.v0rt3xlab.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702846/; classtype:trojan-activity;sid:84565946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.168.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702845/; classtype:trojan-activity;sid:84565945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.40.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702844/; classtype:trojan-activity;sid:84565944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702843)"; flow:established,from_client; content:"GET"; http_method; content:"/gemamj1p"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4ym.gyro-desk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702843/; classtype:trojan-activity;sid:84565943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.163.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702842/; classtype:trojan-activity;sid:84565942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.20.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702841/; classtype:trojan-activity;sid:84565941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.18.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702840/; classtype:trojan-activity;sid:84565940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.176.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702839/; classtype:trojan-activity;sid:84565939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702838)"; flow:established,from_client; content:"GET"; http_method; content:"/9ne258up"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ignite.gyro-desk.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702838/; classtype:trojan-activity;sid:84565938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.243.12.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702837/; classtype:trojan-activity;sid:84565937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.212.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702836/; classtype:trojan-activity;sid:84565936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.150.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702835/; classtype:trojan-activity;sid:84565935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.20.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702834/; classtype:trojan-activity;sid:84565934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.40.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702833/; classtype:trojan-activity;sid:84565933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.157.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702832/; classtype:trojan-activity;sid:84565932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.150.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702830/; classtype:trojan-activity;sid:84565930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.223.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702831/; classtype:trojan-activity;sid:84565931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.18.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702829/; classtype:trojan-activity;sid:84565929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.176.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702828/; classtype:trojan-activity;sid:84565928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702827)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/hpxwspq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702827/; classtype:trojan-activity;sid:84565927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.82.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702826/; classtype:trojan-activity;sid:84565926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.224.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702825/; classtype:trojan-activity;sid:84565925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.61.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702824/; classtype:trojan-activity;sid:84565924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702823)"; flow:established,from_client; content:"GET"; http_method; content:"/7r1ih44k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zs.b1tcrush.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702823/; classtype:trojan-activity;sid:84565923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702822/; classtype:trojan-activity;sid:84565922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.157.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702821/; classtype:trojan-activity;sid:84565921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702820/; classtype:trojan-activity;sid:84565920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.4.95"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702819/; classtype:trojan-activity;sid:84565919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.4.95"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702818/; classtype:trojan-activity;sid:84565918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.62.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702817/; classtype:trojan-activity;sid:84565917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.62.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702816/; classtype:trojan-activity;sid:84565916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702815)"; flow:established,from_client; content:"GET"; http_method; content:"/ecbpycw9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wkck4.b1tcrush.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702815/; classtype:trojan-activity;sid:84565915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702814)"; flow:established,from_client; content:"GET"; http_method; content:"/8gczr7k4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"6h7s.proxyjet.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702814/; classtype:trojan-activity;sid:84565914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.4.160"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702813/; classtype:trojan-activity;sid:84565913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.121.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702812/; classtype:trojan-activity;sid:84565912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702811/; classtype:trojan-activity;sid:84565911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.63.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702810/; classtype:trojan-activity;sid:84565910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.4.160"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702809/; classtype:trojan-activity;sid:84565909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.85.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702808/; classtype:trojan-activity;sid:84565908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.176.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702807/; classtype:trojan-activity;sid:84565907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.13.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702806/; classtype:trojan-activity;sid:84565906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.100.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702805/; classtype:trojan-activity;sid:84565905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.246.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702804/; classtype:trojan-activity;sid:84565904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.15.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702803/; classtype:trojan-activity;sid:84565903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702802)"; flow:established,from_client; content:"GET"; http_method; content:"/q9qs2ozp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5nyo.zap-kinetic.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702802/; classtype:trojan-activity;sid:84565902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.146.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702801/; classtype:trojan-activity;sid:84565901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.153.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702800/; classtype:trojan-activity;sid:84565900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.138.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702799/; classtype:trojan-activity;sid:84565899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.31.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702797/; classtype:trojan-activity;sid:84565897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.200.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702798/; classtype:trojan-activity;sid:84565898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.100.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702796/; classtype:trojan-activity;sid:84565896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702795/; classtype:trojan-activity;sid:84565895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.146.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702794/; classtype:trojan-activity;sid:84565894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702793/; classtype:trojan-activity;sid:84565893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.3.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702792/; classtype:trojan-activity;sid:84565892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702791/; classtype:trojan-activity;sid:84565891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.153.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702790/; classtype:trojan-activity;sid:84565890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.63.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702789/; classtype:trojan-activity;sid:84565889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702788/; classtype:trojan-activity;sid:84565888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.239.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702787/; classtype:trojan-activity;sid:84565887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.60.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702786/; classtype:trojan-activity;sid:84565886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702785/; classtype:trojan-activity;sid:84565885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.48.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702784/; classtype:trojan-activity;sid:84565884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702783)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8434554557/zibamzm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702783/; classtype:trojan-activity;sid:84565883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.60.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702782/; classtype:trojan-activity;sid:84565882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702781)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.246.41.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702781/; classtype:trojan-activity;sid:84565881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702780)"; flow:established,from_client; content:"GET"; http_method; content:"/jj2uxofm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mn.deltasync.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702780/; classtype:trojan-activity;sid:84565880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702779/; classtype:trojan-activity;sid:84565879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.213.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702778/; classtype:trojan-activity;sid:84565878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.48.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702777/; classtype:trojan-activity;sid:84565877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702776/; classtype:trojan-activity;sid:84565876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.27.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702775/; classtype:trojan-activity;sid:84565875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.226.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702774/; classtype:trojan-activity;sid:84565874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.62.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702773/; classtype:trojan-activity;sid:84565873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702770/; classtype:trojan-activity;sid:84565870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.121.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702771/; classtype:trojan-activity;sid:84565871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.15.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702772/; classtype:trojan-activity;sid:84565872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.213.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702769/; classtype:trojan-activity;sid:84565869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702768)"; flow:established,from_client; content:"GET"; http_method; content:"/p4h54t1y"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"p6b.plum-wav-ru.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702768/; classtype:trojan-activity;sid:84565868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.158.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702767/; classtype:trojan-activity;sid:84565867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.181.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702766/; classtype:trojan-activity;sid:84565866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.27.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702765/; classtype:trojan-activity;sid:84565865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702764)"; flow:established,from_client; content:"GET"; http_method; content:"/ds5s5rd0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vector.zapkinetic.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702764/; classtype:trojan-activity;sid:84565864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.35.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702763/; classtype:trojan-activity;sid:84565863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702762/; classtype:trojan-activity;sid:84565862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.102.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702761/; classtype:trojan-activity;sid:84565861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.187.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702759/; classtype:trojan-activity;sid:84565859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.230.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702760/; classtype:trojan-activity;sid:84565860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702758)"; flow:established,from_client; content:"GET"; http_method; content:"/rs6pylyf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"drift.brambleholt.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702758/; classtype:trojan-activity;sid:84565858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.145.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702757/; classtype:trojan-activity;sid:84565857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.181.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702756/; classtype:trojan-activity;sid:84565856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.33.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702755/; classtype:trojan-activity;sid:84565855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702754)"; flow:established,from_client; content:"GET"; http_method; content:"/wokdqybu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ircq.brambleholt.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702754/; classtype:trojan-activity;sid:84565854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.15.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702753/; classtype:trojan-activity;sid:84565853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.224.85.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702752/; classtype:trojan-activity;sid:84565852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.224.85.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702751/; classtype:trojan-activity;sid:84565851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.229.34.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702750/; classtype:trojan-activity;sid:84565850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.4.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702747/; classtype:trojan-activity;sid:84565847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.233.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702748/; classtype:trojan-activity;sid:84565848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702749/; classtype:trojan-activity;sid:84565849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702746)"; flow:established,from_client; content:"GET"; http_method; content:"/dersnotlari/02/sora.jpg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.notbak.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702746/; classtype:trojan-activity;sid:84565846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.224.85.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702745/; classtype:trojan-activity;sid:84565845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.242.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702744/; classtype:trojan-activity;sid:84565844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.61.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702741/; classtype:trojan-activity;sid:84565841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702742/; classtype:trojan-activity;sid:84565842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.10.90.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702743/; classtype:trojan-activity;sid:84565843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.59.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702740/; classtype:trojan-activity;sid:84565840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.43.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702739/; classtype:trojan-activity;sid:84565839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702738/; classtype:trojan-activity;sid:84565838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.47.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702737/; classtype:trojan-activity;sid:84565837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.93.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702736/; classtype:trojan-activity;sid:84565836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.83.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702735/; classtype:trojan-activity;sid:84565835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.145.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702734/; classtype:trojan-activity;sid:84565834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.162.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702733/; classtype:trojan-activity;sid:84565833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.184.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702732/; classtype:trojan-activity;sid:84565832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.80.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702730/; classtype:trojan-activity;sid:84565830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.9.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702731/; classtype:trojan-activity;sid:84565831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.47.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702729/; classtype:trojan-activity;sid:84565829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.234.246.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702728/; classtype:trojan-activity;sid:84565828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.83.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702727/; classtype:trojan-activity;sid:84565827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.135.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702726/; classtype:trojan-activity;sid:84565826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.80.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702725/; classtype:trojan-activity;sid:84565825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.156.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702724/; classtype:trojan-activity;sid:84565824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.146.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702723/; classtype:trojan-activity;sid:84565823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702722)"; flow:established,from_client; content:"GET"; http_method; content:"/45h4k8ov"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"brook.ember-glade.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702722/; classtype:trojan-activity;sid:84565822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.43.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702721/; classtype:trojan-activity;sid:84565821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.156.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702720/; classtype:trojan-activity;sid:84565820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.135.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702719/; classtype:trojan-activity;sid:84565819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.85.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702718/; classtype:trojan-activity;sid:84565818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702717)"; flow:established,from_client; content:"GET"; http_method; content:"/axr91gs3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"qpn.ember-glade.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702717/; classtype:trojan-activity;sid:84565817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702716/; classtype:trojan-activity;sid:84565816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.129.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702715/; classtype:trojan-activity;sid:84565815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.134.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702713/; classtype:trojan-activity;sid:84565813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.250.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702714/; classtype:trojan-activity;sid:84565814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702712)"; flow:established,from_client; content:"GET"; http_method; content:"/iq9ns7gn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dfh.g0ldenspire.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702712/; classtype:trojan-activity;sid:84565812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702711)"; flow:established,from_client; content:"GET"; http_method; content:"/h1jv3v5h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lhf.g0ldenspire.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702711/; classtype:trojan-activity;sid:84565811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.81.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702710/; classtype:trojan-activity;sid:84565810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.146.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702709/; classtype:trojan-activity;sid:84565809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.209.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702707/; classtype:trojan-activity;sid:84565807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.250.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702708/; classtype:trojan-activity;sid:84565808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702706)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702706/; classtype:trojan-activity;sid:84565806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.110.181.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702705/; classtype:trojan-activity;sid:84565805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.209.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702704/; classtype:trojan-activity;sid:84565804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.180.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702703/; classtype:trojan-activity;sid:84565803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.209.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702702/; classtype:trojan-activity;sid:84565802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.133.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702701/; classtype:trojan-activity;sid:84565801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.209.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702700/; classtype:trojan-activity;sid:84565800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.110.181.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702699/; classtype:trojan-activity;sid:84565799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.218.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702698/; classtype:trojan-activity;sid:84565798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702697/; classtype:trojan-activity;sid:84565797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.241.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702696/; classtype:trojan-activity;sid:84565796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.40.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702695/; classtype:trojan-activity;sid:84565795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.218.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702694/; classtype:trojan-activity;sid:84565794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.147.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702693/; classtype:trojan-activity;sid:84565793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.184.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702692/; classtype:trojan-activity;sid:84565792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.39.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702691/; classtype:trojan-activity;sid:84565791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.105.0.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702690/; classtype:trojan-activity;sid:84565790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.211.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702689/; classtype:trojan-activity;sid:84565789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.39.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702687/; classtype:trojan-activity;sid:84565787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.53.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702688/; classtype:trojan-activity;sid:84565788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.147.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702686/; classtype:trojan-activity;sid:84565786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.97.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702685/; classtype:trojan-activity;sid:84565785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.178.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702684/; classtype:trojan-activity;sid:84565784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.210.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702683/; classtype:trojan-activity;sid:84565783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.96.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702682/; classtype:trojan-activity;sid:84565782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.49.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702681/; classtype:trojan-activity;sid:84565781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.53.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702680/; classtype:trojan-activity;sid:84565780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.72.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702679/; classtype:trojan-activity;sid:84565779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.49.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702678/; classtype:trojan-activity;sid:84565778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.178.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702676/; classtype:trojan-activity;sid:84565776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.100.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702677/; classtype:trojan-activity;sid:84565777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.107.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702675/; classtype:trojan-activity;sid:84565775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.225.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702674/; classtype:trojan-activity;sid:84565774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.66.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702673/; classtype:trojan-activity;sid:84565773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.30.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702672/; classtype:trojan-activity;sid:84565772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.225.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702671/; classtype:trojan-activity;sid:84565771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.89.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702670/; classtype:trojan-activity;sid:84565770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.108.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702669/; classtype:trojan-activity;sid:84565769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.33.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702668/; classtype:trojan-activity;sid:84565768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.150.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702667/; classtype:trojan-activity;sid:84565767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702666)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck/monkeyfucker"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.59.138.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702666/; classtype:trojan-activity;sid:84565766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.100.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702665/; classtype:trojan-activity;sid:84565765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.182.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702664/; classtype:trojan-activity;sid:84565764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.33.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702663/; classtype:trojan-activity;sid:84565763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702661)"; flow:established,from_client; content:"GET"; http_method; content:"/njasduiasgdy16742et1g2byewqdxaw/nuklear.x86"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"74.208.166.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702661/; classtype:trojan-activity;sid:84565761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.30.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702662/; classtype:trojan-activity;sid:84565762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.90.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702660/; classtype:trojan-activity;sid:84565760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702659)"; flow:established,from_client; content:"GET"; http_method; content:"/justice.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"195.170.172.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702659/; classtype:trojan-activity;sid:84565759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.90.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702658/; classtype:trojan-activity;sid:84565758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.89.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702657/; classtype:trojan-activity;sid:84565757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.239.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702656/; classtype:trojan-activity;sid:84565756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.15.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702652/; classtype:trojan-activity;sid:84565752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.164.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702653/; classtype:trojan-activity;sid:84565753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.31.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702654/; classtype:trojan-activity;sid:84565754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.150.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702655/; classtype:trojan-activity;sid:84565755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.49.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702651/; classtype:trojan-activity;sid:84565751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.30.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702647/; classtype:trojan-activity;sid:84565747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.59.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702648/; classtype:trojan-activity;sid:84565748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.255.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702649/; classtype:trojan-activity;sid:84565749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.255.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702650/; classtype:trojan-activity;sid:84565750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.82.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702644/; classtype:trojan-activity;sid:84565744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.208.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702645/; classtype:trojan-activity;sid:84565745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.209.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702646/; classtype:trojan-activity;sid:84565746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.91.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702643/; classtype:trojan-activity;sid:84565743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702642/; classtype:trojan-activity;sid:84565742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.148.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702641/; classtype:trojan-activity;sid:84565741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.140.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702640/; classtype:trojan-activity;sid:84565740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.34.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702639/; classtype:trojan-activity;sid:84565739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.28.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702638/; classtype:trojan-activity;sid:84565738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.255.176.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702637/; classtype:trojan-activity;sid:84565737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702636/; classtype:trojan-activity;sid:84565736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702635/; classtype:trojan-activity;sid:84565735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.148.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702633/; classtype:trojan-activity;sid:84565733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.200.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702634/; classtype:trojan-activity;sid:84565734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702632)"; flow:established,from_client; content:"GET"; http_method; content:"/pgb4losc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f5.night-bloom.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702632/; classtype:trojan-activity;sid:84565732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.136.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702631/; classtype:trojan-activity;sid:84565731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.175.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702630/; classtype:trojan-activity;sid:84565730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.255.176.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702629/; classtype:trojan-activity;sid:84565729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702628)"; flow:established,from_client; content:"GET"; http_method; content:"/mr1gatmx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"glade.night-bloom.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702628/; classtype:trojan-activity;sid:84565728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.37.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702627/; classtype:trojan-activity;sid:84565727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.71.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702626/; classtype:trojan-activity;sid:84565726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.80.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702625/; classtype:trojan-activity;sid:84565725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702624)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6075866260/x9heezy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702624/; classtype:trojan-activity;sid:84565724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702623)"; flow:established,from_client; content:"GET"; http_method; content:"/9n75cpdd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0ti.night-bloom.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702623/; classtype:trojan-activity;sid:84565723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.133.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702622/; classtype:trojan-activity;sid:84565722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.75.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702621/; classtype:trojan-activity;sid:84565721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.175.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702620/; classtype:trojan-activity;sid:84565720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.130.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702619/; classtype:trojan-activity;sid:84565719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702618/; classtype:trojan-activity;sid:84565718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702617)"; flow:established,from_client; content:"GET"; http_method; content:"/bq81zw3d"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ember.sh4d0wmere.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702617/; classtype:trojan-activity;sid:84565717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.243.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702616/; classtype:trojan-activity;sid:84565716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.39.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702615/; classtype:trojan-activity;sid:84565715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.80.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702614/; classtype:trojan-activity;sid:84565714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.62.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702613/; classtype:trojan-activity;sid:84565713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702611)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"122.226.139.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702611/; classtype:trojan-activity;sid:84565711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.29.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702612/; classtype:trojan-activity;sid:84565712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702610)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.238.57.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702610/; classtype:trojan-activity;sid:84565710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702609)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.121.182.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702609/; classtype:trojan-activity;sid:84565709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.239.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702607/; classtype:trojan-activity;sid:84565707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702608)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.152.114.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702608/; classtype:trojan-activity;sid:84565708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.130.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702606/; classtype:trojan-activity;sid:84565706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.56.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702605/; classtype:trojan-activity;sid:84565705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.218.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702604/; classtype:trojan-activity;sid:84565704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.159.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702603/; classtype:trojan-activity;sid:84565703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702602)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_linux_arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.192.99.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702602/; classtype:trojan-activity;sid:84565702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702601)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_linux_arm64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.192.99.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702601/; classtype:trojan-activity;sid:84565701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702600)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_linux_386"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.192.99.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702600/; classtype:trojan-activity;sid:84565700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702599)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_linux_amd64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.192.99.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702599/; classtype:trojan-activity;sid:84565699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.39.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702598/; classtype:trojan-activity;sid:84565698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.172.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702597/; classtype:trojan-activity;sid:84565697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702595)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702595/; classtype:trojan-activity;sid:84565695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702596)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702596/; classtype:trojan-activity;sid:84565696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702594)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702594/; classtype:trojan-activity;sid:84565694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702593)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702593/; classtype:trojan-activity;sid:84565693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702592)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702592/; classtype:trojan-activity;sid:84565692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702591)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702591/; classtype:trojan-activity;sid:84565691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702587)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702587/; classtype:trojan-activity;sid:84565687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702588)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702588/; classtype:trojan-activity;sid:84565688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702589)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/spc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702589/; classtype:trojan-activity;sid:84565689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702590)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702590/; classtype:trojan-activity;sid:84565690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.13.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702586/; classtype:trojan-activity;sid:84565686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.172.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702585/; classtype:trojan-activity;sid:84565685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702584)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702584/; classtype:trojan-activity;sid:84565684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702583)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702583/; classtype:trojan-activity;sid:84565683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702580)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702580/; classtype:trojan-activity;sid:84565680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702581)"; flow:established,from_client; content:"GET"; http_method; content:"/debug"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702581/; classtype:trojan-activity;sid:84565681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702582)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/1.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702582/; classtype:trojan-activity;sid:84565682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702578)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702578/; classtype:trojan-activity;sid:84565678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702579)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702579/; classtype:trojan-activity;sid:84565679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.133.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702573/; classtype:trojan-activity;sid:84565673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702574)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702574/; classtype:trojan-activity;sid:84565674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702575)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702575/; classtype:trojan-activity;sid:84565675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702576)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702576/; classtype:trojan-activity;sid:84565676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702577)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702577/; classtype:trojan-activity;sid:84565677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702566)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702566/; classtype:trojan-activity;sid:84565666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702567)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702567/; classtype:trojan-activity;sid:84565667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702568)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702568/; classtype:trojan-activity;sid:84565668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702569)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702569/; classtype:trojan-activity;sid:84565669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702570)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702570/; classtype:trojan-activity;sid:84565670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702571)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702571/; classtype:trojan-activity;sid:84565671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702572)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702572/; classtype:trojan-activity;sid:84565672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702563)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702563/; classtype:trojan-activity;sid:84565663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702564)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702564/; classtype:trojan-activity;sid:84565664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702565)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702565/; classtype:trojan-activity;sid:84565665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702562)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702562/; classtype:trojan-activity;sid:84565662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702561)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702561/; classtype:trojan-activity;sid:84565661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702559)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702559/; classtype:trojan-activity;sid:84565659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702560)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702560/; classtype:trojan-activity;sid:84565660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702553)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702553/; classtype:trojan-activity;sid:84565653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702554)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702554/; classtype:trojan-activity;sid:84565654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702555)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702555/; classtype:trojan-activity;sid:84565655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702556)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702556/; classtype:trojan-activity;sid:84565656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702557)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702557/; classtype:trojan-activity;sid:84565657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702558)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702558/; classtype:trojan-activity;sid:84565658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702548)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7799503374/oemrgz9.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702548/; classtype:trojan-activity;sid:84565648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702549)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702549/; classtype:trojan-activity;sid:84565649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702550)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702550/; classtype:trojan-activity;sid:84565650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702551)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702551/; classtype:trojan-activity;sid:84565651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702552)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702552/; classtype:trojan-activity;sid:84565652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702547)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702547/; classtype:trojan-activity;sid:84565647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702544)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702544/; classtype:trojan-activity;sid:84565644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702545)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702545/; classtype:trojan-activity;sid:84565645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702546)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702546/; classtype:trojan-activity;sid:84565646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702543)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702543/; classtype:trojan-activity;sid:84565643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702539)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702539/; classtype:trojan-activity;sid:84565639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702540)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702540/; classtype:trojan-activity;sid:84565640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702541)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702541/; classtype:trojan-activity;sid:84565641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702542)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702542/; classtype:trojan-activity;sid:84565642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702537)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702537/; classtype:trojan-activity;sid:84565637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702538)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702538/; classtype:trojan-activity;sid:84565638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702535)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702535/; classtype:trojan-activity;sid:84565635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702536)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702536/; classtype:trojan-activity;sid:84565636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702534)"; flow:established,from_client; content:"GET"; http_method; content:"/debug"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702534/; classtype:trojan-activity;sid:84565634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702531)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/1.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702531/; classtype:trojan-activity;sid:84565631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702532)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702532/; classtype:trojan-activity;sid:84565632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702533)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702533/; classtype:trojan-activity;sid:84565633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702527)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702527/; classtype:trojan-activity;sid:84565627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702528)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702528/; classtype:trojan-activity;sid:84565628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702529)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702529/; classtype:trojan-activity;sid:84565629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702530)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702530/; classtype:trojan-activity;sid:84565630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702523)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702523/; classtype:trojan-activity;sid:84565623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702524)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702524/; classtype:trojan-activity;sid:84565624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702525)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/1.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702525/; classtype:trojan-activity;sid:84565625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702526)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702526/; classtype:trojan-activity;sid:84565626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702521)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702521/; classtype:trojan-activity;sid:84565621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702522)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702522/; classtype:trojan-activity;sid:84565622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702520)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702520/; classtype:trojan-activity;sid:84565620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702516)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702516/; classtype:trojan-activity;sid:84565616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702517)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702517/; classtype:trojan-activity;sid:84565617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702518)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702518/; classtype:trojan-activity;sid:84565618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702519)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702519/; classtype:trojan-activity;sid:84565619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702512)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702512/; classtype:trojan-activity;sid:84565612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702513)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702513/; classtype:trojan-activity;sid:84565613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702514)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702514/; classtype:trojan-activity;sid:84565614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702515)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702515/; classtype:trojan-activity;sid:84565615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702506)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702506/; classtype:trojan-activity;sid:84565606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702507)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702507/; classtype:trojan-activity;sid:84565607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702508)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702508/; classtype:trojan-activity;sid:84565608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702509)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702509/; classtype:trojan-activity;sid:84565609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702510)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702510/; classtype:trojan-activity;sid:84565610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702511)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702511/; classtype:trojan-activity;sid:84565611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702505)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702505/; classtype:trojan-activity;sid:84565605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702500)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702500/; classtype:trojan-activity;sid:84565600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702501)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702501/; classtype:trojan-activity;sid:84565601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702502)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702502/; classtype:trojan-activity;sid:84565602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702503)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702503/; classtype:trojan-activity;sid:84565603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702504)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702504/; classtype:trojan-activity;sid:84565604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702498)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702498/; classtype:trojan-activity;sid:84565598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702499)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702499/; classtype:trojan-activity;sid:84565599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702493)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702493/; classtype:trojan-activity;sid:84565593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702494)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702494/; classtype:trojan-activity;sid:84565594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702495)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702495/; classtype:trojan-activity;sid:84565595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702496)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702496/; classtype:trojan-activity;sid:84565596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702497)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702497/; classtype:trojan-activity;sid:84565597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702491)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702491/; classtype:trojan-activity;sid:84565591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702492)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702492/; classtype:trojan-activity;sid:84565592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.218.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702490/; classtype:trojan-activity;sid:84565590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702489)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702489/; classtype:trojan-activity;sid:84565589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702487)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702487/; classtype:trojan-activity;sid:84565587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702488)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702488/; classtype:trojan-activity;sid:84565588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702484)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/1.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702484/; classtype:trojan-activity;sid:84565584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702485)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/1.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702485/; classtype:trojan-activity;sid:84565585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702486)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702486/; classtype:trojan-activity;sid:84565586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702481)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702481/; classtype:trojan-activity;sid:84565581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702482)"; flow:established,from_client; content:"GET"; http_method; content:"/debug"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702482/; classtype:trojan-activity;sid:84565582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702483)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702483/; classtype:trojan-activity;sid:84565583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702479)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702479/; classtype:trojan-activity;sid:84565579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702480)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702480/; classtype:trojan-activity;sid:84565580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702476)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702476/; classtype:trojan-activity;sid:84565576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702477)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702477/; classtype:trojan-activity;sid:84565577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702478)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702478/; classtype:trojan-activity;sid:84565578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702475)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6589084083/mca4srr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702475/; classtype:trojan-activity;sid:84565575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702472)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702472/; classtype:trojan-activity;sid:84565572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702473)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702473/; classtype:trojan-activity;sid:84565573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702474)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702474/; classtype:trojan-activity;sid:84565574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702471)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702471/; classtype:trojan-activity;sid:84565571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702470)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702470/; classtype:trojan-activity;sid:84565570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702469)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702469/; classtype:trojan-activity;sid:84565569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702460)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702460/; classtype:trojan-activity;sid:84565560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702461)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702461/; classtype:trojan-activity;sid:84565561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702462)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702462/; classtype:trojan-activity;sid:84565562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702463)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702463/; classtype:trojan-activity;sid:84565563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702464)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702464/; classtype:trojan-activity;sid:84565564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702465)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702465/; classtype:trojan-activity;sid:84565565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702466)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702466/; classtype:trojan-activity;sid:84565566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702467)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702467/; classtype:trojan-activity;sid:84565567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702468)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702468/; classtype:trojan-activity;sid:84565568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702453)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702453/; classtype:trojan-activity;sid:84565553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702454)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702454/; classtype:trojan-activity;sid:84565554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702455)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702455/; classtype:trojan-activity;sid:84565555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702456)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702456/; classtype:trojan-activity;sid:84565556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702457)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702457/; classtype:trojan-activity;sid:84565557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702458)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702458/; classtype:trojan-activity;sid:84565558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702459)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702459/; classtype:trojan-activity;sid:84565559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702447)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702447/; classtype:trojan-activity;sid:84565547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702448)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702448/; classtype:trojan-activity;sid:84565548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702449)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702449/; classtype:trojan-activity;sid:84565549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702450)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702450/; classtype:trojan-activity;sid:84565550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702451)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702451/; classtype:trojan-activity;sid:84565551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702452)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702452/; classtype:trojan-activity;sid:84565552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702442)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702442/; classtype:trojan-activity;sid:84565542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702443)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702443/; classtype:trojan-activity;sid:84565543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702444)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702444/; classtype:trojan-activity;sid:84565544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702445)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702445/; classtype:trojan-activity;sid:84565545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702446)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702446/; classtype:trojan-activity;sid:84565546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702440)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702440/; classtype:trojan-activity;sid:84565540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702441)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702441/; classtype:trojan-activity;sid:84565541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702438)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702438/; classtype:trojan-activity;sid:84565538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702439)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702439/; classtype:trojan-activity;sid:84565539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702437)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702437/; classtype:trojan-activity;sid:84565537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702431)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702431/; classtype:trojan-activity;sid:84565531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702432)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702432/; classtype:trojan-activity;sid:84565532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702433)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702433/; classtype:trojan-activity;sid:84565533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702434)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702434/; classtype:trojan-activity;sid:84565534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702435)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702435/; classtype:trojan-activity;sid:84565535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702436)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702436/; classtype:trojan-activity;sid:84565536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702425)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702425/; classtype:trojan-activity;sid:84565525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702426)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702426/; classtype:trojan-activity;sid:84565526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702427)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702427/; classtype:trojan-activity;sid:84565527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702428)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702428/; classtype:trojan-activity;sid:84565528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702429)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702429/; classtype:trojan-activity;sid:84565529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702430)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702430/; classtype:trojan-activity;sid:84565530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702423)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702423/; classtype:trojan-activity;sid:84565523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702424)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702424/; classtype:trojan-activity;sid:84565524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702412)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702412/; classtype:trojan-activity;sid:84565512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702413)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702413/; classtype:trojan-activity;sid:84565513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702414)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702414/; classtype:trojan-activity;sid:84565514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.153.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702415/; classtype:trojan-activity;sid:84565515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702416)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702416/; classtype:trojan-activity;sid:84565516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702417)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702417/; classtype:trojan-activity;sid:84565517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702418)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702418/; classtype:trojan-activity;sid:84565518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702419)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702419/; classtype:trojan-activity;sid:84565519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702420)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702420/; classtype:trojan-activity;sid:84565520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702421)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702421/; classtype:trojan-activity;sid:84565521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702422)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702422/; classtype:trojan-activity;sid:84565522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702411)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702411/; classtype:trojan-activity;sid:84565511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702405)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702405/; classtype:trojan-activity;sid:84565505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702406)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702406/; classtype:trojan-activity;sid:84565506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702407)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702407/; classtype:trojan-activity;sid:84565507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702408)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702408/; classtype:trojan-activity;sid:84565508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702409)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702409/; classtype:trojan-activity;sid:84565509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702410)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702410/; classtype:trojan-activity;sid:84565510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702404)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702404/; classtype:trojan-activity;sid:84565504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702403)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702403/; classtype:trojan-activity;sid:84565503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702402)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702402/; classtype:trojan-activity;sid:84565502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.232.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702400/; classtype:trojan-activity;sid:84565500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.56.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702401/; classtype:trojan-activity;sid:84565501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.83.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702399/; classtype:trojan-activity;sid:84565499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702398)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702398/; classtype:trojan-activity;sid:84565498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702396)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702396/; classtype:trojan-activity;sid:84565496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702397)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702397/; classtype:trojan-activity;sid:84565497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702395)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702395/; classtype:trojan-activity;sid:84565495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702394)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702394/; classtype:trojan-activity;sid:84565494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702393)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702393/; classtype:trojan-activity;sid:84565493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702392)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702392/; classtype:trojan-activity;sid:84565492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702391)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702391/; classtype:trojan-activity;sid:84565491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702388)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702388/; classtype:trojan-activity;sid:84565488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702389)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702389/; classtype:trojan-activity;sid:84565489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702390)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702390/; classtype:trojan-activity;sid:84565490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702387)"; flow:established,from_client; content:"GET"; http_method; content:"/peculiar_advertisement.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.208.156.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702387/; classtype:trojan-activity;sid:84565487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702386/; classtype:trojan-activity;sid:84565486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.83.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702385/; classtype:trojan-activity;sid:84565485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702384/; classtype:trojan-activity;sid:84565484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702383)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702383/; classtype:trojan-activity;sid:84565483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702382)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702382/; classtype:trojan-activity;sid:84565482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702377)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702377/; classtype:trojan-activity;sid:84565477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702378)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702378/; classtype:trojan-activity;sid:84565478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702379)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702379/; classtype:trojan-activity;sid:84565479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702380)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702380/; classtype:trojan-activity;sid:84565480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702381)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702381/; classtype:trojan-activity;sid:84565481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702374)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702374/; classtype:trojan-activity;sid:84565474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702375)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702375/; classtype:trojan-activity;sid:84565475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702376)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702376/; classtype:trojan-activity;sid:84565476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702371)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702371/; classtype:trojan-activity;sid:84565471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702372)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702372/; classtype:trojan-activity;sid:84565472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702373)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702373/; classtype:trojan-activity;sid:84565473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.19.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702370/; classtype:trojan-activity;sid:84565470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.93.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702369/; classtype:trojan-activity;sid:84565469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702368)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702368/; classtype:trojan-activity;sid:84565468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702367)"; flow:established,from_client; content:"GET"; http_method; content:"/pl.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702367/; classtype:trojan-activity;sid:84565467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702366)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702366/; classtype:trojan-activity;sid:84565466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702363)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702363/; classtype:trojan-activity;sid:84565463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702364)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702364/; classtype:trojan-activity;sid:84565464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702365)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702365/; classtype:trojan-activity;sid:84565465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702361)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702361/; classtype:trojan-activity;sid:84565461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702362)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702362/; classtype:trojan-activity;sid:84565462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702357)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702357/; classtype:trojan-activity;sid:84565457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702358)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702358/; classtype:trojan-activity;sid:84565458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702359)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702359/; classtype:trojan-activity;sid:84565459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702360)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702360/; classtype:trojan-activity;sid:84565460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702356)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702356/; classtype:trojan-activity;sid:84565456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702355)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702355/; classtype:trojan-activity;sid:84565455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702347)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702347/; classtype:trojan-activity;sid:84565447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702348)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702348/; classtype:trojan-activity;sid:84565448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702349)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702349/; classtype:trojan-activity;sid:84565449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702350)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702350/; classtype:trojan-activity;sid:84565450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702351)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702351/; classtype:trojan-activity;sid:84565451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702352)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702352/; classtype:trojan-activity;sid:84565452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702353)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702353/; classtype:trojan-activity;sid:84565453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702354)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702354/; classtype:trojan-activity;sid:84565454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702346)"; flow:established,from_client; content:"GET"; http_method; content:"/pl.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702346/; classtype:trojan-activity;sid:84565446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.66.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702345/; classtype:trojan-activity;sid:84565445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.232.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702344/; classtype:trojan-activity;sid:84565444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702343)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702343/; classtype:trojan-activity;sid:84565443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702342)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/film/video.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702342/; classtype:trojan-activity;sid:84565442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702341)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702341/; classtype:trojan-activity;sid:84565441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702340)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/film/video.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702340/; classtype:trojan-activity;sid:84565440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702339)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702339/; classtype:trojan-activity;sid:84565439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.19.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702338/; classtype:trojan-activity;sid:84565438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.103.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702336/; classtype:trojan-activity;sid:84565436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.200.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702337/; classtype:trojan-activity;sid:84565437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702335)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702335/; classtype:trojan-activity;sid:84565435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702334)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/film/av.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702334/; classtype:trojan-activity;sid:84565434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702333)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/film/photo.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702333/; classtype:trojan-activity;sid:84565433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702330)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/y3nkmht.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702330/; classtype:trojan-activity;sid:84565430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702331)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702331/; classtype:trojan-activity;sid:84565431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702332)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7105790467/lvm9f63.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702332/; classtype:trojan-activity;sid:84565432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702326)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/film/av.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702326/; classtype:trojan-activity;sid:84565426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702327)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/film/photo.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702327/; classtype:trojan-activity;sid:84565427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702328)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702328/; classtype:trojan-activity;sid:84565428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702329)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702329/; classtype:trojan-activity;sid:84565429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702320)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702320/; classtype:trojan-activity;sid:84565420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702321)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702321/; classtype:trojan-activity;sid:84565421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702322)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702322/; classtype:trojan-activity;sid:84565422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.59.61.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702323/; classtype:trojan-activity;sid:84565423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702324)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702324/; classtype:trojan-activity;sid:84565424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702325)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702325/; classtype:trojan-activity;sid:84565425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.160.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702310/; classtype:trojan-activity;sid:84565410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702311)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702311/; classtype:trojan-activity;sid:84565411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702312)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702312/; classtype:trojan-activity;sid:84565412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.103.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702313/; classtype:trojan-activity;sid:84565413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702314)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702314/; classtype:trojan-activity;sid:84565414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702315)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702315/; classtype:trojan-activity;sid:84565415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702316)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702316/; classtype:trojan-activity;sid:84565416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702317)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702317/; classtype:trojan-activity;sid:84565417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702318)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702318/; classtype:trojan-activity;sid:84565418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702319)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702319/; classtype:trojan-activity;sid:84565419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702308)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm6"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702308/; classtype:trojan-activity;sid:84565408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702309)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.6.9.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702309/; classtype:trojan-activity;sid:84565409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702306)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702306/; classtype:trojan-activity;sid:84565406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702307)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702307/; classtype:trojan-activity;sid:84565407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702302)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702302/; classtype:trojan-activity;sid:84565402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702303)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702303/; classtype:trojan-activity;sid:84565403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702304)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702304/; classtype:trojan-activity;sid:84565404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702305)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702305/; classtype:trojan-activity;sid:84565405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702300)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702300/; classtype:trojan-activity;sid:84565400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702301)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/zluqke7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702301/; classtype:trojan-activity;sid:84565401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702299)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702299/; classtype:trojan-activity;sid:84565399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702297)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.ppc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702297/; classtype:trojan-activity;sid:84565397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702298)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702298/; classtype:trojan-activity;sid:84565398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702291)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.i686"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702291/; classtype:trojan-activity;sid:84565391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702292)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.spc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702292/; classtype:trojan-activity;sid:84565392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702293)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.mpsl"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702293/; classtype:trojan-activity;sid:84565393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702294)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.x86_64"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702294/; classtype:trojan-activity;sid:84565394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702295)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm7"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702295/; classtype:trojan-activity;sid:84565395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702296)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.sh4"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702296/; classtype:trojan-activity;sid:84565396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702288)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm5"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702288/; classtype:trojan-activity;sid:84565388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702289)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702289/; classtype:trojan-activity;sid:84565389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702290)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.x86"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702290/; classtype:trojan-activity;sid:84565390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702287)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.m68k"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702287/; classtype:trojan-activity;sid:84565387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702286)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702286/; classtype:trojan-activity;sid:84565386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702283)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702283/; classtype:trojan-activity;sid:84565383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702284)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702284/; classtype:trojan-activity;sid:84565384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702285)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702285/; classtype:trojan-activity;sid:84565385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702279)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702279/; classtype:trojan-activity;sid:84565379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702280)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702280/; classtype:trojan-activity;sid:84565380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702281)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702281/; classtype:trojan-activity;sid:84565381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702282)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702282/; classtype:trojan-activity;sid:84565382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702276)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702276/; classtype:trojan-activity;sid:84565376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702277)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702277/; classtype:trojan-activity;sid:84565377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702278)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702278/; classtype:trojan-activity;sid:84565378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702275)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702275/; classtype:trojan-activity;sid:84565375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.59.61.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702274/; classtype:trojan-activity;sid:84565374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702266)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702266/; classtype:trojan-activity;sid:84565366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702267)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702267/; classtype:trojan-activity;sid:84565367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702268)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702268/; classtype:trojan-activity;sid:84565368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702269)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702269/; classtype:trojan-activity;sid:84565369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702270)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702270/; classtype:trojan-activity;sid:84565370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702271)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702271/; classtype:trojan-activity;sid:84565371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702272)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702272/; classtype:trojan-activity;sid:84565372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702273)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702273/; classtype:trojan-activity;sid:84565373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702264)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702264/; classtype:trojan-activity;sid:84565364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702265)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702265/; classtype:trojan-activity;sid:84565365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702263)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.30.76.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702263/; classtype:trojan-activity;sid:84565363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.160.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702262/; classtype:trojan-activity;sid:84565362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702259)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702259/; classtype:trojan-activity;sid:84565359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702260)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702260/; classtype:trojan-activity;sid:84565360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702261)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702261/; classtype:trojan-activity;sid:84565361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702258)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702258/; classtype:trojan-activity;sid:84565358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702252)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702252/; classtype:trojan-activity;sid:84565352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702253)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702253/; classtype:trojan-activity;sid:84565353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702254)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702254/; classtype:trojan-activity;sid:84565354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702255)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702255/; classtype:trojan-activity;sid:84565355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702256)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702256/; classtype:trojan-activity;sid:84565356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702257)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.gnueabihf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702257/; classtype:trojan-activity;sid:84565357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702251)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm5n"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702251/; classtype:trojan-activity;sid:84565351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702239)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702239/; classtype:trojan-activity;sid:84565339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702240)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702240/; classtype:trojan-activity;sid:84565340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702241)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702241/; classtype:trojan-activity;sid:84565341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702242)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702242/; classtype:trojan-activity;sid:84565342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702243)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702243/; classtype:trojan-activity;sid:84565343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.241.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702244/; classtype:trojan-activity;sid:84565344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702245)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702245/; classtype:trojan-activity;sid:84565345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702246)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702246/; classtype:trojan-activity;sid:84565346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702247)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702247/; classtype:trojan-activity;sid:84565347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702248)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702248/; classtype:trojan-activity;sid:84565348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702249)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702249/; classtype:trojan-activity;sid:84565349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702250)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702250/; classtype:trojan-activity;sid:84565350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702236)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702236/; classtype:trojan-activity;sid:84565336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702237)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm5n"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702237/; classtype:trojan-activity;sid:84565337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702238)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702238/; classtype:trojan-activity;sid:84565338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702235)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/gerbangslot777.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"heimao911.store"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702235/; classtype:trojan-activity;sid:84565335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702234)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702234/; classtype:trojan-activity;sid:84565334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702231)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702231/; classtype:trojan-activity;sid:84565331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702232)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702232/; classtype:trojan-activity;sid:84565332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702233)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702233/; classtype:trojan-activity;sid:84565333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702230)"; flow:established,from_client; content:"GET"; http_method; content:"/zvit.hta"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.159.189.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702230/; classtype:trojan-activity;sid:84565330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702229)"; flow:established,from_client; content:"GET"; http_method; content:"/download_prize/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yandex-prize.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702229/; classtype:trojan-activity;sid:84565329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702228)"; flow:established,from_client; content:"GET"; http_method; content:"/2024/09/medibang-paint-mod-apk-premium-unlocked-v27.19.apk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"dl7.apkhome.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702228/; classtype:trojan-activity;sid:84565328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.255.209.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702223/; classtype:trojan-activity;sid:84565323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.255.209.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702224/; classtype:trojan-activity;sid:84565324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702225)"; flow:established,from_client; content:"GET"; http_method; content:"/e-sports%20king.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"esportsking.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702225/; classtype:trojan-activity;sid:84565325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702226)"; flow:established,from_client; content:"GET"; http_method; content:"/api/microsoft/update/be53ff4f4b5daa.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"45.159.189.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702226/; classtype:trojan-activity;sid:84565326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702227)"; flow:established,from_client; content:"GET"; http_method; content:"/api/microsoft/update/updater.ps1"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"45.159.189.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702227/; classtype:trojan-activity;sid:84565327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702221)"; flow:established,from_client; content:"GET"; http_method; content:"/xp.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"segurancadigitalxp.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702221/; classtype:trojan-activity;sid:84565321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702222)"; flow:established,from_client; content:"GET"; http_method; content:"/static/file/kankan_kk360setup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"mtxxiusnhgbdgdv.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702222/; classtype:trojan-activity;sid:84565322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702220)"; flow:established,from_client; content:"GET"; http_method; content:"/files/acrobat_reader_v112.msi"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"adobe.apsalgida.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702220/; classtype:trojan-activity;sid:84565320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702216)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/gerbangslot777.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"rtpvip.live"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702216/; classtype:trojan-activity;sid:84565316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702217)"; flow:established,from_client; content:"GET"; http_method; content:"/api/microsoft/update/svshosts.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.159.189.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702217/; classtype:trojan-activity;sid:84565317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702218)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7255807194/bur1ybm.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702218/; classtype:trojan-activity;sid:84565318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702219)"; flow:established,from_client; content:"GET"; http_method; content:"/metatrade5.rar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"grandmarketsfx.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702219/; classtype:trojan-activity;sid:84565319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702215)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8079848160/vndtqr7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702215/; classtype:trojan-activity;sid:84565315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702214)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.188.34.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702214/; classtype:trojan-activity;sid:84565314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702212)"; flow:established,from_client; content:"GET"; http_method; content:"/exng8.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ifgirng49gn39gm.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702212/; classtype:trojan-activity;sid:84565312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702213)"; flow:established,from_client; content:"GET"; http_method; content:"/9ajmvfmb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lumen.sh4d0wmere.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702213/; classtype:trojan-activity;sid:84565313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702211)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.160.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702211/; classtype:trojan-activity;sid:84565311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702210)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.160.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702210/; classtype:trojan-activity;sid:84565310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702208)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.207.234.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702208/; classtype:trojan-activity;sid:84565308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702209)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.207.234.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702209/; classtype:trojan-activity;sid:84565309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702207)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.145.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702207/; classtype:trojan-activity;sid:84565307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702206)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.104.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702206/; classtype:trojan-activity;sid:84565306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702205)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.229.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702205/; classtype:trojan-activity;sid:84565305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702204)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702204/; classtype:trojan-activity;sid:84565304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702203)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.64.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702203/; classtype:trojan-activity;sid:84565303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702202)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702202/; classtype:trojan-activity;sid:84565302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702201)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702201/; classtype:trojan-activity;sid:84565301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702200)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.145.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702200/; classtype:trojan-activity;sid:84565300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702199)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702199/; classtype:trojan-activity;sid:84565299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702198)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.193.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702198/; classtype:trojan-activity;sid:84565298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702197)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.104.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702197/; classtype:trojan-activity;sid:84565297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702196)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.203.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702196/; classtype:trojan-activity;sid:84565296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702195)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.203.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702195/; classtype:trojan-activity;sid:84565295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702194)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.207.234.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702194/; classtype:trojan-activity;sid:84565294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702193)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.234.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702193/; classtype:trojan-activity;sid:84565293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702192)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702192/; classtype:trojan-activity;sid:84565292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702191/; classtype:trojan-activity;sid:84565291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702189)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.255.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702189/; classtype:trojan-activity;sid:84565289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702190)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.255.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702190/; classtype:trojan-activity;sid:84565290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702186)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.152.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702186/; classtype:trojan-activity;sid:84565286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702187)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.81.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702187/; classtype:trojan-activity;sid:84565287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702188)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702188/; classtype:trojan-activity;sid:84565288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702185)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702185/; classtype:trojan-activity;sid:84565285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702184)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.207.234.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702184/; classtype:trojan-activity;sid:84565284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702183)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.255.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702183/; classtype:trojan-activity;sid:84565283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702182)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.81.193.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702182/; classtype:trojan-activity;sid:84565282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702181)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.207.234.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702181/; classtype:trojan-activity;sid:84565281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702180)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.255.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702180/; classtype:trojan-activity;sid:84565280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702178)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702178/; classtype:trojan-activity;sid:84565278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702179)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.255.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702179/; classtype:trojan-activity;sid:84565279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702177)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.88.150.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702177/; classtype:trojan-activity;sid:84565277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702176)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.88.150.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702176/; classtype:trojan-activity;sid:84565276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702172)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702172/; classtype:trojan-activity;sid:84565272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702173)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/09/03/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702173/; classtype:trojan-activity;sid:84565273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702174)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/12/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702174/; classtype:trojan-activity;sid:84565274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702175)"; flow:established,from_client; content:"GET"; http_method; content:"/2022/01/24/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702175/; classtype:trojan-activity;sid:84565275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702168)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.188.34.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702168/; classtype:trojan-activity;sid:84565268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702169)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702169/; classtype:trojan-activity;sid:84565269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702170)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.88.150.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702170/; classtype:trojan-activity;sid:84565270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702171)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702171/; classtype:trojan-activity;sid:84565271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702165)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702165/; classtype:trojan-activity;sid:84565265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702166)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702166/; classtype:trojan-activity;sid:84565266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702167)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.207.234.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702167/; classtype:trojan-activity;sid:84565267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702163)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/10/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702163/; classtype:trojan-activity;sid:84565263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702164)"; flow:established,from_client; content:"GET"; http_method; content:"/2019-10-29/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702164/; classtype:trojan-activity;sid:84565264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702160)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702160/; classtype:trojan-activity;sid:84565260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702161)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702161/; classtype:trojan-activity;sid:84565261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702162)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702162/; classtype:trojan-activity;sid:84565262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702159)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702159/; classtype:trojan-activity;sid:84565259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702154)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/12/30/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702154/; classtype:trojan-activity;sid:84565254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702155)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/11/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702155/; classtype:trojan-activity;sid:84565255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702156)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702156/; classtype:trojan-activity;sid:84565256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702157)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702157/; classtype:trojan-activity;sid:84565257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702158)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702158/; classtype:trojan-activity;sid:84565258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702153)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.88.150.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702153/; classtype:trojan-activity;sid:84565253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702151)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.207.234.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702151/; classtype:trojan-activity;sid:84565251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702152)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702152/; classtype:trojan-activity;sid:84565252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702150)"; flow:established,from_client; content:"GET"; http_method; content:"/d/opi1g30i/exec.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.atteppzkf.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702150/; classtype:trojan-activity;sid:84565250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702148)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202203/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702148/; classtype:trojan-activity;sid:84565248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702149)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.248.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702149/; classtype:trojan-activity;sid:84565249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702147)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702147/; classtype:trojan-activity;sid:84565247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702144)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702144/; classtype:trojan-activity;sid:84565244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702145)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201512/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702145/; classtype:trojan-activity;sid:84565245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702146)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"126.209.37.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702146/; classtype:trojan-activity;sid:84565246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702140)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.88.150.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702140/; classtype:trojan-activity;sid:84565240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702141)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.88.150.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702141/; classtype:trojan-activity;sid:84565241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702142)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702142/; classtype:trojan-activity;sid:84565242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702143)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702143/; classtype:trojan-activity;sid:84565243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702139)"; flow:established,from_client; content:"GET"; http_method; content:"/2019-10-12/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702139/; classtype:trojan-activity;sid:84565239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702134)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702134/; classtype:trojan-activity;sid:84565234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702135)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702135/; classtype:trojan-activity;sid:84565235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702136)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702136/; classtype:trojan-activity;sid:84565236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702137)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"110.81.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702137/; classtype:trojan-activity;sid:84565237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702138)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702138/; classtype:trojan-activity;sid:84565238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702130)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702130/; classtype:trojan-activity;sid:84565230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702131)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702131/; classtype:trojan-activity;sid:84565231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702132)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702132/; classtype:trojan-activity;sid:84565232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702133)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.193.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702133/; classtype:trojan-activity;sid:84565233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702129)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702129/; classtype:trojan-activity;sid:84565229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702127)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702127/; classtype:trojan-activity;sid:84565227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702128)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702128/; classtype:trojan-activity;sid:84565228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702122)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702122/; classtype:trojan-activity;sid:84565222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702123)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702123/; classtype:trojan-activity;sid:84565223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702124)"; flow:established,from_client; content:"GET"; http_method; content:"/2022/01/28/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702124/; classtype:trojan-activity;sid:84565224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702125)"; flow:established,from_client; content:"GET"; http_method; content:"/2023/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702125/; classtype:trojan-activity;sid:84565225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702126)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/09/02/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702126/; classtype:trojan-activity;sid:84565226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702120)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.81.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702120/; classtype:trojan-activity;sid:84565220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702121)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702121/; classtype:trojan-activity;sid:84565221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702118)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702118/; classtype:trojan-activity;sid:84565218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702119)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702119/; classtype:trojan-activity;sid:84565219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702117)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.186.236.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702117/; classtype:trojan-activity;sid:84565217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702114)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msgaddfiles/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702114/; classtype:trojan-activity;sid:84565214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702115)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702115/; classtype:trojan-activity;sid:84565215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702116)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.240.184.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702116/; classtype:trojan-activity;sid:84565216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702104)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.188.34.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702104/; classtype:trojan-activity;sid:84565204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702105)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702105/; classtype:trojan-activity;sid:84565205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702106)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201703/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702106/; classtype:trojan-activity;sid:84565206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702107)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702107/; classtype:trojan-activity;sid:84565207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702108)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702108/; classtype:trojan-activity;sid:84565208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702109)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/03/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702109/; classtype:trojan-activity;sid:84565209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702110)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/08/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702110/; classtype:trojan-activity;sid:84565210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702111)"; flow:established,from_client; content:"GET"; http_method; content:"/2022/01/08/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702111/; classtype:trojan-activity;sid:84565211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702112)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/09/23/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702112/; classtype:trojan-activity;sid:84565212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702113)"; flow:established,from_client; content:"GET"; http_method; content:"/2022/01/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702113/; classtype:trojan-activity;sid:84565213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702102)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702102/; classtype:trojan-activity;sid:84565202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702103)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702103/; classtype:trojan-activity;sid:84565203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.252.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702101/; classtype:trojan-activity;sid:84565201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.129.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702100/; classtype:trojan-activity;sid:84565200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.236.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702099/; classtype:trojan-activity;sid:84565199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.199.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702098/; classtype:trojan-activity;sid:84565198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.49.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702096/; classtype:trojan-activity;sid:84565196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.36.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702097/; classtype:trojan-activity;sid:84565197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702095)"; flow:established,from_client; content:"GET"; http_method; content:"/ib3gkdbv"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lumen.sh4d0wmere.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702095/; classtype:trojan-activity;sid:84565195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.219.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702094/; classtype:trojan-activity;sid:84565194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.88.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702093/; classtype:trojan-activity;sid:84565193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.32.4.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702092/; classtype:trojan-activity;sid:84565192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.202.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702089/; classtype:trojan-activity;sid:84565189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.236.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702090/; classtype:trojan-activity;sid:84565190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.203.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702091/; classtype:trojan-activity;sid:84565191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.252.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702088/; classtype:trojan-activity;sid:84565188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.228.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702084/; classtype:trojan-activity;sid:84565184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.155.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702085/; classtype:trojan-activity;sid:84565185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.12.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702086/; classtype:trojan-activity;sid:84565186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.117.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702087/; classtype:trojan-activity;sid:84565187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.109.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702078/; classtype:trojan-activity;sid:84565178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.128.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702079/; classtype:trojan-activity;sid:84565179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.225.55.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702080/; classtype:trojan-activity;sid:84565180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.168.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702081/; classtype:trojan-activity;sid:84565181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.50.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702082/; classtype:trojan-activity;sid:84565182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.53.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702083/; classtype:trojan-activity;sid:84565183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.135.160.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702077/; classtype:trojan-activity;sid:84565177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.49.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702076/; classtype:trojan-activity;sid:84565176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702075)"; flow:established,from_client; content:"GET"; http_method; content:"/v3oakt95"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pike.ci2udforge.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702075/; classtype:trojan-activity;sid:84565175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.199.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702074/; classtype:trojan-activity;sid:84565174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.29.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702073/; classtype:trojan-activity;sid:84565173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.219.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702072/; classtype:trojan-activity;sid:84565172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.88.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702071/; classtype:trojan-activity;sid:84565171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.64.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702070/; classtype:trojan-activity;sid:84565170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.35.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702069/; classtype:trojan-activity;sid:84565169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702068)"; flow:established,from_client; content:"GET"; http_method; content:"/avhrehn8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moor.ci2udforge.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702068/; classtype:trojan-activity;sid:84565168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.53.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702067/; classtype:trojan-activity;sid:84565167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.152.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702066/; classtype:trojan-activity;sid:84565166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.119.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702065/; classtype:trojan-activity;sid:84565165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702064)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8079848160/ebqrofo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702064/; classtype:trojan-activity;sid:84565164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.35.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702063/; classtype:trojan-activity;sid:84565163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.100.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702062/; classtype:trojan-activity;sid:84565162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.194.28.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702061/; classtype:trojan-activity;sid:84565161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.3.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702060/; classtype:trojan-activity;sid:84565160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.73.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702059/; classtype:trojan-activity;sid:84565159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.108.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702057/; classtype:trojan-activity;sid:84565157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.197.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702058/; classtype:trojan-activity;sid:84565158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702056)"; flow:established,from_client; content:"GET"; http_method; content:"/17a45hu9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"haze.m1stwander.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702056/; classtype:trojan-activity;sid:84565156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.225.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702055/; classtype:trojan-activity;sid:84565155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.53.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702054/; classtype:trojan-activity;sid:84565154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.38.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702053/; classtype:trojan-activity;sid:84565153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.119.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702052/; classtype:trojan-activity;sid:84565152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702051)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.227.244.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702051/; classtype:trojan-activity;sid:84565151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.207.87.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702050/; classtype:trojan-activity;sid:84565150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.3.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702049/; classtype:trojan-activity;sid:84565149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.100.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702048/; classtype:trojan-activity;sid:84565148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.197.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702047/; classtype:trojan-activity;sid:84565147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702046)"; flow:established,from_client; content:"GET"; http_method; content:"/pjo6pao2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t0.emberglade.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702046/; classtype:trojan-activity;sid:84565146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.108.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702045/; classtype:trojan-activity;sid:84565145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.35.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702044/; classtype:trojan-activity;sid:84565144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.82.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702043/; classtype:trojan-activity;sid:84565143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.207.87.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702042/; classtype:trojan-activity;sid:84565142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.38.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702041/; classtype:trojan-activity;sid:84565141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.57.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702040/; classtype:trojan-activity;sid:84565140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702039)"; flow:established,from_client; content:"GET"; http_method; content:"/glzxf123"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"silver.emberglade.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702039/; classtype:trojan-activity;sid:84565139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.53.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702038/; classtype:trojan-activity;sid:84565138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.162.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702037/; classtype:trojan-activity;sid:84565137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.152.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702036/; classtype:trojan-activity;sid:84565136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702035)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.234.239.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702035/; classtype:trojan-activity;sid:84565135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702034)"; flow:established,from_client; content:"GET"; http_method; content:"/qdx3qog9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7e8g.brambleforge.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702034/; classtype:trojan-activity;sid:84565134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.53.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702033/; classtype:trojan-activity;sid:84565133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702032)"; flow:established,from_client; content:"GET"; http_method; content:"/xpdnu78k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nb.brambleforge.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702032/; classtype:trojan-activity;sid:84565132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702031)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/hzzkmbu.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702031/; classtype:trojan-activity;sid:84565131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.51.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702030/; classtype:trojan-activity;sid:84565130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.241.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702029/; classtype:trojan-activity;sid:84565129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702028)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6555237020/4rfwlkd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702028/; classtype:trojan-activity;sid:84565128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702027)"; flow:established,from_client; content:"GET"; http_method; content:"/9qjhhmpv"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5a0.ember-cross.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702027/; classtype:trojan-activity;sid:84565127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.19.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702026/; classtype:trojan-activity;sid:84565126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702025)"; flow:established,from_client; content:"GET"; http_method; content:"/fyjq0bfq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"25ow.ember-cross.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702025/; classtype:trojan-activity;sid:84565125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702024)"; flow:established,from_client; content:"GET"; http_method; content:"/hh4ecchd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ufel.ember-cross.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702024/; classtype:trojan-activity;sid:84565124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.158.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702023/; classtype:trojan-activity;sid:84565123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702022)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/08/win64.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"www.bdbarrandov.cz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702022/; classtype:trojan-activity;sid:84565122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.210.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702021/; classtype:trojan-activity;sid:84565121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702020/; classtype:trojan-activity;sid:84565120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.210.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702019/; classtype:trojan-activity;sid:84565119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.235.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702018/; classtype:trojan-activity;sid:84565118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702017)"; flow:established,from_client; content:"GET"; http_method; content:"/c9le1lud"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ptk.0-pal-summit.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702017/; classtype:trojan-activity;sid:84565117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.158.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702016/; classtype:trojan-activity;sid:84565116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702015)"; flow:established,from_client; content:"GET"; http_method; content:"/so44m3tc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ch.0-pal-summit.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702015/; classtype:trojan-activity;sid:84565115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.147.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702014/; classtype:trojan-activity;sid:84565114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.210.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702013/; classtype:trojan-activity;sid:84565113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702012/; classtype:trojan-activity;sid:84565112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702011)"; flow:established,from_client; content:"GET"; http_method; content:"/hmsgl56f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"drift.frost-wilder.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702011/; classtype:trojan-activity;sid:84565111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702010)"; flow:established,from_client; content:"GET"; http_method; content:"/6x8xaas6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"br.frost-wilder.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702010/; classtype:trojan-activity;sid:84565110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.8.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702009/; classtype:trojan-activity;sid:84565109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.46.195.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702008/; classtype:trojan-activity;sid:84565108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.147.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702007/; classtype:trojan-activity;sid:84565107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.172.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702006/; classtype:trojan-activity;sid:84565106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702005/; classtype:trojan-activity;sid:84565105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.220.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702004/; classtype:trojan-activity;sid:84565104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.63.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702003/; classtype:trojan-activity;sid:84565103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702002)"; flow:established,from_client; content:"GET"; http_method; content:"/crypted_client.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.115.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702002/; classtype:trojan-activity;sid:84565102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.69.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702001/; classtype:trojan-activity;sid:84565101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.69.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702000/; classtype:trojan-activity;sid:84565100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.20.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701999/; classtype:trojan-activity;sid:84565099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.8.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701998/; classtype:trojan-activity;sid:84565098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.8.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701997/; classtype:trojan-activity;sid:84565097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701996)"; flow:established,from_client; content:"GET"; http_method; content:"/rivkkpdl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"marsh.embercross.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701996/; classtype:trojan-activity;sid:84565096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.203.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701995/; classtype:trojan-activity;sid:84565095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.112.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701994/; classtype:trojan-activity;sid:84565094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.69.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701993/; classtype:trojan-activity;sid:84565093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701992/; classtype:trojan-activity;sid:84565092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.63.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701991/; classtype:trojan-activity;sid:84565091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.64.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701989/; classtype:trojan-activity;sid:84565089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.211.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701990/; classtype:trojan-activity;sid:84565090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701988/; classtype:trojan-activity;sid:84565088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.203.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701987/; classtype:trojan-activity;sid:84565087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.182.225.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701986/; classtype:trojan-activity;sid:84565086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.112.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701985/; classtype:trojan-activity;sid:84565085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701984)"; flow:established,from_client; content:"GET"; http_method; content:"/jwd64cxr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"flare.frost-wilder.online"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701984/; classtype:trojan-activity;sid:84565084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.182.225.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701983/; classtype:trojan-activity;sid:84565083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.246.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701982/; classtype:trojan-activity;sid:84565082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701981)"; flow:established,from_client; content:"GET"; http_method; content:"/fqhi7dtg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4shn.t1decrystai.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701981/; classtype:trojan-activity;sid:84565081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701980/; classtype:trojan-activity;sid:84565080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.207.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701979/; classtype:trojan-activity;sid:84565079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.182.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701978/; classtype:trojan-activity;sid:84565078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.29.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701977/; classtype:trojan-activity;sid:84565077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701974/; classtype:trojan-activity;sid:84565074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.3.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701975/; classtype:trojan-activity;sid:84565075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.245.38.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701976/; classtype:trojan-activity;sid:84565076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.197.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701973/; classtype:trojan-activity;sid:84565073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.155.2.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701972/; classtype:trojan-activity;sid:84565072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701970)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.146.23.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701970/; classtype:trojan-activity;sid:84565070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.140.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701971/; classtype:trojan-activity;sid:84565071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.11.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701968/; classtype:trojan-activity;sid:84565068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.155.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701969/; classtype:trojan-activity;sid:84565069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.245.38.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701965/; classtype:trojan-activity;sid:84565065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.57.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701966/; classtype:trojan-activity;sid:84565066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.253.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701967/; classtype:trojan-activity;sid:84565067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.33.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701964/; classtype:trojan-activity;sid:84565064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701963)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701963/; classtype:trojan-activity;sid:84565063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.211.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701962/; classtype:trojan-activity;sid:84565062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.182.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701960/; classtype:trojan-activity;sid:84565060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701961/; classtype:trojan-activity;sid:84565061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701959)"; flow:established,from_client; content:"GET"; http_method; content:"/8a2p81l3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vale.cioudharbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701959/; classtype:trojan-activity;sid:84565059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701958)"; flow:established,from_client; content:"GET"; http_method; content:"/w2p3wczy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pine.cioudharbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701958/; classtype:trojan-activity;sid:84565058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.84.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701957/; classtype:trojan-activity;sid:84565057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.125.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701956/; classtype:trojan-activity;sid:84565056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701955)"; flow:established,from_client; content:"GET"; http_method; content:"/ccexu66a"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ib.stormglade.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701955/; classtype:trojan-activity;sid:84565055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.192.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701954/; classtype:trojan-activity;sid:84565054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.148.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701953/; classtype:trojan-activity;sid:84565053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701952)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701952/; classtype:trojan-activity;sid:84565052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701951)"; flow:established,from_client; content:"GET"; http_method; content:"/p6wvg5y1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tiq.stormglade.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701951/; classtype:trojan-activity;sid:84565051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701950)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701950/; classtype:trojan-activity;sid:84565050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701947)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701947/; classtype:trojan-activity;sid:84565047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701948)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701948/; classtype:trojan-activity;sid:84565048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701949)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701949/; classtype:trojan-activity;sid:84565049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701946)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701946/; classtype:trojan-activity;sid:84565046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.125.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701939/; classtype:trojan-activity;sid:84565039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.172.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701940/; classtype:trojan-activity;sid:84565040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.40.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701941/; classtype:trojan-activity;sid:84565041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.143.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701942/; classtype:trojan-activity;sid:84565042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701943)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701943/; classtype:trojan-activity;sid:84565043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.183.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701944/; classtype:trojan-activity;sid:84565044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.84.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701945/; classtype:trojan-activity;sid:84565045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701938)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.5.164"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701938/; classtype:trojan-activity;sid:84565038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701937)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.5.164"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701937/; classtype:trojan-activity;sid:84565037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701936)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.121.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701936/; classtype:trojan-activity;sid:84565036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701935)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.240.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701935/; classtype:trojan-activity;sid:84565035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701934)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701934/; classtype:trojan-activity;sid:84565034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701933)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.115.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701933/; classtype:trojan-activity;sid:84565033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701932)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.115.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701932/; classtype:trojan-activity;sid:84565032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701931)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.198.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701931/; classtype:trojan-activity;sid:84565031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701930)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.198.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701930/; classtype:trojan-activity;sid:84565030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701929)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.198.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701929/; classtype:trojan-activity;sid:84565029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701928)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.249.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701928/; classtype:trojan-activity;sid:84565028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701926)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.249.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701926/; classtype:trojan-activity;sid:84565026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701927)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"218.95.50.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701927/; classtype:trojan-activity;sid:84565027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701925)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.249.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701925/; classtype:trojan-activity;sid:84565025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701924)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701924/; classtype:trojan-activity;sid:84565024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701923)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.125.190.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701923/; classtype:trojan-activity;sid:84565023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701922)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/6904a6e81f0c5_crypted.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"193.56.135.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701922/; classtype:trojan-activity;sid:84565022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701920)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.125.190.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701920/; classtype:trojan-activity;sid:84565020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701921)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.84.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701921/; classtype:trojan-activity;sid:84565021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701918)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.125.190.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701918/; classtype:trojan-activity;sid:84565018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701919)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.125.190.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701919/; classtype:trojan-activity;sid:84565019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701917)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.139.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701917/; classtype:trojan-activity;sid:84565017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701916)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.84.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701916/; classtype:trojan-activity;sid:84565016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701911)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.125.190.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701911/; classtype:trojan-activity;sid:84565011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701912)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.125.190.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701912/; classtype:trojan-activity;sid:84565012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701913)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.139.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701913/; classtype:trojan-activity;sid:84565013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701914)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.43.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701914/; classtype:trojan-activity;sid:84565014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701915)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.249.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701915/; classtype:trojan-activity;sid:84565015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701908)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.43.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701908/; classtype:trojan-activity;sid:84565008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701909)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.114.65.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701909/; classtype:trojan-activity;sid:84565009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701910/; classtype:trojan-activity;sid:84565010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701905)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701905/; classtype:trojan-activity;sid:84565005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701906)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701906/; classtype:trojan-activity;sid:84565006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701907/; classtype:trojan-activity;sid:84565007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701900)"; flow:established,from_client; content:"GET"; http_method; content:"/0inst2.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.planner5dl.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701900/; classtype:trojan-activity;sid:84565000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701901/; classtype:trojan-activity;sid:84565001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701902/; classtype:trojan-activity;sid:84565002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701903/; classtype:trojan-activity;sid:84565003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701904/; classtype:trojan-activity;sid:84565004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701896)"; flow:established,from_client; content:"GET"; http_method; content:"/dev_hdd0/tmp/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701896/; classtype:trojan-activity;sid:84564996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701897)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/tmp/friendtrophy/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701897/; classtype:trojan-activity;sid:84564997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701898)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/tmp/downloader/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701898/; classtype:trojan-activity;sid:84564998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701899)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701899/; classtype:trojan-activity;sid:84564999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701895/; classtype:trojan-activity;sid:84564995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701892)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.219.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701892/; classtype:trojan-activity;sid:84564992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701893)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.219.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701893/; classtype:trojan-activity;sid:84564993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701894)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.43.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701894/; classtype:trojan-activity;sid:84564994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701890)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5878897896/njtwqnm.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701890/; classtype:trojan-activity;sid:84564990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701891)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.43.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701891/; classtype:trojan-activity;sid:84564991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.224.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701883/; classtype:trojan-activity;sid:84564983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701884)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.43.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701884/; classtype:trojan-activity;sid:84564984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701885)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701885/; classtype:trojan-activity;sid:84564985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701886)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/tmp/wm_icons/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701886/; classtype:trojan-activity;sid:84564986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701887)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/packages/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701887/; classtype:trojan-activity;sid:84564987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701888)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/tmp/wm_res/setup/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701888/; classtype:trojan-activity;sid:84564988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701889)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701889/; classtype:trojan-activity;sid:84564989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701882)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701882/; classtype:trojan-activity;sid:84564982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701873)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.43.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701873/; classtype:trojan-activity;sid:84564973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701874)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701874/; classtype:trojan-activity;sid:84564974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701875)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701875/; classtype:trojan-activity;sid:84564975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701876)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.249.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701876/; classtype:trojan-activity;sid:84564976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701877)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.249.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701877/; classtype:trojan-activity;sid:84564977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701878)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.43.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701878/; classtype:trojan-activity;sid:84564978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701879)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.249.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701879/; classtype:trojan-activity;sid:84564979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701880)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701880/; classtype:trojan-activity;sid:84564980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701881)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701881/; classtype:trojan-activity;sid:84564981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701868)"; flow:established,from_client; content:"GET"; http_method; content:"/dev_hdd0/tmp/wm_res/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701868/; classtype:trojan-activity;sid:84564968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701869)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/tmp/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701869/; classtype:trojan-activity;sid:84564969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701870)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/tmp/wm_combo/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701870/; classtype:trojan-activity;sid:84564970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701871)"; flow:established,from_client; content:"GET"; http_method; content:"/dev_hdd0/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701871/; classtype:trojan-activity;sid:84564971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701872)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/tmp/fimcross/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701872/; classtype:trojan-activity;sid:84564972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701867)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.174.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701867/; classtype:trojan-activity;sid:84564967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701863)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5878897896/xhtmjkl.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701863/; classtype:trojan-activity;sid:84564963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701864)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.81.174.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701864/; classtype:trojan-activity;sid:84564964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701865)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.174.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701865/; classtype:trojan-activity;sid:84564965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701866)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.174.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701866/; classtype:trojan-activity;sid:84564966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701862)"; flow:established,from_client; content:"GET"; http_method; content:"/m022rj17"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x1.m1dnightr0ad.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701862/; classtype:trojan-activity;sid:84564962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.120.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701861/; classtype:trojan-activity;sid:84564961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.152.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701860/; classtype:trojan-activity;sid:84564960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.148.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701859/; classtype:trojan-activity;sid:84564959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701858)"; flow:established,from_client; content:"GET"; http_method; content:"/mkq8r6cc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mica.frostwilder.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701858/; classtype:trojan-activity;sid:84564958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.143.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701857/; classtype:trojan-activity;sid:84564957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.206.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701856/; classtype:trojan-activity;sid:84564956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.192.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701855/; classtype:trojan-activity;sid:84564955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701854)"; flow:established,from_client; content:"GET"; http_method; content:"/cn13k9jy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bh.frostwilder.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701854/; classtype:trojan-activity;sid:84564954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701853)"; flow:established,from_client; content:"GET"; http_method; content:"/ouxqzymx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0i.frostwilder.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701853/; classtype:trojan-activity;sid:84564953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701852/; classtype:trojan-activity;sid:84564952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.7.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701851/; classtype:trojan-activity;sid:84564951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701850)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1824233174/xqqtmnd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701850/; classtype:trojan-activity;sid:84564950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.11.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701849/; classtype:trojan-activity;sid:84564949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.197.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701848/; classtype:trojan-activity;sid:84564948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.206.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701847/; classtype:trojan-activity;sid:84564947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701846)"; flow:established,from_client; content:"GET"; http_method; content:"/get26q7f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wolke.oakensiegel.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701846/; classtype:trojan-activity;sid:84564946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.240.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701845/; classtype:trojan-activity;sid:84564945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701844)"; flow:established,from_client; content:"GET"; http_method; content:"/1pohs3v1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rune.oakensiegel.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701844/; classtype:trojan-activity;sid:84564944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.129.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701843/; classtype:trojan-activity;sid:84564943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.11.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701842/; classtype:trojan-activity;sid:84564942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.150.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701841/; classtype:trojan-activity;sid:84564941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701840)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1824233174/8krvsf8.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701840/; classtype:trojan-activity;sid:84564940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.197.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701839/; classtype:trojan-activity;sid:84564939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.129.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701838/; classtype:trojan-activity;sid:84564938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701837)"; flow:established,from_client; content:"GET"; http_method; content:"/udrcirhv"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"licht.argonbucht.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701837/; classtype:trojan-activity;sid:84564937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.35.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701836/; classtype:trojan-activity;sid:84564936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.69.84.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701835/; classtype:trojan-activity;sid:84564935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.84.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701834/; classtype:trojan-activity;sid:84564934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701833/; classtype:trojan-activity;sid:84564933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701832)"; flow:established,from_client; content:"GET"; http_method; content:"/l18islyr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tau.ibexweald.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701832/; classtype:trojan-activity;sid:84564932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.165.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701831/; classtype:trojan-activity;sid:84564931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.234.246.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701830/; classtype:trojan-activity;sid:84564930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.35.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701829/; classtype:trojan-activity;sid:84564929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.69.84.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701828/; classtype:trojan-activity;sid:84564928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.239.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701827/; classtype:trojan-activity;sid:84564927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701826/; classtype:trojan-activity;sid:84564926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701825)"; flow:established,from_client; content:"GET"; http_method; content:"/6xqboma8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eiche.ibexweald.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701825/; classtype:trojan-activity;sid:84564925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.108.49.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701824/; classtype:trojan-activity;sid:84564924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701823/; classtype:trojan-activity;sid:84564923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701822)"; flow:established,from_client; content:"GET"; http_method; content:"/z0niyxqt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"grat.dovemantel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701822/; classtype:trojan-activity;sid:84564922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701821/; classtype:trojan-activity;sid:84564921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.34.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701820/; classtype:trojan-activity;sid:84564920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701819)"; flow:established,from_client; content:"GET"; http_method; content:"/0agyimw7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hafen.dovemantel.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701819/; classtype:trojan-activity;sid:84564919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.5.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701818/; classtype:trojan-activity;sid:84564918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.172.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701817/; classtype:trojan-activity;sid:84564917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701816/; classtype:trojan-activity;sid:84564916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701815)"; flow:established,from_client; content:"GET"; http_method; content:"/wshff1b3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pfad.elmquarry.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701815/; classtype:trojan-activity;sid:84564915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.211.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701814/; classtype:trojan-activity;sid:84564914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.230.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701813/; classtype:trojan-activity;sid:84564913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.128.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701812/; classtype:trojan-activity;sid:84564912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.155.146.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701811/; classtype:trojan-activity;sid:84564911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701810/; classtype:trojan-activity;sid:84564910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701809)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701809/; classtype:trojan-activity;sid:84564909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701808)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701808/; classtype:trojan-activity;sid:84564908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701806)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701806/; classtype:trojan-activity;sid:84564906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701807)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701807/; classtype:trojan-activity;sid:84564907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701805)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701805/; classtype:trojan-activity;sid:84564905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701801)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701801/; classtype:trojan-activity;sid:84564901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701802)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701802/; classtype:trojan-activity;sid:84564902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701803)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701803/; classtype:trojan-activity;sid:84564903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701804)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701804/; classtype:trojan-activity;sid:84564904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701800)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701800/; classtype:trojan-activity;sid:84564900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701798)"; flow:established,from_client; content:"GET"; http_method; content:"/debug"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701798/; classtype:trojan-activity;sid:84564898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701799)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701799/; classtype:trojan-activity;sid:84564899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.5.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701797/; classtype:trojan-activity;sid:84564897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.172.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701796/; classtype:trojan-activity;sid:84564896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.71.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701795/; classtype:trojan-activity;sid:84564895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701794/; classtype:trojan-activity;sid:84564894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.47.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701793/; classtype:trojan-activity;sid:84564893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.71.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701792/; classtype:trojan-activity;sid:84564892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.248.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701791/; classtype:trojan-activity;sid:84564891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.103.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701790/; classtype:trojan-activity;sid:84564890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701789)"; flow:established,from_client; content:"GET"; http_method; content:"/n8toawpq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gleam.xenonridge.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701789/; classtype:trojan-activity;sid:84564889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701788)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/stwhchoj.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.135.194.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701788/; classtype:trojan-activity;sid:84564888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701787/; classtype:trojan-activity;sid:84564887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701786)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7323453331/jmnnu0h.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701786/; classtype:trojan-activity;sid:84564886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701785/; classtype:trojan-activity;sid:84564885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.248.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701783/; classtype:trojan-activity;sid:84564883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.47.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701784/; classtype:trojan-activity;sid:84564884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.244.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701782/; classtype:trojan-activity;sid:84564882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.84.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701781/; classtype:trojan-activity;sid:84564881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.230.164.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701780/; classtype:trojan-activity;sid:84564880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701779)"; flow:established,from_client; content:"GET"; http_method; content:"/cqpxc0a8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"birch.sparrowdock.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701779/; classtype:trojan-activity;sid:84564879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.190.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701778/; classtype:trojan-activity;sid:84564878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.23.129"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701777/; classtype:trojan-activity;sid:84564877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701776)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/9t3d4g8.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701776/; classtype:trojan-activity;sid:84564876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.190.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701775/; classtype:trojan-activity;sid:84564875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.211.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701774/; classtype:trojan-activity;sid:84564874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.212.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701773/; classtype:trojan-activity;sid:84564873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.171.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701772/; classtype:trojan-activity;sid:84564872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701771)"; flow:established,from_client; content:"GET"; http_method; content:"/y5yjvkgq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ufer.anvilklee.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701771/; classtype:trojan-activity;sid:84564871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.79.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701770/; classtype:trojan-activity;sid:84564870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.77.46.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701769/; classtype:trojan-activity;sid:84564869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701768)"; flow:established,from_client; content:"GET"; http_method; content:"/9cpxz7af"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"stein.anvilklee.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701768/; classtype:trojan-activity;sid:84564868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.173.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701767/; classtype:trojan-activity;sid:84564867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.171.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701766/; classtype:trojan-activity;sid:84564866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.252.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701765/; classtype:trojan-activity;sid:84564865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.225.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701764/; classtype:trojan-activity;sid:84564864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.25.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701763/; classtype:trojan-activity;sid:84564863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.102.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701762/; classtype:trojan-activity;sid:84564862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.6.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701761/; classtype:trojan-activity;sid:84564861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.231.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701760/; classtype:trojan-activity;sid:84564860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.239.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701759/; classtype:trojan-activity;sid:84564859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.72.238.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701758/; classtype:trojan-activity;sid:84564858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.84.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701757/; classtype:trojan-activity;sid:84564857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.25.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701756/; classtype:trojan-activity;sid:84564856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701755)"; flow:established,from_client; content:"GET"; http_method; content:"/eyo212ig"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moor.sageufer.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701755/; classtype:trojan-activity;sid:84564855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.144.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701754/; classtype:trojan-activity;sid:84564854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.95.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701753/; classtype:trojan-activity;sid:84564853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.232.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701752/; classtype:trojan-activity;sid:84564852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.243.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701750/; classtype:trojan-activity;sid:84564850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.138.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701751/; classtype:trojan-activity;sid:84564851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.239.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701749/; classtype:trojan-activity;sid:84564849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.231.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701748/; classtype:trojan-activity;sid:84564848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.40.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701747/; classtype:trojan-activity;sid:84564847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.255.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701746/; classtype:trojan-activity;sid:84564846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.6.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701745/; classtype:trojan-activity;sid:84564845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701744)"; flow:established,from_client; content:"GET"; http_method; content:"/k12k6y5g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bach.echohang.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701744/; classtype:trojan-activity;sid:84564844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.81.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701743/; classtype:trojan-activity;sid:84564843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.84.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701742/; classtype:trojan-activity;sid:84564842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.144.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701741/; classtype:trojan-activity;sid:84564841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.243.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701740/; classtype:trojan-activity;sid:84564840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701739)"; flow:established,from_client; content:"GET"; http_method; content:"/wo2ppa90"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"krone.echohang.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701739/; classtype:trojan-activity;sid:84564839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.49.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701738/; classtype:trojan-activity;sid:84564838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.252.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701737/; classtype:trojan-activity;sid:84564837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.127.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701736/; classtype:trojan-activity;sid:84564836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.87.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701735/; classtype:trojan-activity;sid:84564835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701734/; classtype:trojan-activity;sid:84564834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701733/; classtype:trojan-activity;sid:84564833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701732)"; flow:established,from_client; content:"GET"; http_method; content:"/sp9z9jug"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ufer.shadowtal.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701732/; classtype:trojan-activity;sid:84564832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701731)"; flow:established,from_client; content:"GET"; http_method; content:"/files/814870813/8acq1rp.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701731/; classtype:trojan-activity;sid:84564831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701730/; classtype:trojan-activity;sid:84564830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.54.95.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701728/; classtype:trojan-activity;sid:84564828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.9.223"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701729/; classtype:trojan-activity;sid:84564829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.87.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701727/; classtype:trojan-activity;sid:84564827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701726/; classtype:trojan-activity;sid:84564826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.160.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701725/; classtype:trojan-activity;sid:84564825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.48.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701724/; classtype:trojan-activity;sid:84564824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.27.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701723/; classtype:trojan-activity;sid:84564823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.166.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701722/; classtype:trojan-activity;sid:84564822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701721/; classtype:trojan-activity;sid:84564821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701720)"; flow:established,from_client; content:"GET"; http_method; content:"/iypwyz0g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"grat.crimsonwald.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701720/; classtype:trojan-activity;sid:84564820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.197.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701719/; classtype:trojan-activity;sid:84564819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.38.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701718/; classtype:trojan-activity;sid:84564818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.198.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701717/; classtype:trojan-activity;sid:84564817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.160.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701716/; classtype:trojan-activity;sid:84564816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701715)"; flow:established,from_client; content:"GET"; http_method; content:"/pp4fjj40"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eis.crimsonwald.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701715/; classtype:trojan-activity;sid:84564815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701714/; classtype:trojan-activity;sid:84564814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.21.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701713/; classtype:trojan-activity;sid:84564813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701712)"; flow:established,from_client; content:"GET"; http_method; content:"/v89mbh4d"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"stern.quartzhain.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701712/; classtype:trojan-activity;sid:84564812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701711)"; flow:established,from_client; content:"GET"; http_method; content:"/g1bam104"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eiche.quartzhain.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701711/; classtype:trojan-activity;sid:84564811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.46.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701710/; classtype:trojan-activity;sid:84564810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.166.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701709/; classtype:trojan-activity;sid:84564809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.197.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701708/; classtype:trojan-activity;sid:84564808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701707/; classtype:trojan-activity;sid:84564807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.79.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701705/; classtype:trojan-activity;sid:84564805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.38.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701706/; classtype:trojan-activity;sid:84564806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701704)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck/niggaheeee"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.183.233.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701704/; classtype:trojan-activity;sid:84564804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701703)"; flow:established,from_client; content:"GET"; http_method; content:"/yag7fmw3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moos.granitebach.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701703/; classtype:trojan-activity;sid:84564803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.46.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701702/; classtype:trojan-activity;sid:84564802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701701)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6041505593/g67dndl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701701/; classtype:trojan-activity;sid:84564801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.123.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701700/; classtype:trojan-activity;sid:84564800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.144.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701699/; classtype:trojan-activity;sid:84564799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.79.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701698/; classtype:trojan-activity;sid:84564798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.135.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701697/; classtype:trojan-activity;sid:84564797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.181.224.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701696/; classtype:trojan-activity;sid:84564796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.144.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701695/; classtype:trojan-activity;sid:84564795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701694/; classtype:trojan-activity;sid:84564794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701693/; classtype:trojan-activity;sid:84564793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.123.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701692/; classtype:trojan-activity;sid:84564792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.34.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701691/; classtype:trojan-activity;sid:84564791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701690)"; flow:established,from_client; content:"GET"; http_method; content:"/150ga0po"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wald.copperhang.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701690/; classtype:trojan-activity;sid:84564790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701688)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.245.35.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701688/; classtype:trojan-activity;sid:84564788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701689)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.245.35.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701689/; classtype:trojan-activity;sid:84564789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.55.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701687/; classtype:trojan-activity;sid:84564787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701678)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701678/; classtype:trojan-activity;sid:84564778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701679)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701679/; classtype:trojan-activity;sid:84564779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701680)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701680/; classtype:trojan-activity;sid:84564780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701681)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701681/; classtype:trojan-activity;sid:84564781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701682)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701682/; classtype:trojan-activity;sid:84564782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701683)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701683/; classtype:trojan-activity;sid:84564783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701684)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.245.35.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701684/; classtype:trojan-activity;sid:84564784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701685)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.245.35.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701685/; classtype:trojan-activity;sid:84564785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701686)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.245.35.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701686/; classtype:trojan-activity;sid:84564786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701677)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.245.35.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701677/; classtype:trojan-activity;sid:84564777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.8.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701676/; classtype:trojan-activity;sid:84564776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.108.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701675/; classtype:trojan-activity;sid:84564775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.135.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701674/; classtype:trojan-activity;sid:84564774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.43.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701673/; classtype:trojan-activity;sid:84564773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.43.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701672/; classtype:trojan-activity;sid:84564772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701671)"; flow:established,from_client; content:"GET"; http_method; content:"/jtbse73f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tau.steelpfad.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701671/; classtype:trojan-activity;sid:84564771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.55.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701670/; classtype:trojan-activity;sid:84564770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701669/; classtype:trojan-activity;sid:84564769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.152.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701668/; classtype:trojan-activity;sid:84564768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701667/; classtype:trojan-activity;sid:84564767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.129.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701666/; classtype:trojan-activity;sid:84564766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701665)"; flow:established,from_client; content:"GET"; http_method; content:"/files/814870813/i81fwxp.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701665/; classtype:trojan-activity;sid:84564765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.108.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701664/; classtype:trojan-activity;sid:84564764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701663)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1907797257/6budm0j.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701663/; classtype:trojan-activity;sid:84564763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.245.232.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701662/; classtype:trojan-activity;sid:84564762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.199.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701661/; classtype:trojan-activity;sid:84564761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701660)"; flow:established,from_client; content:"GET"; http_method; content:"/8jk7wznu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gleis.atlasufer.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701660/; classtype:trojan-activity;sid:84564760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.129.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701659/; classtype:trojan-activity;sid:84564759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.34.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701658/; classtype:trojan-activity;sid:84564758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.42.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701657/; classtype:trojan-activity;sid:84564757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.228.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701656/; classtype:trojan-activity;sid:84564756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.8.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701655/; classtype:trojan-activity;sid:84564755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701654)"; flow:established,from_client; content:"GET"; http_method; content:"/u2k5ic6a"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moor.atlasufer.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701654/; classtype:trojan-activity;sid:84564754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.245.232.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701653/; classtype:trojan-activity;sid:84564753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.199.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701652/; classtype:trojan-activity;sid:84564752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.148.195.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701651/; classtype:trojan-activity;sid:84564751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701647)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"221.14.182.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701647/; classtype:trojan-activity;sid:84564747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701648)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"207.148.70.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701648/; classtype:trojan-activity;sid:84564748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701649)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.76.158.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701649/; classtype:trojan-activity;sid:84564749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701650)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.54.244.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701650/; classtype:trojan-activity;sid:84564750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.113.133.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701646/; classtype:trojan-activity;sid:84564746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.74.80.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701645/; classtype:trojan-activity;sid:84564745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701644)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.105.137.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701644/; classtype:trojan-activity;sid:84564744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.192.98.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701642/; classtype:trojan-activity;sid:84564742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.53.28.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701643/; classtype:trojan-activity;sid:84564743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.157.28.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701628/; classtype:trojan-activity;sid:84564728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.226.235.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701629/; classtype:trojan-activity;sid:84564729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.6.64.222"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701630/; classtype:trojan-activity;sid:84564730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"199.192.215.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701631/; classtype:trojan-activity;sid:84564731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.43.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701632/; classtype:trojan-activity;sid:84564732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.253.180.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701633/; classtype:trojan-activity;sid:84564733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.121.142.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701634/; classtype:trojan-activity;sid:84564734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.135.91.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701635/; classtype:trojan-activity;sid:84564735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.44.110.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701636/; classtype:trojan-activity;sid:84564736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701637)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.212.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701637/; classtype:trojan-activity;sid:84564737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.195.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701638/; classtype:trojan-activity;sid:84564738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.235.191.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701639/; classtype:trojan-activity;sid:84564739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.160.65.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701640/; classtype:trojan-activity;sid:84564740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.183.104.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701641/; classtype:trojan-activity;sid:84564741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701626)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.41.157.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701626/; classtype:trojan-activity;sid:84564726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.30.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701627/; classtype:trojan-activity;sid:84564727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.130.197.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701625/; classtype:trojan-activity;sid:84564725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.154.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701624/; classtype:trojan-activity;sid:84564724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.50.27.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701623/; classtype:trojan-activity;sid:84564723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701622)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.154.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701622/; classtype:trojan-activity;sid:84564722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701621/; classtype:trojan-activity;sid:84564721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701620)"; flow:established,from_client; content:"GET"; http_method; content:"/sr7a1ojn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"birch.orionfeld.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701620/; classtype:trojan-activity;sid:84564720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.42.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701619/; classtype:trojan-activity;sid:84564719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.155.146.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701617/; classtype:trojan-activity;sid:84564717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.228.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701618/; classtype:trojan-activity;sid:84564718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.53.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701616/; classtype:trojan-activity;sid:84564716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701615)"; flow:established,from_client; content:"GET"; http_method; content:"/77frnq0r"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"klee.orionfeld.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701615/; classtype:trojan-activity;sid:84564715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701614)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.78.220.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701614/; classtype:trojan-activity;sid:84564714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.148.195.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701613/; classtype:trojan-activity;sid:84564713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.43.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701611/; classtype:trojan-activity;sid:84564711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.68.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701612/; classtype:trojan-activity;sid:84564712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701610)"; flow:established,from_client; content:"GET"; http_method; content:"/oq3dfpg9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wolke.orionfeld.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701610/; classtype:trojan-activity;sid:84564710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.43.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701609/; classtype:trojan-activity;sid:84564709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.49.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701608/; classtype:trojan-activity;sid:84564708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.59.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701607/; classtype:trojan-activity;sid:84564707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.24.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701606/; classtype:trojan-activity;sid:84564706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.19.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701605/; classtype:trojan-activity;sid:84564705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.14.239.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701604/; classtype:trojan-activity;sid:84564704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.184.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701603/; classtype:trojan-activity;sid:84564703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.53.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701602/; classtype:trojan-activity;sid:84564702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.10.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701601/; classtype:trojan-activity;sid:84564701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.247.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701600/; classtype:trojan-activity;sid:84564700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.43.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701599/; classtype:trojan-activity;sid:84564699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.39.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701597/; classtype:trojan-activity;sid:84564697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.68.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701598/; classtype:trojan-activity;sid:84564698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701596)"; flow:established,from_client; content:"GET"; http_method; content:"/ylwkt6gu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fern.br-1-ar-wild.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701596/; classtype:trojan-activity;sid:84564696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.152.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701595/; classtype:trojan-activity;sid:84564695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.117.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701594/; classtype:trojan-activity;sid:84564694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701593)"; flow:established,from_client; content:"GET"; http_method; content:"/wyo4hrct"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ax.m0onforger.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701593/; classtype:trojan-activity;sid:84564693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.14.239.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701592/; classtype:trojan-activity;sid:84564692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.247.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701591/; classtype:trojan-activity;sid:84564691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701590)"; flow:established,from_client; content:"GET"; http_method; content:"/mdrqetdh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lbgxn.m0onforger.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701590/; classtype:trojan-activity;sid:84564690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.184.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701589/; classtype:trojan-activity;sid:84564689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.79.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701588/; classtype:trojan-activity;sid:84564688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.188.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701587/; classtype:trojan-activity;sid:84564687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.39.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701586/; classtype:trojan-activity;sid:84564686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.246.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701585/; classtype:trojan-activity;sid:84564685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.247.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701584/; classtype:trojan-activity;sid:84564684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.12.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701583/; classtype:trojan-activity;sid:84564683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.186.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701582/; classtype:trojan-activity;sid:84564682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701581)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7832120325/upcye86.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701581/; classtype:trojan-activity;sid:84564681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701580)"; flow:established,from_client; content:"GET"; http_method; content:"/sai4qosy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hover4.ember-trail.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701580/; classtype:trojan-activity;sid:84564680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.226.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701579/; classtype:trojan-activity;sid:84564679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.95.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701578/; classtype:trojan-activity;sid:84564678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.205.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701577/; classtype:trojan-activity;sid:84564677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701576)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7832120325/8qjxnry.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701576/; classtype:trojan-activity;sid:84564676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701575)"; flow:established,from_client; content:"GET"; http_method; content:"/el6c4gib"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gl.ember-trail.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701575/; classtype:trojan-activity;sid:84564675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.49.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701574/; classtype:trojan-activity;sid:84564674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.246.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701573/; classtype:trojan-activity;sid:84564673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701572)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7633139978/zqq8qwm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701572/; classtype:trojan-activity;sid:84564672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701571)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5953678887/33sqiso.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701571/; classtype:trojan-activity;sid:84564671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701570/; classtype:trojan-activity;sid:84564670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.154.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701569/; classtype:trojan-activity;sid:84564669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.42.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701568/; classtype:trojan-activity;sid:84564668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.152.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701567/; classtype:trojan-activity;sid:84564667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.95.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701566/; classtype:trojan-activity;sid:84564666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.152.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701565/; classtype:trojan-activity;sid:84564665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.154.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701564/; classtype:trojan-activity;sid:84564664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.42.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701563/; classtype:trojan-activity;sid:84564663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.11.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701562/; classtype:trojan-activity;sid:84564662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701561)"; flow:established,from_client; content:"GET"; http_method; content:"/rh1dhu5k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mto.gi-0-wmarsh.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701561/; classtype:trojan-activity;sid:84564661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.164.198.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701560/; classtype:trojan-activity;sid:84564660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701559)"; flow:established,from_client; content:"GET"; http_method; content:"/s3g96o43"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"6gx.gi-0-wmarsh.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701559/; classtype:trojan-activity;sid:84564659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.179.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701558/; classtype:trojan-activity;sid:84564658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.11.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701557/; classtype:trojan-activity;sid:84564657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.39.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701556/; classtype:trojan-activity;sid:84564656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701555)"; flow:established,from_client; content:"GET"; http_method; content:"/1bmpaqes"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hfcv.gi-0-wmarsh.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701555/; classtype:trojan-activity;sid:84564655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.167.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701554/; classtype:trojan-activity;sid:84564654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.164.198.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701553/; classtype:trojan-activity;sid:84564653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.197.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701552/; classtype:trojan-activity;sid:84564652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.167.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701551/; classtype:trojan-activity;sid:84564651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.39.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701550/; classtype:trojan-activity;sid:84564650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.21.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701549/; classtype:trojan-activity;sid:84564649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.226.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701548/; classtype:trojan-activity;sid:84564648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.246.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701547/; classtype:trojan-activity;sid:84564647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.197.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701546/; classtype:trojan-activity;sid:84564646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.172.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701545/; classtype:trojan-activity;sid:84564645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.155.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701544/; classtype:trojan-activity;sid:84564644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701543)"; flow:established,from_client; content:"GET"; http_method; content:"/b7ybvp9i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"drift.gi0wmarsh.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701543/; classtype:trojan-activity;sid:84564643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.226.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701542/; classtype:trojan-activity;sid:84564642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701541/; classtype:trojan-activity;sid:84564641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.183.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701540/; classtype:trojan-activity;sid:84564640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.117.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701539/; classtype:trojan-activity;sid:84564639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.155.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701538/; classtype:trojan-activity;sid:84564638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.118.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701537/; classtype:trojan-activity;sid:84564637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.119.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701536/; classtype:trojan-activity;sid:84564636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.65.145.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701535/; classtype:trojan-activity;sid:84564635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.117.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701534/; classtype:trojan-activity;sid:84564634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701532/; classtype:trojan-activity;sid:84564632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.29.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701533/; classtype:trojan-activity;sid:84564633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.157.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701531/; classtype:trojan-activity;sid:84564631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701530/; classtype:trojan-activity;sid:84564630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.230.164.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701529/; classtype:trojan-activity;sid:84564629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.244.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701528/; classtype:trojan-activity;sid:84564628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.215.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701527/; classtype:trojan-activity;sid:84564627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701526)"; flow:established,from_client; content:"GET"; http_method; content:"/jxm7ua1p"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"spark.m-0-on-forger.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701526/; classtype:trojan-activity;sid:84564626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.18.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701525/; classtype:trojan-activity;sid:84564625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.186.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701524/; classtype:trojan-activity;sid:84564624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701523/; classtype:trojan-activity;sid:84564623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.171.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701522/; classtype:trojan-activity;sid:84564622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701521)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701521/; classtype:trojan-activity;sid:84564621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.215.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701520/; classtype:trojan-activity;sid:84564620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.186.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701519/; classtype:trojan-activity;sid:84564619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.66.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701518/; classtype:trojan-activity;sid:84564618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701517)"; flow:established,from_client; content:"GET"; http_method; content:"/aud40gyy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dhy.wind-barrow.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701517/; classtype:trojan-activity;sid:84564617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701516)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.38.245.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701516/; classtype:trojan-activity;sid:84564616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701515)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.203.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701515/; classtype:trojan-activity;sid:84564615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701514)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.128.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701514/; classtype:trojan-activity;sid:84564614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701513)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.51.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701513/; classtype:trojan-activity;sid:84564613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701512)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.128.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701512/; classtype:trojan-activity;sid:84564612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701511)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.51.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701511/; classtype:trojan-activity;sid:84564611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701510)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.38.245.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701510/; classtype:trojan-activity;sid:84564610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701509)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.38.245.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701509/; classtype:trojan-activity;sid:84564609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701508)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.38.245.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701508/; classtype:trojan-activity;sid:84564608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701506)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.118.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701506/; classtype:trojan-activity;sid:84564606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701507)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.118.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701507/; classtype:trojan-activity;sid:84564607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701505)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.193.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701505/; classtype:trojan-activity;sid:84564605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701504)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701504/; classtype:trojan-activity;sid:84564604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701503)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.212.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701503/; classtype:trojan-activity;sid:84564603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701502)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"199.38.245.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701502/; classtype:trojan-activity;sid:84564602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701500)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.162.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701500/; classtype:trojan-activity;sid:84564600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701501)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.162.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701501/; classtype:trojan-activity;sid:84564601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701497)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701497/; classtype:trojan-activity;sid:84564597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701498)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.80.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701498/; classtype:trojan-activity;sid:84564598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701499)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.107.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701499/; classtype:trojan-activity;sid:84564599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701496)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.193.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701496/; classtype:trojan-activity;sid:84564596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701494)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.25.194.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701494/; classtype:trojan-activity;sid:84564594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701495)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.194.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701495/; classtype:trojan-activity;sid:84564595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701492)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.162.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701492/; classtype:trojan-activity;sid:84564592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701493)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701493/; classtype:trojan-activity;sid:84564593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701491)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701491/; classtype:trojan-activity;sid:84564591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701490)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.51.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701490/; classtype:trojan-activity;sid:84564590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701488)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701488/; classtype:trojan-activity;sid:84564588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701489)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.107.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701489/; classtype:trojan-activity;sid:84564589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701485)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.83.51.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701485/; classtype:trojan-activity;sid:84564585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701486)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.194.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701486/; classtype:trojan-activity;sid:84564586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701487)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.51.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701487/; classtype:trojan-activity;sid:84564587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701484)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701484/; classtype:trojan-activity;sid:84564584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701483)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.162.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701483/; classtype:trojan-activity;sid:84564583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701480)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"125.80.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701480/; classtype:trojan-activity;sid:84564580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701481)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.240.237.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701481/; classtype:trojan-activity;sid:84564581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701482)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.237.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701482/; classtype:trojan-activity;sid:84564582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701479)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.119.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701479/; classtype:trojan-activity;sid:84564579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701477)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.54.226.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701477/; classtype:trojan-activity;sid:84564577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701478)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.54.226.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701478/; classtype:trojan-activity;sid:84564578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701475)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"191.25.194.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701475/; classtype:trojan-activity;sid:84564575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701476)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.218.212.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701476/; classtype:trojan-activity;sid:84564576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701474)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.167.253.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701474/; classtype:trojan-activity;sid:84564574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701473)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.162.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701473/; classtype:trojan-activity;sid:84564573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701470)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.51.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701470/; classtype:trojan-activity;sid:84564570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701471)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.78.220.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701471/; classtype:trojan-activity;sid:84564571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701472)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.237.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701472/; classtype:trojan-activity;sid:84564572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701467)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.194.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701467/; classtype:trojan-activity;sid:84564567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701468)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701468/; classtype:trojan-activity;sid:84564568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701469)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.237.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701469/; classtype:trojan-activity;sid:84564569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701462)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.240.237.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701462/; classtype:trojan-activity;sid:84564562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701463)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701463/; classtype:trojan-activity;sid:84564563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701464)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.25.194.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701464/; classtype:trojan-activity;sid:84564564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701465)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701465/; classtype:trojan-activity;sid:84564565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701466)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701466/; classtype:trojan-activity;sid:84564566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701461)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.240.237.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701461/; classtype:trojan-activity;sid:84564561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701455)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.107.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701455/; classtype:trojan-activity;sid:84564555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701456)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.38.245.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701456/; classtype:trojan-activity;sid:84564556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701457)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.38.245.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701457/; classtype:trojan-activity;sid:84564557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701458)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.194.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701458/; classtype:trojan-activity;sid:84564558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701459)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.162.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701459/; classtype:trojan-activity;sid:84564559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701460)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.162.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701460/; classtype:trojan-activity;sid:84564560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701449)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.212.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701449/; classtype:trojan-activity;sid:84564549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701450)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701450/; classtype:trojan-activity;sid:84564550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701451)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.237.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701451/; classtype:trojan-activity;sid:84564551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701452)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701452/; classtype:trojan-activity;sid:84564552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701453)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701453/; classtype:trojan-activity;sid:84564553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701454)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.80.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701454/; classtype:trojan-activity;sid:84564554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.164.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701448/; classtype:trojan-activity;sid:84564548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.86.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701447/; classtype:trojan-activity;sid:84564547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.30.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701446/; classtype:trojan-activity;sid:84564546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.66.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701445/; classtype:trojan-activity;sid:84564545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701444)"; flow:established,from_client; content:"GET"; http_method; content:"/wuryoi9f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hu.storm-harrow.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701444/; classtype:trojan-activity;sid:84564544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.171.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701443/; classtype:trojan-activity;sid:84564543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.7.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701442/; classtype:trojan-activity;sid:84564542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.86.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701441/; classtype:trojan-activity;sid:84564541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.214.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701440/; classtype:trojan-activity;sid:84564540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.159.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701439/; classtype:trojan-activity;sid:84564539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701438)"; flow:established,from_client; content:"GET"; http_method; content:"/o2fiy6dw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uirs.br1arwild.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701438/; classtype:trojan-activity;sid:84564538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701437)"; flow:established,from_client; content:"GET"; http_method; content:"/ryh38yv2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bloom.br1arwild.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701437/; classtype:trojan-activity;sid:84564537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701436)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701436/; classtype:trojan-activity;sid:84564536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701435)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701435/; classtype:trojan-activity;sid:84564535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701434)"; flow:established,from_client; content:"GET"; http_method; content:"/2022/12/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701434/; classtype:trojan-activity;sid:84564534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701433)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701433/; classtype:trojan-activity;sid:84564533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701432)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/09/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701432/; classtype:trojan-activity;sid:84564532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701431/; classtype:trojan-activity;sid:84564531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701427)"; flow:established,from_client; content:"GET"; http_method; content:"/2020/01/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701427/; classtype:trojan-activity;sid:84564527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701428)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.252.195.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701428/; classtype:trojan-activity;sid:84564528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701429)"; flow:established,from_client; content:"GET"; http_method; content:"/2020/03/27/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701429/; classtype:trojan-activity;sid:84564529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701430)"; flow:established,from_client; content:"GET"; http_method; content:"/eyebeam%201.5/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701430/; classtype:trojan-activity;sid:84564530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701424)"; flow:established,from_client; content:"GET"; http_method; content:"/2022/03/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701424/; classtype:trojan-activity;sid:84564524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701425)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701425/; classtype:trojan-activity;sid:84564525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701426)"; flow:established,from_client; content:"GET"; http_method; content:"/2020/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701426/; classtype:trojan-activity;sid:84564526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701420)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.252.195.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701420/; classtype:trojan-activity;sid:84564520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701421)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201702/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701421/; classtype:trojan-activity;sid:84564521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701422)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701422/; classtype:trojan-activity;sid:84564522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701423)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/10/28/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701423/; classtype:trojan-activity;sid:84564523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701416)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202202/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701416/; classtype:trojan-activity;sid:84564516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701417)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empseal/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701417/; classtype:trojan-activity;sid:84564517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701418)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201511/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701418/; classtype:trojan-activity;sid:84564518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701419)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202102/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701419/; classtype:trojan-activity;sid:84564519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701411)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.252.195.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701411/; classtype:trojan-activity;sid:84564511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701412)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/12/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701412/; classtype:trojan-activity;sid:84564512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701413)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msgaddfiles/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701413/; classtype:trojan-activity;sid:84564513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701414)"; flow:established,from_client; content:"GET"; http_method; content:"/2020/07/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701414/; classtype:trojan-activity;sid:84564514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701415)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201709/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701415/; classtype:trojan-activity;sid:84564515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701407)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/11/13/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701407/; classtype:trojan-activity;sid:84564507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701408)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202205/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701408/; classtype:trojan-activity;sid:84564508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701409)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701409/; classtype:trojan-activity;sid:84564509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701410)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.252.195.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701410/; classtype:trojan-activity;sid:84564510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701404)"; flow:established,from_client; content:"GET"; http_method; content:"/2020/10/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701404/; classtype:trojan-activity;sid:84564504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701405)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202012/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701405/; classtype:trojan-activity;sid:84564505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701406)"; flow:established,from_client; content:"GET"; http_method; content:"/2020/04/29/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701406/; classtype:trojan-activity;sid:84564506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701398)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201604/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701398/; classtype:trojan-activity;sid:84564498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701399)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201805/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701399/; classtype:trojan-activity;sid:84564499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701400)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/11/04/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701400/; classtype:trojan-activity;sid:84564500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701401)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/10/29/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701401/; classtype:trojan-activity;sid:84564501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701402)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701402/; classtype:trojan-activity;sid:84564502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701403)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201710/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701403/; classtype:trojan-activity;sid:84564503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701395)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202505/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701395/; classtype:trojan-activity;sid:84564495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701396)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201605/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701396/; classtype:trojan-activity;sid:84564496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701397)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201603/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701397/; classtype:trojan-activity;sid:84564497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701392)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701392/; classtype:trojan-activity;sid:84564492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701393)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201607/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701393/; classtype:trojan-activity;sid:84564493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701394)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202109/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701394/; classtype:trojan-activity;sid:84564494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701390)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202008/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701390/; classtype:trojan-activity;sid:84564490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701391)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202012/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701391/; classtype:trojan-activity;sid:84564491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701389)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201907/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701389/; classtype:trojan-activity;sid:84564489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701384)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202405/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701384/; classtype:trojan-activity;sid:84564484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701385)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202105/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701385/; classtype:trojan-activity;sid:84564485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701386)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201511/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701386/; classtype:trojan-activity;sid:84564486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701387)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202012/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701387/; classtype:trojan-activity;sid:84564487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701388)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.252.195.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701388/; classtype:trojan-activity;sid:84564488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701381)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/202105/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701381/; classtype:trojan-activity;sid:84564481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701382)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202203/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701382/; classtype:trojan-activity;sid:84564482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701383)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/sy/photo.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701383/; classtype:trojan-activity;sid:84564483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701377)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201907/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701377/; classtype:trojan-activity;sid:84564477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701378)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empstamp/video.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701378/; classtype:trojan-activity;sid:84564478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701379)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/emppic/video.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701379/; classtype:trojan-activity;sid:84564479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701380)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.252.195.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701380/; classtype:trojan-activity;sid:84564480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701376)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.81.115.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701376/; classtype:trojan-activity;sid:84564476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701375)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701375/; classtype:trojan-activity;sid:84564475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701374)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.28.204.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701374/; classtype:trojan-activity;sid:84564474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701373)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.207.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701373/; classtype:trojan-activity;sid:84564473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701372)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701372/; classtype:trojan-activity;sid:84564472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701368)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.48.27.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701368/; classtype:trojan-activity;sid:84564468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701369)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701369/; classtype:trojan-activity;sid:84564469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701370)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"110.81.115.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701370/; classtype:trojan-activity;sid:84564470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701371)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.207.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701371/; classtype:trojan-activity;sid:84564471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701367)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.249.12.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701367/; classtype:trojan-activity;sid:84564467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701366)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.223.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701366/; classtype:trojan-activity;sid:84564466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701363)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.114.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701363/; classtype:trojan-activity;sid:84564463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701364)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701364/; classtype:trojan-activity;sid:84564464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701365)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.207.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701365/; classtype:trojan-activity;sid:84564465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701360)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.89.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701360/; classtype:trojan-activity;sid:84564460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701361)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.249.12.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701361/; classtype:trojan-activity;sid:84564461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701362)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701362/; classtype:trojan-activity;sid:84564462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701358)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.249.12.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701358/; classtype:trojan-activity;sid:84564458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701359)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701359/; classtype:trojan-activity;sid:84564459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701356)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.170.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701356/; classtype:trojan-activity;sid:84564456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701357)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.48.27.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701357/; classtype:trojan-activity;sid:84564457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701354)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.81.115.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701354/; classtype:trojan-activity;sid:84564454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701351)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.207.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701351/; classtype:trojan-activity;sid:84564451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701348)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.158.4.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701348/; classtype:trojan-activity;sid:84564448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701333)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.223.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701333/; classtype:trojan-activity;sid:84564433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701332)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.207.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701332/; classtype:trojan-activity;sid:84564432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.225.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701329/; classtype:trojan-activity;sid:84564429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701330)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.249.2.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701330/; classtype:trojan-activity;sid:84564430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701331)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.236.129.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701331/; classtype:trojan-activity;sid:84564431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701328)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.207.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701328/; classtype:trojan-activity;sid:84564428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701326)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701326/; classtype:trojan-activity;sid:84564426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.249.2.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701327/; classtype:trojan-activity;sid:84564427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701325)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.207.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701325/; classtype:trojan-activity;sid:84564425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701323)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.48.27.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701323/; classtype:trojan-activity;sid:84564423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701324)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701324/; classtype:trojan-activity;sid:84564424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701318)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701318/; classtype:trojan-activity;sid:84564418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701319)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701319/; classtype:trojan-activity;sid:84564419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701320)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.2.111.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701320/; classtype:trojan-activity;sid:84564420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701321)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.223.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701321/; classtype:trojan-activity;sid:84564421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701322)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.225.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701322/; classtype:trojan-activity;sid:84564422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701316)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701316/; classtype:trojan-activity;sid:84564416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701317)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701317/; classtype:trojan-activity;sid:84564417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.49.211.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701305/; classtype:trojan-activity;sid:84564405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701304)"; flow:established,from_client; content:"GET"; http_method; content:"/8m0ekmn6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"brook.cinderloom.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701304/; classtype:trojan-activity;sid:84564404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.59.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701303/; classtype:trojan-activity;sid:84564403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701302)"; flow:established,from_client; content:"GET"; http_method; content:"/cooking.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uploadsfre.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701302/; classtype:trojan-activity;sid:84564402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701301)"; flow:established,from_client; content:"GET"; http_method; content:"/loaad.msi"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aplikasiikan.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701301/; classtype:trojan-activity;sid:84564401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.106.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701300/; classtype:trojan-activity;sid:84564400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701299)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/thanh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"superfluitymagazine.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701299/; classtype:trojan-activity;sid:84564399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.152.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701298/; classtype:trojan-activity;sid:84564398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701297)"; flow:established,from_client; content:"GET"; http_method; content:"/uydclexb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vale0.cinderloom.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701297/; classtype:trojan-activity;sid:84564397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.183.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701296/; classtype:trojan-activity;sid:84564396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.188.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701294/; classtype:trojan-activity;sid:84564394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701295/; classtype:trojan-activity;sid:84564395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.59.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701293/; classtype:trojan-activity;sid:84564393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.106.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701292/; classtype:trojan-activity;sid:84564392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.166.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701291/; classtype:trojan-activity;sid:84564391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.78.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701290/; classtype:trojan-activity;sid:84564390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701289/; classtype:trojan-activity;sid:84564389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701288/; classtype:trojan-activity;sid:84564388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701287)"; flow:established,from_client; content:"GET"; http_method; content:"/1ew6u01v"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hover.fr0stciiff.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701287/; classtype:trojan-activity;sid:84564387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.188.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701286/; classtype:trojan-activity;sid:84564386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.198.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701285/; classtype:trojan-activity;sid:84564385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.43.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701284/; classtype:trojan-activity;sid:84564384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.78.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701283/; classtype:trojan-activity;sid:84564383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.236.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701282/; classtype:trojan-activity;sid:84564382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.217.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701281/; classtype:trojan-activity;sid:84564381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701280)"; flow:established,from_client; content:"GET"; http_method; content:"/uvshi5um"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uf6qo.fr0stciiff.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701280/; classtype:trojan-activity;sid:84564380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.199.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701279/; classtype:trojan-activity;sid:84564379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.131.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701277/; classtype:trojan-activity;sid:84564377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.116.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701278/; classtype:trojan-activity;sid:84564378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701276)"; flow:established,from_client; content:"GET"; http_method; content:"/k6scvyji"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pwmt.embertrail.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701276/; classtype:trojan-activity;sid:84564376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.180.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701275/; classtype:trojan-activity;sid:84564375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.43.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701274/; classtype:trojan-activity;sid:84564374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.233.58.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701273/; classtype:trojan-activity;sid:84564373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.217.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701272/; classtype:trojan-activity;sid:84564372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.123.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701270/; classtype:trojan-activity;sid:84564370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.94.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701271/; classtype:trojan-activity;sid:84564371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.123.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701269/; classtype:trojan-activity;sid:84564369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.180.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701268/; classtype:trojan-activity;sid:84564368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.199.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701267/; classtype:trojan-activity;sid:84564367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701266/; classtype:trojan-activity;sid:84564366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.186.205.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701264/; classtype:trojan-activity;sid:84564364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.120.56.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701265/; classtype:trojan-activity;sid:84564365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.233.58.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701263/; classtype:trojan-activity;sid:84564363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.186.205.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701262/; classtype:trojan-activity;sid:84564362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.18.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701261/; classtype:trojan-activity;sid:84564361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.164.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701260/; classtype:trojan-activity;sid:84564360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.72.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701259/; classtype:trojan-activity;sid:84564359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.157.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701258/; classtype:trojan-activity;sid:84564358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.79.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701257/; classtype:trojan-activity;sid:84564357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.252.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701256/; classtype:trojan-activity;sid:84564356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.52.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701255/; classtype:trojan-activity;sid:84564355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.82.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701254/; classtype:trojan-activity;sid:84564354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.193.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701253/; classtype:trojan-activity;sid:84564353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.126.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701252/; classtype:trojan-activity;sid:84564352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701251)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/nguwqee.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701251/; classtype:trojan-activity;sid:84564351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701250)"; flow:established,from_client; content:"GET"; http_method; content:"/pqkl287h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"60w.lake-spry.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701250/; classtype:trojan-activity;sid:84564350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701249/; classtype:trojan-activity;sid:84564349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.79.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701248/; classtype:trojan-activity;sid:84564348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.252.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701247/; classtype:trojan-activity;sid:84564347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701246)"; flow:established,from_client; content:"GET"; http_method; content:"/3ezkyfp4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pigb.lake-spry.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701246/; classtype:trojan-activity;sid:84564346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.82.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701245/; classtype:trojan-activity;sid:84564345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.126.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701244/; classtype:trojan-activity;sid:84564344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701243/; classtype:trojan-activity;sid:84564343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.111.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701242/; classtype:trojan-activity;sid:84564342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.71.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701241/; classtype:trojan-activity;sid:84564341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.35.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701240/; classtype:trojan-activity;sid:84564340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.114.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701239/; classtype:trojan-activity;sid:84564339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.100.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701238/; classtype:trojan-activity;sid:84564338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.138.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701237/; classtype:trojan-activity;sid:84564337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.23.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701236/; classtype:trojan-activity;sid:84564336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701235/; classtype:trojan-activity;sid:84564335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.100.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701234/; classtype:trojan-activity;sid:84564334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.100.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701232/; classtype:trojan-activity;sid:84564332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.52.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701233/; classtype:trojan-activity;sid:84564333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.93.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701230/; classtype:trojan-activity;sid:84564330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.23.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701231/; classtype:trojan-activity;sid:84564331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.205.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701229/; classtype:trojan-activity;sid:84564329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.20.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701228/; classtype:trojan-activity;sid:84564328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701227/; classtype:trojan-activity;sid:84564327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.114.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701226/; classtype:trojan-activity;sid:84564326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701225/; classtype:trojan-activity;sid:84564325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.100.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701224/; classtype:trojan-activity;sid:84564324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701223)"; flow:established,from_client; content:"GET"; http_method; content:"/58uyyubc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"i6gx6.s0ftfern.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701223/; classtype:trojan-activity;sid:84564323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.182.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701222/; classtype:trojan-activity;sid:84564322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701221/; classtype:trojan-activity;sid:84564321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.91.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701220/; classtype:trojan-activity;sid:84564320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701219)"; flow:established,from_client; content:"GET"; http_method; content:"/a7tko7of"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ib.lakespry.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701219/; classtype:trojan-activity;sid:84564319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.121.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701218/; classtype:trojan-activity;sid:84564318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.210.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701217/; classtype:trojan-activity;sid:84564317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701216)"; flow:established,from_client; content:"GET"; http_method; content:"/uc52p22x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r349.lakespry.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701216/; classtype:trojan-activity;sid:84564316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.228.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701215/; classtype:trojan-activity;sid:84564315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.223.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701214/; classtype:trojan-activity;sid:84564314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701213)"; flow:established,from_client; content:"GET"; http_method; content:"/ryc5alxm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gk0.bl1zpond.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701213/; classtype:trojan-activity;sid:84564313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.109.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701212/; classtype:trojan-activity;sid:84564312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.201.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701211/; classtype:trojan-activity;sid:84564311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.228.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701210/; classtype:trojan-activity;sid:84564310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.202.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701209/; classtype:trojan-activity;sid:84564309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.32.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701208/; classtype:trojan-activity;sid:84564308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701207)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/dgghm5b.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701207/; classtype:trojan-activity;sid:84564307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701206)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsformatxxxxxxxxxxxxxxx.hta"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"107.172.132.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701206/; classtype:trojan-activity;sid:84564306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701205)"; flow:established,from_client; content:"GET"; http_method; content:"/apvjcu9pkxwkumvj/d.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"file.garden"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701205/; classtype:trojan-activity;sid:84564305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701204)"; flow:established,from_client; content:"GET"; http_method; content:"/qxgfzd.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701204/; classtype:trojan-activity;sid:84564304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701203)"; flow:established,from_client; content:"GET"; http_method; content:"/scoto.jpb"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701203/; classtype:trojan-activity;sid:84564303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.152.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701202/; classtype:trojan-activity;sid:84564302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.147.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701200/; classtype:trojan-activity;sid:84564300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.223.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701201/; classtype:trojan-activity;sid:84564301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701199)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701199/; classtype:trojan-activity;sid:84564299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701197)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701197/; classtype:trojan-activity;sid:84564297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701198)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701198/; classtype:trojan-activity;sid:84564298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701190)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701190/; classtype:trojan-activity;sid:84564290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701191)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701191/; classtype:trojan-activity;sid:84564291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701192)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701192/; classtype:trojan-activity;sid:84564292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701193)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701193/; classtype:trojan-activity;sid:84564293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701194)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701194/; classtype:trojan-activity;sid:84564294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701195)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701195/; classtype:trojan-activity;sid:84564295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701196)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701196/; classtype:trojan-activity;sid:84564296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701186)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701186/; classtype:trojan-activity;sid:84564286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701187)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701187/; classtype:trojan-activity;sid:84564287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701188)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sparc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701188/; classtype:trojan-activity;sid:84564288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701189)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701189/; classtype:trojan-activity;sid:84564289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701183)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701183/; classtype:trojan-activity;sid:84564283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701184)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.i586"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701184/; classtype:trojan-activity;sid:84564284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701185/; classtype:trojan-activity;sid:84564285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.73.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701182/; classtype:trojan-activity;sid:84564282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701181)"; flow:established,from_client; content:"GET"; http_method; content:"/blackshell256/null-amsi/refs/heads/main/null-4msi.ps1"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701181/; classtype:trojan-activity;sid:84564281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701180)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701180/; classtype:trojan-activity;sid:84564280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701178)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701178/; classtype:trojan-activity;sid:84564278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701179)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701179/; classtype:trojan-activity;sid:84564279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701177)"; flow:established,from_client; content:"GET"; http_method; content:"/file/magis-celular_vlatest_2.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"magistvapk.com.ar"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701177/; classtype:trojan-activity;sid:84564277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701175)"; flow:established,from_client; content:"GET"; http_method; content:"/otthippo1.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"app011.online"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701175/; classtype:trojan-activity;sid:84564275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701176)"; flow:established,from_client; content:"GET"; http_method; content:"/download/direct/2c7dfd63-1301-40d7-ac1d-021e20866e43/zoomworkspaceinstaller.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"store-na-phx-4.gofile.io"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701176/; classtype:trojan-activity;sid:84564276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701174)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/app.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"golesya.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701174/; classtype:trojan-activity;sid:84564274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701172)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/gizbocasino.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"apkdownload-service.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701172/; classtype:trojan-activity;sid:84564272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701173)"; flow:established,from_client; content:"GET"; http_method; content:"/install/android/ins2/install.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"vibet77.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701173/; classtype:trojan-activity;sid:84564273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701166)"; flow:established,from_client; content:"GET"; http_method; content:"/rustore.apk|3f|t=1762637072"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"rustore.info"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701166/; classtype:trojan-activity;sid:84564266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701167)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701167/; classtype:trojan-activity;sid:84564267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701168)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701168/; classtype:trojan-activity;sid:84564268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701169)"; flow:established,from_client; content:"GET"; http_method; content:"/iranian.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"vamfa.site"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701169/; classtype:trojan-activity;sid:84564269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701170)"; flow:established,from_client; content:"GET"; http_method; content:"/m/downloads/download.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ldbgaming24.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701170/; classtype:trojan-activity;sid:84564270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701171)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/overplay138.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"overplay-138.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701171/; classtype:trojan-activity;sid:84564271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701165)"; flow:established,from_client; content:"GET"; http_method; content:"/br/app/protecao_cartao.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"protecaocartao.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701165/; classtype:trojan-activity;sid:84564265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701164)"; flow:established,from_client; content:"GET"; http_method; content:"/page/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"zzoomiinvitee.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701164/; classtype:trojan-activity;sid:84564264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701161)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701161/; classtype:trojan-activity;sid:84564261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701162)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701162/; classtype:trojan-activity;sid:84564262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701163)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701163/; classtype:trojan-activity;sid:84564263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701154)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701154/; classtype:trojan-activity;sid:84564254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701155)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701155/; classtype:trojan-activity;sid:84564255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701156)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701156/; classtype:trojan-activity;sid:84564256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701157)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701157/; classtype:trojan-activity;sid:84564257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701158)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701158/; classtype:trojan-activity;sid:84564258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701159)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i486"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701159/; classtype:trojan-activity;sid:84564259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701160)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701160/; classtype:trojan-activity;sid:84564260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.201.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701153/; classtype:trojan-activity;sid:84564253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.86.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701151/; classtype:trojan-activity;sid:84564251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.32.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701152/; classtype:trojan-activity;sid:84564252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.207.87.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701150/; classtype:trojan-activity;sid:84564250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.152.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701149/; classtype:trojan-activity;sid:84564249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701148)"; flow:established,from_client; content:"GET"; http_method; content:"/hg980kvl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"l3.sm0kewood.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701148/; classtype:trojan-activity;sid:84564248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.185.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701147/; classtype:trojan-activity;sid:84564247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.117.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701145/; classtype:trojan-activity;sid:84564245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.147.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701146/; classtype:trojan-activity;sid:84564246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.109.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701144/; classtype:trojan-activity;sid:84564244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.86.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701143/; classtype:trojan-activity;sid:84564243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.193.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701142/; classtype:trojan-activity;sid:84564242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.231.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701141/; classtype:trojan-activity;sid:84564241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.97.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701140/; classtype:trojan-activity;sid:84564240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.133.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701139/; classtype:trojan-activity;sid:84564239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.144.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701138/; classtype:trojan-activity;sid:84564238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.84.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701137/; classtype:trojan-activity;sid:84564237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.207.87.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701136/; classtype:trojan-activity;sid:84564236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.231.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701135/; classtype:trojan-activity;sid:84564235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.73.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701134/; classtype:trojan-activity;sid:84564234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701133/; classtype:trojan-activity;sid:84564233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.117.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701132/; classtype:trojan-activity;sid:84564232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.193.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701131/; classtype:trojan-activity;sid:84564231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.97.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701130/; classtype:trojan-activity;sid:84564230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.0.46.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701128/; classtype:trojan-activity;sid:84564228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701129/; classtype:trojan-activity;sid:84564229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701127)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/1vkdkygc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"pixeldrain.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701127/; classtype:trojan-activity;sid:84564227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701126)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/o8cgfwc.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701126/; classtype:trojan-activity;sid:84564226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701124)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106135533.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"hullabusch.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701124/; classtype:trojan-activity;sid:84564224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701125)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251105162951.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"cryyp.42web.io"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701125/; classtype:trojan-activity;sid:84564225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701123)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251107114801.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ailber.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701123/; classtype:trojan-activity;sid:84564223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701122)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701122/; classtype:trojan-activity;sid:84564222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701121)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6350135267/ytoejds.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701121/; classtype:trojan-activity;sid:84564221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.255.251.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701120/; classtype:trojan-activity;sid:84564220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701119/; classtype:trojan-activity;sid:84564219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701118)"; flow:established,from_client; content:"GET"; http_method; content:"/xmllhd19"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"brook.frostfox.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701118/; classtype:trojan-activity;sid:84564218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701117/; classtype:trojan-activity;sid:84564217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701116/; classtype:trojan-activity;sid:84564216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701115)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6075866260/a5lxijs.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701115/; classtype:trojan-activity;sid:84564215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.193.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701114/; classtype:trojan-activity;sid:84564214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.164.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701112/; classtype:trojan-activity;sid:84564212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.79.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701113/; classtype:trojan-activity;sid:84564213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701111/; classtype:trojan-activity;sid:84564211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701110/; classtype:trojan-activity;sid:84564210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.255.251.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701109/; classtype:trojan-activity;sid:84564209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.16.59.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701108/; classtype:trojan-activity;sid:84564208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701107)"; flow:established,from_client; content:"GET"; http_method; content:"/z6draprx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"klee.cometpfad.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701107/; classtype:trojan-activity;sid:84564207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.69.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701106/; classtype:trojan-activity;sid:84564206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.36.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701105/; classtype:trojan-activity;sid:84564205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.193.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701104/; classtype:trojan-activity;sid:84564204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701103)"; flow:established,from_client; content:"GET"; http_method; content:"/bidh1og4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gleis.cometpfad.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701103/; classtype:trojan-activity;sid:84564203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.196.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701102/; classtype:trojan-activity;sid:84564202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.247.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701101/; classtype:trojan-activity;sid:84564201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.221.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701100/; classtype:trojan-activity;sid:84564200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.79.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701099/; classtype:trojan-activity;sid:84564199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701097)"; flow:established,from_client; content:"GET"; http_method; content:"/l1b3korh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mond.cometpfad.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701097/; classtype:trojan-activity;sid:84564197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.166.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701098/; classtype:trojan-activity;sid:84564198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.164.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701096/; classtype:trojan-activity;sid:84564196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.36.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701095/; classtype:trojan-activity;sid:84564195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.221.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701094/; classtype:trojan-activity;sid:84564194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.69.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701093/; classtype:trojan-activity;sid:84564193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701092)"; flow:established,from_client; content:"GET"; http_method; content:"/w75wrhp5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"glut.ravenkamm.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701092/; classtype:trojan-activity;sid:84564192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.196.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701091/; classtype:trojan-activity;sid:84564191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701090)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701090/; classtype:trojan-activity;sid:84564190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701089)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701089/; classtype:trojan-activity;sid:84564189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701083)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701083/; classtype:trojan-activity;sid:84564183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701084)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701084/; classtype:trojan-activity;sid:84564184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701085)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701085/; classtype:trojan-activity;sid:84564185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701086)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701086/; classtype:trojan-activity;sid:84564186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701087)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701087/; classtype:trojan-activity;sid:84564187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701088)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701088/; classtype:trojan-activity;sid:84564188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701082)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701082/; classtype:trojan-activity;sid:84564182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.196.29.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701081/; classtype:trojan-activity;sid:84564181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.166.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701080/; classtype:trojan-activity;sid:84564180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.36.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701079/; classtype:trojan-activity;sid:84564179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701078)"; flow:established,from_client; content:"GET"; http_method; content:"/75dlur6u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ufer.ravenkamm.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701078/; classtype:trojan-activity;sid:84564178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701077)"; flow:established,from_client; content:"GET"; http_method; content:"/i1ruwcmj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nacht.stormgrat.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701077/; classtype:trojan-activity;sid:84564177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.171.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701076/; classtype:trojan-activity;sid:84564176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701075)"; flow:established,from_client; content:"GET"; http_method; content:"/eh761mih"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"blatt.stormgrat.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701075/; classtype:trojan-activity;sid:84564175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.94.31.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701073/; classtype:trojan-activity;sid:84564173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.210.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701074/; classtype:trojan-activity;sid:84564174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.178.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701072/; classtype:trojan-activity;sid:84564172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.129.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701071/; classtype:trojan-activity;sid:84564171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.29.147.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701070/; classtype:trojan-activity;sid:84564170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.42.90.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701069/; classtype:trojan-activity;sid:84564169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.94.31.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701068/; classtype:trojan-activity;sid:84564168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.229.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701067/; classtype:trojan-activity;sid:84564167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701066)"; flow:established,from_client; content:"GET"; http_method; content:"/ivq3a0ts"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tau.polarhafen.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701066/; classtype:trojan-activity;sid:84564166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.210.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701065/; classtype:trojan-activity;sid:84564165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.129.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701064/; classtype:trojan-activity;sid:84564164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701063)"; flow:established,from_client; content:"GET"; http_method; content:"/nuf2gh3y"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fjord.polarhafen.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701063/; classtype:trojan-activity;sid:84564163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.116.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701062/; classtype:trojan-activity;sid:84564162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.34.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701061/; classtype:trojan-activity;sid:84564161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701060)"; flow:established,from_client; content:"GET"; http_method; content:"/wku2fu0o"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wolfe.pixelbuche.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701060/; classtype:trojan-activity;sid:84564160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701059)"; flow:established,from_client; content:"GET"; http_method; content:"/7i8yknz0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"birch.pixelbuche.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701059/; classtype:trojan-activity;sid:84564159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701058/; classtype:trojan-activity;sid:84564158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701057)"; flow:established,from_client; content:"GET"; http_method; content:"/ixhsgyvl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"stern.pixelbuche.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701057/; classtype:trojan-activity;sid:84564157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.86.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701056/; classtype:trojan-activity;sid:84564156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.116.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701055/; classtype:trojan-activity;sid:84564155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701054)"; flow:established,from_client; content:"GET"; http_method; content:"/9giyjsoi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fauna.driftkrone.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701054/; classtype:trojan-activity;sid:84564154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.176.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701053/; classtype:trojan-activity;sid:84564153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.202.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701052/; classtype:trojan-activity;sid:84564152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.63.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701051/; classtype:trojan-activity;sid:84564151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.202.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701050/; classtype:trojan-activity;sid:84564150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.116.149.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701049/; classtype:trojan-activity;sid:84564149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701048/; classtype:trojan-activity;sid:84564148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.245.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701047/; classtype:trojan-activity;sid:84564147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.47.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701046/; classtype:trojan-activity;sid:84564146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.67.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701045/; classtype:trojan-activity;sid:84564145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701044)"; flow:established,from_client; content:"GET"; http_method; content:"/dsqfte2t"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gleis.driftkrone.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701044/; classtype:trojan-activity;sid:84564144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.86.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701043/; classtype:trojan-activity;sid:84564143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.84.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701041/; classtype:trojan-activity;sid:84564141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.176.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701042/; classtype:trojan-activity;sid:84564142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.63.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701040/; classtype:trojan-activity;sid:84564140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.0.46.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701039/; classtype:trojan-activity;sid:84564139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.116.149.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701038/; classtype:trojan-activity;sid:84564138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.67.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701037/; classtype:trojan-activity;sid:84564137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.36.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701036/; classtype:trojan-activity;sid:84564136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.193.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701035/; classtype:trojan-activity;sid:84564135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701034)"; flow:established,from_client; content:"GET"; http_method; content:"/uzl5ipz7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moor.frostgipfel.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701034/; classtype:trojan-activity;sid:84564134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.207.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701033/; classtype:trojan-activity;sid:84564133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701032/; classtype:trojan-activity;sid:84564132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.36.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701031/; classtype:trojan-activity;sid:84564131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.33.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701030/; classtype:trojan-activity;sid:84564130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701029/; classtype:trojan-activity;sid:84564129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701028)"; flow:established,from_client; content:"GET"; http_method; content:"/p9qw0x5g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dampf.frostgipfel.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701028/; classtype:trojan-activity;sid:84564128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.60.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701027/; classtype:trojan-activity;sid:84564127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.207.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701026/; classtype:trojan-activity;sid:84564126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.5.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701025/; classtype:trojan-activity;sid:84564125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.185.93.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701024/; classtype:trojan-activity;sid:84564124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.33.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701023/; classtype:trojan-activity;sid:84564123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701022)"; flow:established,from_client; content:"GET"; http_method; content:"/9ld27l71"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ufer.cedarsteg.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701022/; classtype:trojan-activity;sid:84564122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.44.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701020/; classtype:trojan-activity;sid:84564120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.129.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701021/; classtype:trojan-activity;sid:84564121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.185.93.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701019/; classtype:trojan-activity;sid:84564119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701018/; classtype:trojan-activity;sid:84564118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.60.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701017/; classtype:trojan-activity;sid:84564117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701015)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/3h8g2fc.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701015/; classtype:trojan-activity;sid:84564115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.60.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701016/; classtype:trojan-activity;sid:84564116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701014)"; flow:established,from_client; content:"GET"; http_method; content:"/ls0z2cyi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nacht.cedarsteg.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701014/; classtype:trojan-activity;sid:84564114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.131.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701013/; classtype:trojan-activity;sid:84564113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701012)"; flow:established,from_client; content:"GET"; http_method; content:"/ntoh3x4f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zorn.brassgipfel.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701012/; classtype:trojan-activity;sid:84564112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.135.160.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701011/; classtype:trojan-activity;sid:84564111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.44.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701010/; classtype:trojan-activity;sid:84564110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701009/; classtype:trojan-activity;sid:84564109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.60.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701008/; classtype:trojan-activity;sid:84564108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.118.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701007/; classtype:trojan-activity;sid:84564107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.37.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701006/; classtype:trojan-activity;sid:84564106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.94.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701005/; classtype:trojan-activity;sid:84564105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701004)"; flow:established,from_client; content:"GET"; http_method; content:"/pjvhotrr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dorn.ironklippe.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701004/; classtype:trojan-activity;sid:84564104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701003)"; flow:established,from_client; content:"GET"; http_method; content:"/7r3un0wn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"harz.ironklippe.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701003/; classtype:trojan-activity;sid:84564103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.184.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701002/; classtype:trojan-activity;sid:84564102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.118.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701001/; classtype:trojan-activity;sid:84564101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.37.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701000/; classtype:trojan-activity;sid:84564100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.2.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700999/; classtype:trojan-activity;sid:84564099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700998/; classtype:trojan-activity;sid:84564098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.179.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700997/; classtype:trojan-activity;sid:84564097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700996)"; flow:established,from_client; content:"GET"; http_method; content:"/2va3gx3x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rauch.swiftgasse.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700996/; classtype:trojan-activity;sid:84564096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700995/; classtype:trojan-activity;sid:84564095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.184.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700994/; classtype:trojan-activity;sid:84564094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.200.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700993/; classtype:trojan-activity;sid:84564093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.49.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700992/; classtype:trojan-activity;sid:84564092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.2.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700991/; classtype:trojan-activity;sid:84564091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.236.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700990/; classtype:trojan-activity;sid:84564090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.180.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700989/; classtype:trojan-activity;sid:84564089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700988)"; flow:established,from_client; content:"GET"; http_method; content:"/ctv0wafz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fjord.quillwinkel.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700988/; classtype:trojan-activity;sid:84564088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.236.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700987/; classtype:trojan-activity;sid:84564087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700986)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700986/; classtype:trojan-activity;sid:84564086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700985)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700985/; classtype:trojan-activity;sid:84564085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.157.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700984/; classtype:trojan-activity;sid:84564084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700983)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700983/; classtype:trojan-activity;sid:84564083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700981)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700981/; classtype:trojan-activity;sid:84564081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700982)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700982/; classtype:trojan-activity;sid:84564082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700977)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700977/; classtype:trojan-activity;sid:84564077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700978)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700978/; classtype:trojan-activity;sid:84564078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700979)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700979/; classtype:trojan-activity;sid:84564079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700980)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700980/; classtype:trojan-activity;sid:84564080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700964)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700964/; classtype:trojan-activity;sid:84564064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700965)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700965/; classtype:trojan-activity;sid:84564065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700966)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700966/; classtype:trojan-activity;sid:84564066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700967)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700967/; classtype:trojan-activity;sid:84564067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700968)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700968/; classtype:trojan-activity;sid:84564068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700969)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700969/; classtype:trojan-activity;sid:84564069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700970)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700970/; classtype:trojan-activity;sid:84564070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700971)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700971/; classtype:trojan-activity;sid:84564071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700972)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700972/; classtype:trojan-activity;sid:84564072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700973)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700973/; classtype:trojan-activity;sid:84564073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700974)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700974/; classtype:trojan-activity;sid:84564074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700975)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700975/; classtype:trojan-activity;sid:84564075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700976)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700976/; classtype:trojan-activity;sid:84564076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.134.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700963/; classtype:trojan-activity;sid:84564063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.180.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700962/; classtype:trojan-activity;sid:84564062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.5.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700961/; classtype:trojan-activity;sid:84564061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700960)"; flow:established,from_client; content:"GET"; http_method; content:"/k9y33efg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t3.sn0wmint.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700960/; classtype:trojan-activity;sid:84564060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.134.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700959/; classtype:trojan-activity;sid:84564059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.37.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700958/; classtype:trojan-activity;sid:84564058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700957)"; flow:established,from_client; content:"GET"; http_method; content:"/4v4c6903"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2xado.oak-ember.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700957/; classtype:trojan-activity;sid:84564057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.132.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700956/; classtype:trojan-activity;sid:84564056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700955)"; flow:established,from_client; content:"GET"; http_method; content:"/5vd5vuwc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"qcn6.oak-ember.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700955/; classtype:trojan-activity;sid:84564055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700954)"; flow:established,from_client; content:"GET"; http_method; content:"/kjf947ak"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eiyxc.fl0wbud.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700954/; classtype:trojan-activity;sid:84564054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700953)"; flow:established,from_client; content:"GET"; http_method; content:"/gw3bo7wz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"b4.fl0wbud.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700953/; classtype:trojan-activity;sid:84564053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.227.246.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700952/; classtype:trojan-activity;sid:84564052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.133.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700951/; classtype:trojan-activity;sid:84564051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700950/; classtype:trojan-activity;sid:84564050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700949)"; flow:established,from_client; content:"GET"; http_method; content:"/vz9q4kvv"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2qn80.fl0wbud.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700949/; classtype:trojan-activity;sid:84564049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.93.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700948/; classtype:trojan-activity;sid:84564048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.69.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700947/; classtype:trojan-activity;sid:84564047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700946)"; flow:established,from_client; content:"GET"; http_method; content:"/q6b9ui76"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uy4g.fl-0-wbud.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700946/; classtype:trojan-activity;sid:84564046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.133.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700945/; classtype:trojan-activity;sid:84564045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.255.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700944/; classtype:trojan-activity;sid:84564044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.227.246.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700943/; classtype:trojan-activity;sid:84564043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700942/; classtype:trojan-activity;sid:84564042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700941)"; flow:established,from_client; content:"GET"; http_method; content:"/5tjtpmpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"o6.fl-0-wbud.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700941/; classtype:trojan-activity;sid:84564041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.209.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700940/; classtype:trojan-activity;sid:84564040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.69.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700939/; classtype:trojan-activity;sid:84564039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700938)"; flow:established,from_client; content:"GET"; http_method; content:"/exjuuxqt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4.fog-map.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700938/; classtype:trojan-activity;sid:84564038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.75.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700937/; classtype:trojan-activity;sid:84564037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.196.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700936/; classtype:trojan-activity;sid:84564036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700935)"; flow:established,from_client; content:"GET"; http_method; content:"/files/comet/random.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700935/; classtype:trojan-activity;sid:84564035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.48.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700934/; classtype:trojan-activity;sid:84564034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.209.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700933/; classtype:trojan-activity;sid:84564033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.132.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700932/; classtype:trojan-activity;sid:84564032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700931)"; flow:established,from_client; content:"GET"; http_method; content:"/fnlmoeue"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hd1p.r1mrock.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700931/; classtype:trojan-activity;sid:84564031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700930/; classtype:trojan-activity;sid:84564030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.202.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700929/; classtype:trojan-activity;sid:84564029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700928)"; flow:established,from_client; content:"GET"; http_method; content:"/01r26kdp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kzw.lakeray.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700928/; classtype:trojan-activity;sid:84564028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.108.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700927/; classtype:trojan-activity;sid:84564027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.208.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700926/; classtype:trojan-activity;sid:84564026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.176.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700925/; classtype:trojan-activity;sid:84564025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.202.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700924/; classtype:trojan-activity;sid:84564024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.213.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700923/; classtype:trojan-activity;sid:84564023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.208.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700922/; classtype:trojan-activity;sid:84564022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.176.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700921/; classtype:trojan-activity;sid:84564021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700920)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6350135267/j3bh2hv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700920/; classtype:trojan-activity;sid:84564020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.108.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700919/; classtype:trojan-activity;sid:84564019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700918)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6350135267/ytoejds.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700918/; classtype:trojan-activity;sid:84564018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.213.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700917/; classtype:trojan-activity;sid:84564017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700916)"; flow:established,from_client; content:"GET"; http_method; content:"/l7m0xdiz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5jxd.r-1-mrock.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700916/; classtype:trojan-activity;sid:84564016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.231.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700915/; classtype:trojan-activity;sid:84564015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.194.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700914/; classtype:trojan-activity;sid:84564014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.233.9.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700913/; classtype:trojan-activity;sid:84564013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.231.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700912/; classtype:trojan-activity;sid:84564012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.202.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700911/; classtype:trojan-activity;sid:84564011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700910)"; flow:established,from_client; content:"GET"; http_method; content:"/c0g49bhk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0gk.lake-ray.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700910/; classtype:trojan-activity;sid:84564010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.233.9.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700909/; classtype:trojan-activity;sid:84564009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.129.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700908/; classtype:trojan-activity;sid:84564008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700907)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7799503374/h3hvwku.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700907/; classtype:trojan-activity;sid:84564007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700906)"; flow:established,from_client; content:"GET"; http_method; content:"/xt76vn5g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2luj.pooflare.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700906/; classtype:trojan-activity;sid:84564006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700905)"; flow:established,from_client; content:"GET"; http_method; content:"/wlwldim1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"39o1.oakember.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700905/; classtype:trojan-activity;sid:84564005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.194.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700904/; classtype:trojan-activity;sid:84564004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700903/; classtype:trojan-activity;sid:84564003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.63.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700902/; classtype:trojan-activity;sid:84564002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.81.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700901/; classtype:trojan-activity;sid:84564001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.90.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700900/; classtype:trojan-activity;sid:84564000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.156.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700899/; classtype:trojan-activity;sid:84563999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.201.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700898/; classtype:trojan-activity;sid:84563998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.28.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700897/; classtype:trojan-activity;sid:84563997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.193.63.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700896/; classtype:trojan-activity;sid:84563996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700895)"; flow:established,from_client; content:"GET"; http_method; content:"/jrbk9k82"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"k0w2j.skyaxe.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700895/; classtype:trojan-activity;sid:84563995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.90.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700893/; classtype:trojan-activity;sid:84563993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.81.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700894/; classtype:trojan-activity;sid:84563994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700892)"; flow:established,from_client; content:"GET"; http_method; content:"/pjiqc9ia"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x2r.icetap.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700892/; classtype:trojan-activity;sid:84563992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.18.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700891/; classtype:trojan-activity;sid:84563991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700890/; classtype:trojan-activity;sid:84563990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700889)"; flow:established,from_client; content:"GET"; http_method; content:"/q4v04wja"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jbp.icetap.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700889/; classtype:trojan-activity;sid:84563989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.201.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700888/; classtype:trojan-activity;sid:84563988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.183.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700887/; classtype:trojan-activity;sid:84563987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.159.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700886/; classtype:trojan-activity;sid:84563986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.217.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700885/; classtype:trojan-activity;sid:84563985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.28.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700884/; classtype:trojan-activity;sid:84563984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.90.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700883/; classtype:trojan-activity;sid:84563983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700882/; classtype:trojan-activity;sid:84563982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.247.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700881/; classtype:trojan-activity;sid:84563981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.136.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700880/; classtype:trojan-activity;sid:84563980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.217.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700879/; classtype:trojan-activity;sid:84563979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700878/; classtype:trojan-activity;sid:84563978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.126.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700877/; classtype:trojan-activity;sid:84563977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.18.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700876/; classtype:trojan-activity;sid:84563976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700875)"; flow:established,from_client; content:"GET"; http_method; content:"/4uxocmjz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14ba.fogmap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700875/; classtype:trojan-activity;sid:84563975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.136.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700874/; classtype:trojan-activity;sid:84563974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700873)"; flow:established,from_client; content:"GET"; http_method; content:"/7pys78hd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eu5.fogmap.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700873/; classtype:trojan-activity;sid:84563973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700872/; classtype:trojan-activity;sid:84563972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700871)"; flow:established,from_client; content:"GET"; http_method; content:"/yrwskq96"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mr5.fogmap.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700871/; classtype:trojan-activity;sid:84563971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700870)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700870/; classtype:trojan-activity;sid:84563970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700869)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700869/; classtype:trojan-activity;sid:84563969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700868)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700868/; classtype:trojan-activity;sid:84563968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700867)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700867/; classtype:trojan-activity;sid:84563967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700861)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700861/; classtype:trojan-activity;sid:84563961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700862)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700862/; classtype:trojan-activity;sid:84563962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700863)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700863/; classtype:trojan-activity;sid:84563963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700864)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700864/; classtype:trojan-activity;sid:84563964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700865)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700865/; classtype:trojan-activity;sid:84563965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700866)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700866/; classtype:trojan-activity;sid:84563966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.224.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700860/; classtype:trojan-activity;sid:84563960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700859)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/1/2/3/tyma.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700859/; classtype:trojan-activity;sid:84563959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700857)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb2wsf/4/5/6/kola.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700857/; classtype:trojan-activity;sid:84563957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700858)"; flow:established,from_client; content:"GET"; http_method; content:"/wya/r537js829031.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700858/; classtype:trojan-activity;sid:84563958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700855)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb3wsf/7/8/9/uju.wsf"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700855/; classtype:trojan-activity;sid:84563955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700856)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/tyma.wsf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700856/; classtype:trojan-activity;sid:84563956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700853)"; flow:established,from_client; content:"GET"; http_method; content:"/rup/re-5704937421.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700853/; classtype:trojan-activity;sid:84563953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700854)"; flow:established,from_client; content:"GET"; http_method; content:"/w1pp/r503749j637r01.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700854/; classtype:trojan-activity;sid:84563954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.91.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700852/; classtype:trojan-activity;sid:84563952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700850)"; flow:established,from_client; content:"GET"; http_method; content:"/wya/r537js829031.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.219.239.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700850/; classtype:trojan-activity;sid:84563950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700851)"; flow:established,from_client; content:"GET"; http_method; content:"/rup/re-5704937421.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.219.239.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700851/; classtype:trojan-activity;sid:84563951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700849)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/oct27starqq.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700849/; classtype:trojan-activity;sid:84563949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700848)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/oct27mainrq.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700848/; classtype:trojan-activity;sid:84563948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700847)"; flow:established,from_client; content:"GET"; http_method; content:"/7jeff/yjeff.wsf"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"arrived-answers-restoration-screenshots.trycloudflare.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700847/; classtype:trojan-activity;sid:84563947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700846)"; flow:established,from_client; content:"GET"; http_method; content:"/yolo.wsf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700846/; classtype:trojan-activity;sid:84563946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700843)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/sep01x86_ayoo.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700843/; classtype:trojan-activity;sid:84563943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700844)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/oct27mainrq.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700844/; classtype:trojan-activity;sid:84563944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700845)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb2wsf/4/5/6/kola.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.219.239.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700845/; classtype:trojan-activity;sid:84563945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700835)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/yerk.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700835/; classtype:trojan-activity;sid:84563935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700836)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/rut.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700836/; classtype:trojan-activity;sid:84563936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700837)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb127wsf/7jeff/yjeff.wsf"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700837/; classtype:trojan-activity;sid:84563937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700838)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/tyma.wsf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.219.239.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700838/; classtype:trojan-activity;sid:84563938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700839)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/1/2/3/tyma.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.219.239.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700839/; classtype:trojan-activity;sid:84563939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700840)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/sep01x86_ayoo.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700840/; classtype:trojan-activity;sid:84563940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700841)"; flow:established,from_client; content:"GET"; http_method; content:"/replytowsf/bank/benk.wsf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700841/; classtype:trojan-activity;sid:84563941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700842)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/oct27starqq.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700842/; classtype:trojan-activity;sid:84563942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700834)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/oct27sfsa.bat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700834/; classtype:trojan-activity;sid:84563934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700829)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb3wsf/7/8/9/uju.wsf"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.219.239.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700829/; classtype:trojan-activity;sid:84563929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700830)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/yerk.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700830/; classtype:trojan-activity;sid:84563930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700831)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/jeff.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700831/; classtype:trojan-activity;sid:84563931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700832)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/rut.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700832/; classtype:trojan-activity;sid:84563932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700833)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/pool.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700833/; classtype:trojan-activity;sid:84563933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700828)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/kgb.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700828/; classtype:trojan-activity;sid:84563928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700816)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb127wsf/7jeff/yjeff.wsf"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700816/; classtype:trojan-activity;sid:84563916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700817)"; flow:established,from_client; content:"GET"; http_method; content:"/w1pp/r503749j637r01.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.219.239.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700817/; classtype:trojan-activity;sid:84563917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700818)"; flow:established,from_client; content:"GET"; http_method; content:"/qy.wsh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700818/; classtype:trojan-activity;sid:84563918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700819)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb227wsf/pyank/pyan.wsf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700819/; classtype:trojan-activity;sid:84563919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700820)"; flow:established,from_client; content:"GET"; http_method; content:"/replytowsf/bank/benk.wsf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700820/; classtype:trojan-activity;sid:84563920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700821)"; flow:established,from_client; content:"GET"; http_method; content:"/sep01lnk/re-t509320913.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700821/; classtype:trojan-activity;sid:84563921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700822)"; flow:established,from_client; content:"GET"; http_method; content:"/qy.wsh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700822/; classtype:trojan-activity;sid:84563922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700823)"; flow:established,from_client; content:"GET"; http_method; content:"/sep01lnk/re-t509320913.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700823/; classtype:trojan-activity;sid:84563923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700824)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb227wsf/pyank/pyan.wsf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700824/; classtype:trojan-activity;sid:84563924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700825)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/kgb.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700825/; classtype:trojan-activity;sid:84563925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700826)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/fbi.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700826/; classtype:trojan-activity;sid:84563926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700827)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/fbi.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700827/; classtype:trojan-activity;sid:84563927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700814)"; flow:established,from_client; content:"GET"; http_method; content:"/bro.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700814/; classtype:trojan-activity;sid:84563914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700815)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/pool.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700815/; classtype:trojan-activity;sid:84563915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700812)"; flow:established,from_client; content:"GET"; http_method; content:"/bro.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700812/; classtype:trojan-activity;sid:84563912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700813)"; flow:established,from_client; content:"GET"; http_method; content:"/rent.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700813/; classtype:trojan-activity;sid:84563913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700809)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/oct27sfsa.bat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700809/; classtype:trojan-activity;sid:84563909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700810)"; flow:established,from_client; content:"GET"; http_method; content:"/yolo.wsf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700810/; classtype:trojan-activity;sid:84563910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700811)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/jeff.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700811/; classtype:trojan-activity;sid:84563911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700808)"; flow:established,from_client; content:"GET"; http_method; content:"/rent.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700808/; classtype:trojan-activity;sid:84563908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700807/; classtype:trojan-activity;sid:84563907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700805)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700805/; classtype:trojan-activity;sid:84563905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700806)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700806/; classtype:trojan-activity;sid:84563906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700803)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700803/; classtype:trojan-activity;sid:84563903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700804/; classtype:trojan-activity;sid:84563904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700802)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700802/; classtype:trojan-activity;sid:84563902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700801)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700801/; classtype:trojan-activity;sid:84563901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700798)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700798/; classtype:trojan-activity;sid:84563898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700799/; classtype:trojan-activity;sid:84563899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700800)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700800/; classtype:trojan-activity;sid:84563900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700792)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700792/; classtype:trojan-activity;sid:84563892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700793)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700793/; classtype:trojan-activity;sid:84563893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700794)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700794/; classtype:trojan-activity;sid:84563894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700795)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700795/; classtype:trojan-activity;sid:84563895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700796)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700796/; classtype:trojan-activity;sid:84563896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700797)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700797/; classtype:trojan-activity;sid:84563897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700787)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700787/; classtype:trojan-activity;sid:84563887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700788)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700788/; classtype:trojan-activity;sid:84563888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700784)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700784/; classtype:trojan-activity;sid:84563884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700785)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700785/; classtype:trojan-activity;sid:84563885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700786)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700786/; classtype:trojan-activity;sid:84563886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700783/; classtype:trojan-activity;sid:84563883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700782)"; flow:established,from_client; content:"GET"; http_method; content:"/jewn.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700782/; classtype:trojan-activity;sid:84563882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700776/; classtype:trojan-activity;sid:84563876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700777/; classtype:trojan-activity;sid:84563877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700778/; classtype:trojan-activity;sid:84563878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700779/; classtype:trojan-activity;sid:84563879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700780/; classtype:trojan-activity;sid:84563880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700781/; classtype:trojan-activity;sid:84563881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700774)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700774/; classtype:trojan-activity;sid:84563874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700775/; classtype:trojan-activity;sid:84563875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700769)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700769/; classtype:trojan-activity;sid:84563869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700770)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700770/; classtype:trojan-activity;sid:84563870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700771)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700771/; classtype:trojan-activity;sid:84563871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700772)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700772/; classtype:trojan-activity;sid:84563872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700773)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700773/; classtype:trojan-activity;sid:84563873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700765/; classtype:trojan-activity;sid:84563865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700766)"; flow:established,from_client; content:"GET"; http_method; content:"/jewn.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700766/; classtype:trojan-activity;sid:84563866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700767)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700767/; classtype:trojan-activity;sid:84563867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700768/; classtype:trojan-activity;sid:84563868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700764)"; flow:established,from_client; content:"GET"; http_method; content:"/jdi35t.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700764/; classtype:trojan-activity;sid:84563864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700763)"; flow:established,from_client; content:"GET"; http_method; content:"/qz2smw.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700763/; classtype:trojan-activity;sid:84563863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.2.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700762/; classtype:trojan-activity;sid:84563862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700761)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106152534.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzz.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700761/; classtype:trojan-activity;sid:84563861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700760)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106152523.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzz.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700760/; classtype:trojan-activity;sid:84563860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.230.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700758/; classtype:trojan-activity;sid:84563858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.192.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700759/; classtype:trojan-activity;sid:84563859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700757)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106103452.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzz.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700757/; classtype:trojan-activity;sid:84563857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700756)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106103521.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzz.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700756/; classtype:trojan-activity;sid:84563856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.13.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700755/; classtype:trojan-activity;sid:84563855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.52.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700754/; classtype:trojan-activity;sid:84563854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700753)"; flow:established,from_client; content:"GET"; http_method; content:"/udonthani.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pub-37f3a615586d47f4996e932bf6df7670.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700753/; classtype:trojan-activity;sid:84563853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700752)"; flow:established,from_client; content:"GET"; http_method; content:"/nueva%20carpeta/vmdocumentos.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"sitioseguroswpersonasapp.duckdns.org"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700752/; classtype:trojan-activity;sid:84563852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700751)"; flow:established,from_client; content:"GET"; http_method; content:"/download/optimized_msi_20251104/optimized_msi.png"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700751/; classtype:trojan-activity;sid:84563851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.91.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700750/; classtype:trojan-activity;sid:84563850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700749/; classtype:trojan-activity;sid:84563849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700748)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251105145424.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"freshonline.lovestoblog.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700748/; classtype:trojan-activity;sid:84563848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700747)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106224933.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"freshonline.lovestoblog.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700747/; classtype:trojan-activity;sid:84563847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700746)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251105145406.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"freshonline.lovestoblog.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700746/; classtype:trojan-activity;sid:84563846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700745)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106180453.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"tupuu.42web.io"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700745/; classtype:trojan-activity;sid:84563845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700741)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251107065510.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"freshonline.lovestoblog.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700741/; classtype:trojan-activity;sid:84563841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700742)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106180510.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"tupuu.42web.io"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700742/; classtype:trojan-activity;sid:84563842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700743)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251107065502.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"freshonline.lovestoblog.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700743/; classtype:trojan-activity;sid:84563843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700744)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251107180528.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"freshonline.lovestoblog.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700744/; classtype:trojan-activity;sid:84563844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700740)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251104154848.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"freshonline.lovestoblog.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700740/; classtype:trojan-activity;sid:84563840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.43.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700739/; classtype:trojan-activity;sid:84563839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.116.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700738/; classtype:trojan-activity;sid:84563838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.238.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700737/; classtype:trojan-activity;sid:84563837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.230.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700736/; classtype:trojan-activity;sid:84563836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.152.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700735/; classtype:trojan-activity;sid:84563835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700734/; classtype:trojan-activity;sid:84563834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.4.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700733/; classtype:trojan-activity;sid:84563833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.169.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700732/; classtype:trojan-activity;sid:84563832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700731)"; flow:established,from_client; content:"GET"; http_method; content:"/qq1lot0r"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0okm8.dew-root.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700731/; classtype:trojan-activity;sid:84563831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.238.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700730/; classtype:trojan-activity;sid:84563830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.45.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700729/; classtype:trojan-activity;sid:84563829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.206.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700728/; classtype:trojan-activity;sid:84563828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700727)"; flow:established,from_client; content:"GET"; http_method; content:"/62bl8dlz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"h5.dew-root.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700727/; classtype:trojan-activity;sid:84563827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700726/; classtype:trojan-activity;sid:84563826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.241.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700725/; classtype:trojan-activity;sid:84563825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.116.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700724/; classtype:trojan-activity;sid:84563824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.60.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700723/; classtype:trojan-activity;sid:84563823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700722)"; flow:established,from_client; content:"GET"; http_method; content:"/8b7puyo3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8vpz.r0ckveil.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700722/; classtype:trojan-activity;sid:84563822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700721)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700721/; classtype:trojan-activity;sid:84563821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700720)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/overplay138.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"overplay-138.store"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700720/; classtype:trojan-activity;sid:84563820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700719)"; flow:established,from_client; content:"GET"; http_method; content:"/sho.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"shotv.app"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700719/; classtype:trojan-activity;sid:84563819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700718)"; flow:established,from_client; content:"GET"; http_method; content:"/urbanroute.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"urbanroute.life"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700718/; classtype:trojan-activity;sid:84563818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700716)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tiktokporn.sbs"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700716/; classtype:trojan-activity;sid:84563816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700717)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/uploads/install.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"walletlist.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700717/; classtype:trojan-activity;sid:84563817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700714)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700714/; classtype:trojan-activity;sid:84563814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700715)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700715/; classtype:trojan-activity;sid:84563815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.60.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700710/; classtype:trojan-activity;sid:84563810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700711)"; flow:established,from_client; content:"GET"; http_method; content:"/tlauncher-installer-1.9.4.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"t-launcher.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700711/; classtype:trojan-activity;sid:84563811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.152.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700712/; classtype:trojan-activity;sid:84563812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700713)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700713/; classtype:trojan-activity;sid:84563813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700699)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/n/server_encrypted.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"tvfutcariri.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700699/; classtype:trojan-activity;sid:84563799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700700)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700700/; classtype:trojan-activity;sid:84563800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700701)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700701/; classtype:trojan-activity;sid:84563801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700702)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700702/; classtype:trojan-activity;sid:84563802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700703)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700703/; classtype:trojan-activity;sid:84563803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700704)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700704/; classtype:trojan-activity;sid:84563804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.65.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700705/; classtype:trojan-activity;sid:84563805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700706)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700706/; classtype:trojan-activity;sid:84563806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700707)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/file/cxm_direct_mt5_terminal.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"xaucxm.vip"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700707/; classtype:trojan-activity;sid:84563807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700708)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700708/; classtype:trojan-activity;sid:84563808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700709)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/app.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"golesya.site"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700709/; classtype:trojan-activity;sid:84563809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700698)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tikistok-goolge.sbs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700698/; classtype:trojan-activity;sid:84563798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700696)"; flow:established,from_client; content:"GET"; http_method; content:"/gorabet.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"goramobil.app"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700696/; classtype:trojan-activity;sid:84563796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.242.42.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700697/; classtype:trojan-activity;sid:84563797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700694)"; flow:established,from_client; content:"GET"; http_method; content:"/.smips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.213.193.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700694/; classtype:trojan-activity;sid:84563794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700695)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/schwabsafe.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.103.2.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700695/; classtype:trojan-activity;sid:84563795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700687)"; flow:established,from_client; content:"GET"; http_method; content:"/f.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700687/; classtype:trojan-activity;sid:84563787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700688)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700688/; classtype:trojan-activity;sid:84563788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700689)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700689/; classtype:trojan-activity;sid:84563789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700690)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700690/; classtype:trojan-activity;sid:84563790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700691)"; flow:established,from_client; content:"GET"; http_method; content:"/wlan.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700691/; classtype:trojan-activity;sid:84563791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700692)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700692/; classtype:trojan-activity;sid:84563792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700693)"; flow:established,from_client; content:"GET"; http_method; content:"/sea.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700693/; classtype:trojan-activity;sid:84563793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700686)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700686/; classtype:trojan-activity;sid:84563786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700684)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700684/; classtype:trojan-activity;sid:84563784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700685)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700685/; classtype:trojan-activity;sid:84563785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700683)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700683/; classtype:trojan-activity;sid:84563783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700682)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700682/; classtype:trojan-activity;sid:84563782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700680)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700680/; classtype:trojan-activity;sid:84563780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700681)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700681/; classtype:trojan-activity;sid:84563781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700679)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700679/; classtype:trojan-activity;sid:84563779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700678)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700678/; classtype:trojan-activity;sid:84563778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700677)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700677/; classtype:trojan-activity;sid:84563777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700676)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700676/; classtype:trojan-activity;sid:84563776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700675)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700675/; classtype:trojan-activity;sid:84563775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700674)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700674/; classtype:trojan-activity;sid:84563774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700673)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700673/; classtype:trojan-activity;sid:84563773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700672)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700672/; classtype:trojan-activity;sid:84563772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700671)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700671/; classtype:trojan-activity;sid:84563771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700670)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700670/; classtype:trojan-activity;sid:84563770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700669)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700669/; classtype:trojan-activity;sid:84563769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700668)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700668/; classtype:trojan-activity;sid:84563768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700667)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700667/; classtype:trojan-activity;sid:84563767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.71.91.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700666/; classtype:trojan-activity;sid:84563766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700665)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700665/; classtype:trojan-activity;sid:84563765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700663)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.196.111.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700663/; classtype:trojan-activity;sid:84563763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700664)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.233.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700664/; classtype:trojan-activity;sid:84563764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700662)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700662/; classtype:trojan-activity;sid:84563762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700660)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700660/; classtype:trojan-activity;sid:84563760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700661)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700661/; classtype:trojan-activity;sid:84563761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700658)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700658/; classtype:trojan-activity;sid:84563758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700659)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.wcr.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700659/; classtype:trojan-activity;sid:84563759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700655)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.147.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700655/; classtype:trojan-activity;sid:84563755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700656)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700656/; classtype:trojan-activity;sid:84563756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700657)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700657/; classtype:trojan-activity;sid:84563757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700650)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700650/; classtype:trojan-activity;sid:84563750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700651)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700651/; classtype:trojan-activity;sid:84563751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700652)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700652/; classtype:trojan-activity;sid:84563752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700653)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700653/; classtype:trojan-activity;sid:84563753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700654)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700654/; classtype:trojan-activity;sid:84563754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700647)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700647/; classtype:trojan-activity;sid:84563747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700648)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700648/; classtype:trojan-activity;sid:84563748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700649)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.qzj.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700649/; classtype:trojan-activity;sid:84563749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700643)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.wwc.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700643/; classtype:trojan-activity;sid:84563743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700644)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.qbq.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700644/; classtype:trojan-activity;sid:84563744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700645)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.221.248.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700645/; classtype:trojan-activity;sid:84563745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700646)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.sdu.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700646/; classtype:trojan-activity;sid:84563746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700632)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700632/; classtype:trojan-activity;sid:84563732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700633)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700633/; classtype:trojan-activity;sid:84563733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700634)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700634/; classtype:trojan-activity;sid:84563734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700635)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700635/; classtype:trojan-activity;sid:84563735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700636)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700636/; classtype:trojan-activity;sid:84563736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700637)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700637/; classtype:trojan-activity;sid:84563737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700638)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.45.205.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700638/; classtype:trojan-activity;sid:84563738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700639)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700639/; classtype:trojan-activity;sid:84563739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700640)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"134.209.96.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700640/; classtype:trojan-activity;sid:84563740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700641)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700641/; classtype:trojan-activity;sid:84563741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700642)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700642/; classtype:trojan-activity;sid:84563742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700629)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700629/; classtype:trojan-activity;sid:84563729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700630)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700630/; classtype:trojan-activity;sid:84563730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700631)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700631/; classtype:trojan-activity;sid:84563731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.93.93.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700626/; classtype:trojan-activity;sid:84563726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700627)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.fzr.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700627/; classtype:trojan-activity;sid:84563727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700628)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700628/; classtype:trojan-activity;sid:84563728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.93.39.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700625/; classtype:trojan-activity;sid:84563725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.115.249.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700623/; classtype:trojan-activity;sid:84563723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.72.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700624/; classtype:trojan-activity;sid:84563724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.32.24.60"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700622/; classtype:trojan-activity;sid:84563722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.5.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700621/; classtype:trojan-activity;sid:84563721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700619)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.141.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700619/; classtype:trojan-activity;sid:84563719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.137.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700620/; classtype:trojan-activity;sid:84563720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700618)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.176.172.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700618/; classtype:trojan-activity;sid:84563718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700615)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.5.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700615/; classtype:trojan-activity;sid:84563715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700616)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.191.215.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700616/; classtype:trojan-activity;sid:84563716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700617)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"97.131.113.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700617/; classtype:trojan-activity;sid:84563717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700614)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.189.143.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700614/; classtype:trojan-activity;sid:84563714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.158.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700613/; classtype:trojan-activity;sid:84563713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.60.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700612/; classtype:trojan-activity;sid:84563712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700611)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/lj5iwxn.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700611/; classtype:trojan-activity;sid:84563711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.57.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700610/; classtype:trojan-activity;sid:84563710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700609/; classtype:trojan-activity;sid:84563709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700608)"; flow:established,from_client; content:"GET"; http_method; content:"/kz03z1hz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f4vc.clearfog.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700608/; classtype:trojan-activity;sid:84563708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.169.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700607/; classtype:trojan-activity;sid:84563707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700606/; classtype:trojan-activity;sid:84563706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.44.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700605/; classtype:trojan-activity;sid:84563705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.204.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700604/; classtype:trojan-activity;sid:84563704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.194.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700603/; classtype:trojan-activity;sid:84563703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.158.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700602/; classtype:trojan-activity;sid:84563702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700601/; classtype:trojan-activity;sid:84563701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.57.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700600/; classtype:trojan-activity;sid:84563700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.159.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700599/; classtype:trojan-activity;sid:84563699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.79.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700598/; classtype:trojan-activity;sid:84563698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700597)"; flow:established,from_client; content:"GET"; http_method; content:"/hni5tbx|3f|id=hkm5pszdho"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"standard-analytics-endpoint-54.s3.ca-central-1.amazonaws.com"; http_host; depth:60; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700597/; classtype:trojan-activity;sid:84563697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700596)"; flow:established,from_client; content:"GET"; http_method; content:"/hni5tbx|3f|id=4uzigzgg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"standard-analytics-endpoint-54.s3.ca-central-1.amazonaws.com"; http_host; depth:60; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700596/; classtype:trojan-activity;sid:84563696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700594)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"solomand.pro"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700594/; classtype:trojan-activity;sid:84563694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700595)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pixelnoased.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700595/; classtype:trojan-activity;sid:84563695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700593)"; flow:established,from_client; content:"GET"; http_method; content:"/hni5tbx|3f|id=i5wjkzx7u"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"standard-analytics-endpoint-54.s3.ca-central-1.amazonaws.com"; http_host; depth:60; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700593/; classtype:trojan-activity;sid:84563693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.200.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700592/; classtype:trojan-activity;sid:84563692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700591)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6577350923/8nv50bm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700591/; classtype:trojan-activity;sid:84563691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.211.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700590/; classtype:trojan-activity;sid:84563690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.200.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700589/; classtype:trojan-activity;sid:84563689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.79.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700588/; classtype:trojan-activity;sid:84563688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.118.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700587/; classtype:trojan-activity;sid:84563687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.246.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700586/; classtype:trojan-activity;sid:84563686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.28.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700585/; classtype:trojan-activity;sid:84563685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700584)"; flow:established,from_client; content:"GET"; http_method; content:"/du1seym1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"n5.1ronpath.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700584/; classtype:trojan-activity;sid:84563684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.245.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700583/; classtype:trojan-activity;sid:84563683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.251.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700582/; classtype:trojan-activity;sid:84563682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.229.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700581/; classtype:trojan-activity;sid:84563681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.176.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700580/; classtype:trojan-activity;sid:84563680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.246.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700579/; classtype:trojan-activity;sid:84563679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.28.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700578/; classtype:trojan-activity;sid:84563678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.176.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700577/; classtype:trojan-activity;sid:84563677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.229.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700576/; classtype:trojan-activity;sid:84563676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.251.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700575/; classtype:trojan-activity;sid:84563675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700574)"; flow:established,from_client; content:"GET"; http_method; content:"/7or8n8t0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5rq9.t1nystar.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700574/; classtype:trojan-activity;sid:84563674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.85.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700573/; classtype:trojan-activity;sid:84563673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.126.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700572/; classtype:trojan-activity;sid:84563672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.58.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700571/; classtype:trojan-activity;sid:84563671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.108.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700570/; classtype:trojan-activity;sid:84563670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700569)"; flow:established,from_client; content:"GET"; http_method; content:"/p83cvjut"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mw9k.t1nystar.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700569/; classtype:trojan-activity;sid:84563669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.36.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700568/; classtype:trojan-activity;sid:84563668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700567)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7909777397/6ybfpn1.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700567/; classtype:trojan-activity;sid:84563667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.102.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700566/; classtype:trojan-activity;sid:84563666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700565/; classtype:trojan-activity;sid:84563665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.164.77.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700564/; classtype:trojan-activity;sid:84563664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.30.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700563/; classtype:trojan-activity;sid:84563663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700562)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/nu5o3wv.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700562/; classtype:trojan-activity;sid:84563662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.207.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700561/; classtype:trojan-activity;sid:84563661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.59.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700560/; classtype:trojan-activity;sid:84563660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700559)"; flow:established,from_client; content:"GET"; http_method; content:"/9i6v82ne"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"it.g0ldnest.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700559/; classtype:trojan-activity;sid:84563659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.3.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700558/; classtype:trojan-activity;sid:84563658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700557/; classtype:trojan-activity;sid:84563657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.1.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700556/; classtype:trojan-activity;sid:84563656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.131.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700555/; classtype:trojan-activity;sid:84563655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.164.77.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700554/; classtype:trojan-activity;sid:84563654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700553/; classtype:trojan-activity;sid:84563653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.13.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700552/; classtype:trojan-activity;sid:84563652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.206.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700551/; classtype:trojan-activity;sid:84563651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.207.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700549/; classtype:trojan-activity;sid:84563649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.59.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700550/; classtype:trojan-activity;sid:84563650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.30.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700548/; classtype:trojan-activity;sid:84563648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.133.217.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700547/; classtype:trojan-activity;sid:84563647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.124.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700546/; classtype:trojan-activity;sid:84563646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.131.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700545/; classtype:trojan-activity;sid:84563645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.205.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700544/; classtype:trojan-activity;sid:84563644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.207.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700543/; classtype:trojan-activity;sid:84563643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.3.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700542/; classtype:trojan-activity;sid:84563642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700541/; classtype:trojan-activity;sid:84563641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.206.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700540/; classtype:trojan-activity;sid:84563640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700539)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6633137979/47vkxlw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700539/; classtype:trojan-activity;sid:84563639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.145.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700538/; classtype:trojan-activity;sid:84563638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700537)"; flow:established,from_client; content:"GET"; http_method; content:"/updater.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.137.247.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700537/; classtype:trojan-activity;sid:84563637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.124.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700536/; classtype:trojan-activity;sid:84563636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.116.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700535/; classtype:trojan-activity;sid:84563635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.1.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700534/; classtype:trojan-activity;sid:84563634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700533)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/prwiq2g.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700533/; classtype:trojan-activity;sid:84563633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.133.217.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700532/; classtype:trojan-activity;sid:84563632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700531)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.44.87.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700531/; classtype:trojan-activity;sid:84563631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700530)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/tmp4.elf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700530/; classtype:trojan-activity;sid:84563630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700528)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/temp.elf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700528/; classtype:trojan-activity;sid:84563628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700529)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/elf.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700529/; classtype:trojan-activity;sid:84563629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700520)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/tmp5.elf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700520/; classtype:trojan-activity;sid:84563620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700521)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/tmp.elf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700521/; classtype:trojan-activity;sid:84563621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700522)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/sys.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700522/; classtype:trojan-activity;sid:84563622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700523)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/tmp1.elf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700523/; classtype:trojan-activity;sid:84563623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700524)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/reverse.elf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700524/; classtype:trojan-activity;sid:84563624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700525)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/sup.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700525/; classtype:trojan-activity;sid:84563625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700526)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/tmp.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700526/; classtype:trojan-activity;sid:84563626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700527)"; flow:established,from_client; content:"GET"; http_method; content:"/123.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700527/; classtype:trojan-activity;sid:84563627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.145.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700519/; classtype:trojan-activity;sid:84563619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.180.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700518/; classtype:trojan-activity;sid:84563618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.71.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700517/; classtype:trojan-activity;sid:84563617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700516)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.112.186.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700516/; classtype:trojan-activity;sid:84563616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700515)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.121.222.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700515/; classtype:trojan-activity;sid:84563615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700513)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.120.1.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700513/; classtype:trojan-activity;sid:84563613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700514)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.217.162.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700514/; classtype:trojan-activity;sid:84563614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700512)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700512/; classtype:trojan-activity;sid:84563612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700507)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700507/; classtype:trojan-activity;sid:84563607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700508)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700508/; classtype:trojan-activity;sid:84563608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700509)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700509/; classtype:trojan-activity;sid:84563609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700510)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700510/; classtype:trojan-activity;sid:84563610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700511)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700511/; classtype:trojan-activity;sid:84563611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700499)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700499/; classtype:trojan-activity;sid:84563599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700500)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700500/; classtype:trojan-activity;sid:84563600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700501)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700501/; classtype:trojan-activity;sid:84563601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700502)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700502/; classtype:trojan-activity;sid:84563602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700503)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700503/; classtype:trojan-activity;sid:84563603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700504)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700504/; classtype:trojan-activity;sid:84563604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700505)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700505/; classtype:trojan-activity;sid:84563605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700506)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700506/; classtype:trojan-activity;sid:84563606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700490)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700490/; classtype:trojan-activity;sid:84563590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700491)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700491/; classtype:trojan-activity;sid:84563591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700492)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700492/; classtype:trojan-activity;sid:84563592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700493)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700493/; classtype:trojan-activity;sid:84563593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700494)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700494/; classtype:trojan-activity;sid:84563594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700495)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700495/; classtype:trojan-activity;sid:84563595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700496)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700496/; classtype:trojan-activity;sid:84563596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700497)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700497/; classtype:trojan-activity;sid:84563597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700498)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700498/; classtype:trojan-activity;sid:84563598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700487)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700487/; classtype:trojan-activity;sid:84563587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700488)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700488/; classtype:trojan-activity;sid:84563588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700489)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700489/; classtype:trojan-activity;sid:84563589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700481)"; flow:established,from_client; content:"GET"; http_method; content:"/0x83911d24fx.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700481/; classtype:trojan-activity;sid:84563581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700482)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700482/; classtype:trojan-activity;sid:84563582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700483)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700483/; classtype:trojan-activity;sid:84563583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700484)"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700484/; classtype:trojan-activity;sid:84563584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700485)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700485/; classtype:trojan-activity;sid:84563585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700486)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.144.174.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700486/; classtype:trojan-activity;sid:84563586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700480)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.14.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700480/; classtype:trojan-activity;sid:84563580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700479)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700479/; classtype:trojan-activity;sid:84563579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700476)"; flow:established,from_client; content:"GET"; http_method; content:"/t/aarch64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.144.174.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700476/; classtype:trojan-activity;sid:84563576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.205.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700477/; classtype:trojan-activity;sid:84563577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700478)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700478/; classtype:trojan-activity;sid:84563578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700461)"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700461/; classtype:trojan-activity;sid:84563561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700462)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700462/; classtype:trojan-activity;sid:84563562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700463)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700463/; classtype:trojan-activity;sid:84563563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700464)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700464/; classtype:trojan-activity;sid:84563564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700465)"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700465/; classtype:trojan-activity;sid:84563565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700466)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700466/; classtype:trojan-activity;sid:84563566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700467)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700467/; classtype:trojan-activity;sid:84563567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700468)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.243.109.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700468/; classtype:trojan-activity;sid:84563568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700469)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.243.109.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700469/; classtype:trojan-activity;sid:84563569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700470)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700470/; classtype:trojan-activity;sid:84563570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700471)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700471/; classtype:trojan-activity;sid:84563571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700472)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700472/; classtype:trojan-activity;sid:84563572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700473)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700473/; classtype:trojan-activity;sid:84563573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700474)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700474/; classtype:trojan-activity;sid:84563574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700475)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700475/; classtype:trojan-activity;sid:84563575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700460)"; flow:established,from_client; content:"GET"; http_method; content:"/esvam3fp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"k9jc.n-0-rthw-1-nd.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700460/; classtype:trojan-activity;sid:84563560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.78.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700459/; classtype:trojan-activity;sid:84563559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700458)"; flow:established,from_client; content:"GET"; http_method; content:"/pq7jcqwv"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fnw9.n-0-rthw-1-nd.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700458/; classtype:trojan-activity;sid:84563558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.23.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700457/; classtype:trojan-activity;sid:84563557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.45.179.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700456/; classtype:trojan-activity;sid:84563556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.17.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700455/; classtype:trojan-activity;sid:84563555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.10.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700454/; classtype:trojan-activity;sid:84563554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.17.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700453/; classtype:trojan-activity;sid:84563553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700452)"; flow:established,from_client; content:"GET"; http_method; content:"/33qv6qdj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bynbv.ic0n1ctrove.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700452/; classtype:trojan-activity;sid:84563552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.227.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700451/; classtype:trojan-activity;sid:84563551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.174.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700450/; classtype:trojan-activity;sid:84563550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700449)"; flow:established,from_client; content:"GET"; http_method; content:"/mg7o3bz3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42s.starforged.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700449/; classtype:trojan-activity;sid:84563549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.179.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700448/; classtype:trojan-activity;sid:84563548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.10.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700447/; classtype:trojan-activity;sid:84563547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.17.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700446/; classtype:trojan-activity;sid:84563546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.17.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700444/; classtype:trojan-activity;sid:84563544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700445/; classtype:trojan-activity;sid:84563545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.68.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700443/; classtype:trojan-activity;sid:84563543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.72.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700442/; classtype:trojan-activity;sid:84563542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.68.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700441/; classtype:trojan-activity;sid:84563541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.65.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700440/; classtype:trojan-activity;sid:84563540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.174.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700439/; classtype:trojan-activity;sid:84563539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.35.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700438/; classtype:trojan-activity;sid:84563538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.105.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700437/; classtype:trojan-activity;sid:84563537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.240.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700436/; classtype:trojan-activity;sid:84563536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700435/; classtype:trojan-activity;sid:84563535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700434)"; flow:established,from_client; content:"GET"; http_method; content:"/0d862pbe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2hk8u.drift-shad-0-w.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700434/; classtype:trojan-activity;sid:84563534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.10.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700433/; classtype:trojan-activity;sid:84563533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700432)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/zdrzm0e.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700432/; classtype:trojan-activity;sid:84563532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700431)"; flow:established,from_client; content:"GET"; http_method; content:"/4kqz5miy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9zpya.drift-shad-0-w.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700431/; classtype:trojan-activity;sid:84563531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.35.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700430/; classtype:trojan-activity;sid:84563530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.240.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700429/; classtype:trojan-activity;sid:84563529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.175.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700428/; classtype:trojan-activity;sid:84563528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700427)"; flow:established,from_client; content:"GET"; http_method; content:"/6dqv4zu1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lasxz.drift-shad-0-w.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700427/; classtype:trojan-activity;sid:84563527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700426)"; flow:established,from_client; content:"GET"; http_method; content:"/l514lq6n"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"te.ember-harbor.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700426/; classtype:trojan-activity;sid:84563526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700422)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700422/; classtype:trojan-activity;sid:84563522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700423)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700423/; classtype:trojan-activity;sid:84563523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700424)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700424/; classtype:trojan-activity;sid:84563524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700425)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700425/; classtype:trojan-activity;sid:84563525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700421)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700421/; classtype:trojan-activity;sid:84563521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700408)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700408/; classtype:trojan-activity;sid:84563508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700409)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700409/; classtype:trojan-activity;sid:84563509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700410)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700410/; classtype:trojan-activity;sid:84563510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700411)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700411/; classtype:trojan-activity;sid:84563511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700412)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700412/; classtype:trojan-activity;sid:84563512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700413)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700413/; classtype:trojan-activity;sid:84563513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700414)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700414/; classtype:trojan-activity;sid:84563514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700415)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700415/; classtype:trojan-activity;sid:84563515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700416)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700416/; classtype:trojan-activity;sid:84563516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700417)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700417/; classtype:trojan-activity;sid:84563517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700418)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700418/; classtype:trojan-activity;sid:84563518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700419)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700419/; classtype:trojan-activity;sid:84563519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700420)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700420/; classtype:trojan-activity;sid:84563520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.133.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700407/; classtype:trojan-activity;sid:84563507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.109.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700406/; classtype:trojan-activity;sid:84563506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.124.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700405/; classtype:trojan-activity;sid:84563505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.232.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700404/; classtype:trojan-activity;sid:84563504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.186.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700403/; classtype:trojan-activity;sid:84563503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.124.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700402/; classtype:trojan-activity;sid:84563502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.238.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700401/; classtype:trojan-activity;sid:84563501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700400)"; flow:established,from_client; content:"GET"; http_method; content:"/s7yltlsr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cqf47.horizonbloom.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700400/; classtype:trojan-activity;sid:84563500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.48.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700399/; classtype:trojan-activity;sid:84563499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700398)"; flow:established,from_client; content:"GET"; http_method; content:"/vj34dqgl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"6lz.horizonbloom.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700398/; classtype:trojan-activity;sid:84563498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.232.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700397/; classtype:trojan-activity;sid:84563497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.204.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700396/; classtype:trojan-activity;sid:84563496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700395)"; flow:established,from_client; content:"GET"; http_method; content:"/qtailvb8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"geskw.silversummit.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700395/; classtype:trojan-activity;sid:84563495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.86.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700394/; classtype:trojan-activity;sid:84563494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.133.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700393/; classtype:trojan-activity;sid:84563493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700392/; classtype:trojan-activity;sid:84563492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.50.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700391/; classtype:trojan-activity;sid:84563491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.94.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700390/; classtype:trojan-activity;sid:84563490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.86.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700389/; classtype:trojan-activity;sid:84563489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.163.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700388/; classtype:trojan-activity;sid:84563488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.20.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700387/; classtype:trojan-activity;sid:84563487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.179.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700386/; classtype:trojan-activity;sid:84563486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.52.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700385/; classtype:trojan-activity;sid:84563485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.37.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700384/; classtype:trojan-activity;sid:84563484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700383)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251104151202.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"yturewezz.wuaze.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700383/; classtype:trojan-activity;sid:84563483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700381)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251104151153.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"yturewezz.wuaze.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700381/; classtype:trojan-activity;sid:84563481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700382)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106094124.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"yturewezz.wuaze.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700382/; classtype:trojan-activity;sid:84563482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700380)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106094143.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"yturewezz.wuaze.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700380/; classtype:trojan-activity;sid:84563480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.232.188.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700378/; classtype:trojan-activity;sid:84563478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.177.110.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700379/; classtype:trojan-activity;sid:84563479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.77.146.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700374/; classtype:trojan-activity;sid:84563474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700375/; classtype:trojan-activity;sid:84563475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.76.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700376/; classtype:trojan-activity;sid:84563476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.38.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700377/; classtype:trojan-activity;sid:84563477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.194.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700372/; classtype:trojan-activity;sid:84563472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.90.29.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700373/; classtype:trojan-activity;sid:84563473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.101.19.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700367/; classtype:trojan-activity;sid:84563467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.174.117.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700368/; classtype:trojan-activity;sid:84563468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.170.202.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700369/; classtype:trojan-activity;sid:84563469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.70.95.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700370/; classtype:trojan-activity;sid:84563470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.144.78.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700371/; classtype:trojan-activity;sid:84563471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700366)"; flow:established,from_client; content:"GET"; http_method; content:"/2f5utmyx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zkefi.brightvoyage.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700366/; classtype:trojan-activity;sid:84563466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.236.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700365/; classtype:trojan-activity;sid:84563465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700364/; classtype:trojan-activity;sid:84563464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.94.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700363/; classtype:trojan-activity;sid:84563463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700361)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700361/; classtype:trojan-activity;sid:84563461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700362)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700362/; classtype:trojan-activity;sid:84563462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700360)"; flow:established,from_client; content:"GET"; http_method; content:"/router-atemi-rep.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700360/; classtype:trojan-activity;sid:84563460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700358)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700358/; classtype:trojan-activity;sid:84563458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700359)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700359/; classtype:trojan-activity;sid:84563459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.9.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700357/; classtype:trojan-activity;sid:84563457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700343)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700343/; classtype:trojan-activity;sid:84563443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700344)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700344/; classtype:trojan-activity;sid:84563444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700345)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700345/; classtype:trojan-activity;sid:84563445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700346)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700346/; classtype:trojan-activity;sid:84563446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700347)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700347/; classtype:trojan-activity;sid:84563447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700348)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700348/; classtype:trojan-activity;sid:84563448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700349)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700349/; classtype:trojan-activity;sid:84563449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700350)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700350/; classtype:trojan-activity;sid:84563450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700351)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700351/; classtype:trojan-activity;sid:84563451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700352)"; flow:established,from_client; content:"GET"; http_method; content:"/router-atemi-rep.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700352/; classtype:trojan-activity;sid:84563452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700353)"; flow:established,from_client; content:"GET"; http_method; content:"/router-atemi-rep.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700353/; classtype:trojan-activity;sid:84563453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700354)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700354/; classtype:trojan-activity;sid:84563454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700355)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700355/; classtype:trojan-activity;sid:84563455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700356)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700356/; classtype:trojan-activity;sid:84563456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.111.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700342/; classtype:trojan-activity;sid:84563442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700341)"; flow:established,from_client; content:"GET"; http_method; content:"/oq83ir1w"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"p0.brightvoyage.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700341/; classtype:trojan-activity;sid:84563441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.20.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700340/; classtype:trojan-activity;sid:84563440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700339)"; flow:established,from_client; content:"GET"; http_method; content:"/iibgtfht"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"p0.brightvoyage.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700339/; classtype:trojan-activity;sid:84563439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.198.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700338/; classtype:trojan-activity;sid:84563438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.179.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700336/; classtype:trojan-activity;sid:84563436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.172.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700337/; classtype:trojan-activity;sid:84563437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700335)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201702/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700335/; classtype:trojan-activity;sid:84563435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700334)"; flow:established,from_client; content:"GET"; http_method; content:"/nicatwe.jar"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700334/; classtype:trojan-activity;sid:84563434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700333)"; flow:established,from_client; content:"GET"; http_method; content:"/w0i876t3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"glut.emberkranz.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700333/; classtype:trojan-activity;sid:84563433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700332)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.126.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700332/; classtype:trojan-activity;sid:84563432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700331)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.80.130.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700331/; classtype:trojan-activity;sid:84563431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700330)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.126.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700330/; classtype:trojan-activity;sid:84563430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700329)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700329/; classtype:trojan-activity;sid:84563429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700328)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.135.225.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700328/; classtype:trojan-activity;sid:84563428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700327/; classtype:trojan-activity;sid:84563427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700326)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"149.210.43.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700326/; classtype:trojan-activity;sid:84563426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700325)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.115.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700325/; classtype:trojan-activity;sid:84563425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700322)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.245.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700322/; classtype:trojan-activity;sid:84563422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700323)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202509/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700323/; classtype:trojan-activity;sid:84563423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700324)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/emppic/photo.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700324/; classtype:trojan-activity;sid:84563424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700321)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.169.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700321/; classtype:trojan-activity;sid:84563421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700318)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.99.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700318/; classtype:trojan-activity;sid:84563418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700319)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.178.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700319/; classtype:trojan-activity;sid:84563419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700320)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700320/; classtype:trojan-activity;sid:84563420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700311)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.154.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700311/; classtype:trojan-activity;sid:84563411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700312)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/04/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700312/; classtype:trojan-activity;sid:84563412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700313)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202012/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700313/; classtype:trojan-activity;sid:84563413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700314)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201701/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700314/; classtype:trojan-activity;sid:84563414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700315)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/av.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700315/; classtype:trojan-activity;sid:84563415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700316)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700316/; classtype:trojan-activity;sid:84563416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700317)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201803/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700317/; classtype:trojan-activity;sid:84563417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700309)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201610/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700309/; classtype:trojan-activity;sid:84563409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700310)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201804/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700310/; classtype:trojan-activity;sid:84563410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700303)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201601/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700303/; classtype:trojan-activity;sid:84563403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700304)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201601/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700304/; classtype:trojan-activity;sid:84563404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700305)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/install/video.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700305/; classtype:trojan-activity;sid:84563405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700306)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202010/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700306/; classtype:trojan-activity;sid:84563406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700307)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/201607/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700307/; classtype:trojan-activity;sid:84563407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700308)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202107/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700308/; classtype:trojan-activity;sid:84563408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700302)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/07/video.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700302/; classtype:trojan-activity;sid:84563402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700300)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201803/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700300/; classtype:trojan-activity;sid:84563400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700301)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201606/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700301/; classtype:trojan-activity;sid:84563401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700296)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201705/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700296/; classtype:trojan-activity;sid:84563396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700297)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202102/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700297/; classtype:trojan-activity;sid:84563397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700298)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"110.81.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700298/; classtype:trojan-activity;sid:84563398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700299)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202101/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700299/; classtype:trojan-activity;sid:84563399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700284)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202003/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700284/; classtype:trojan-activity;sid:84563384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700285)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/equipimage/video.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700285/; classtype:trojan-activity;sid:84563385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700286)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201806/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700286/; classtype:trojan-activity;sid:84563386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700287)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202012/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700287/; classtype:trojan-activity;sid:84563387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700288)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201701/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700288/; classtype:trojan-activity;sid:84563388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700289)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201708/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700289/; classtype:trojan-activity;sid:84563389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700290)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202008/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700290/; classtype:trojan-activity;sid:84563390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700291)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.171.160.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700291/; classtype:trojan-activity;sid:84563391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700292)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700292/; classtype:trojan-activity;sid:84563392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700293)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2010/vorderop/photo.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700293/; classtype:trojan-activity;sid:84563393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700294)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/video.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700294/; classtype:trojan-activity;sid:84563394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700295)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700295/; classtype:trojan-activity;sid:84563395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700280)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201605/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700280/; classtype:trojan-activity;sid:84563380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700281)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201803/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700281/; classtype:trojan-activity;sid:84563381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700282)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/photo.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700282/; classtype:trojan-activity;sid:84563382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700283)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201512/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700283/; classtype:trojan-activity;sid:84563383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700278)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700278/; classtype:trojan-activity;sid:84563378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700279)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.79.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700279/; classtype:trojan-activity;sid:84563379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700276)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700276/; classtype:trojan-activity;sid:84563376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700277)"; flow:established,from_client; content:"GET"; http_method; content:"/file/st01hw/hw.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"f005.backblazeb2.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700277/; classtype:trojan-activity;sid:84563377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700264)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201804/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700264/; classtype:trojan-activity;sid:84563364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700265)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201603/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700265/; classtype:trojan-activity;sid:84563365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700266)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/06/photo.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700266/; classtype:trojan-activity;sid:84563366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700267)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201608/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700267/; classtype:trojan-activity;sid:84563367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700268)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700268/; classtype:trojan-activity;sid:84563368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700269)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201805/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700269/; classtype:trojan-activity;sid:84563369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700270)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201708/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700270/; classtype:trojan-activity;sid:84563370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700271)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201605/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700271/; classtype:trojan-activity;sid:84563371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700272)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/install/photo.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700272/; classtype:trojan-activity;sid:84563372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700273)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201604/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700273/; classtype:trojan-activity;sid:84563373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700274)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201806/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700274/; classtype:trojan-activity;sid:84563374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700275)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201708/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700275/; classtype:trojan-activity;sid:84563375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700261)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.80.79.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700261/; classtype:trojan-activity;sid:84563361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700262)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.151.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700262/; classtype:trojan-activity;sid:84563362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700263)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202107/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700263/; classtype:trojan-activity;sid:84563363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700260)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201703/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700260/; classtype:trojan-activity;sid:84563360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700257)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201707/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700257/; classtype:trojan-activity;sid:84563357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700258)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201803/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700258/; classtype:trojan-activity;sid:84563358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700259)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.169.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700259/; classtype:trojan-activity;sid:84563359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700239)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202508/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700239/; classtype:trojan-activity;sid:84563339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700240)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202505/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700240/; classtype:trojan-activity;sid:84563340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700241)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201809/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700241/; classtype:trojan-activity;sid:84563341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700242)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202012/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700242/; classtype:trojan-activity;sid:84563342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700243)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201802/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700243/; classtype:trojan-activity;sid:84563343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700244)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.76.61.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700244/; classtype:trojan-activity;sid:84563344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700245)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700245/; classtype:trojan-activity;sid:84563345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700246)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201605/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700246/; classtype:trojan-activity;sid:84563346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700247)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201802/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700247/; classtype:trojan-activity;sid:84563347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700248)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202008/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700248/; classtype:trojan-activity;sid:84563348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700249)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201801/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700249/; classtype:trojan-activity;sid:84563349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700250)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201606/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700250/; classtype:trojan-activity;sid:84563350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700251)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201907/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700251/; classtype:trojan-activity;sid:84563351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700252)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201804/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700252/; classtype:trojan-activity;sid:84563352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700253)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201804/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700253/; classtype:trojan-activity;sid:84563353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700254)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.95.81.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700254/; classtype:trojan-activity;sid:84563354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700255)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202008/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700255/; classtype:trojan-activity;sid:84563355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700256)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700256/; classtype:trojan-activity;sid:84563356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700238)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202508/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700238/; classtype:trojan-activity;sid:84563338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700235)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201607/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700235/; classtype:trojan-activity;sid:84563335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700236)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202205/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700236/; classtype:trojan-activity;sid:84563336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700237)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/inspecterrorimage/video.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700237/; classtype:trojan-activity;sid:84563337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700232)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700232/; classtype:trojan-activity;sid:84563332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700233)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201606/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700233/; classtype:trojan-activity;sid:84563333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700234)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202305/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700234/; classtype:trojan-activity;sid:84563334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700217)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201611/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700217/; classtype:trojan-activity;sid:84563317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700218)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202103/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700218/; classtype:trojan-activity;sid:84563318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700219)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202012/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700219/; classtype:trojan-activity;sid:84563319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700220)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.151.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700220/; classtype:trojan-activity;sid:84563320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700221)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/01/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700221/; classtype:trojan-activity;sid:84563321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700222)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202301/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700222/; classtype:trojan-activity;sid:84563322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700223)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700223/; classtype:trojan-activity;sid:84563323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700224)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700224/; classtype:trojan-activity;sid:84563324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700225)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202305/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700225/; classtype:trojan-activity;sid:84563325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700226)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700226/; classtype:trojan-activity;sid:84563326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700227)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201701/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700227/; classtype:trojan-activity;sid:84563327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700228)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201512/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700228/; classtype:trojan-activity;sid:84563328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700229)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201604/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700229/; classtype:trojan-activity;sid:84563329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700230)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201710/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700230/; classtype:trojan-activity;sid:84563330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700231)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202007/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700231/; classtype:trojan-activity;sid:84563331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700216)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202205/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700216/; classtype:trojan-activity;sid:84563316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700214)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202508/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700214/; classtype:trojan-activity;sid:84563314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700215)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/repair_img/photo.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700215/; classtype:trojan-activity;sid:84563315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700212)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700212/; classtype:trojan-activity;sid:84563312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700213)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202106/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700213/; classtype:trojan-activity;sid:84563313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700209)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/docuimage/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700209/; classtype:trojan-activity;sid:84563309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700210)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201612/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700210/; classtype:trojan-activity;sid:84563310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700211)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201707/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700211/; classtype:trojan-activity;sid:84563311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700197)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202203/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700197/; classtype:trojan-activity;sid:84563297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700198)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/201607/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700198/; classtype:trojan-activity;sid:84563298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700199)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700199/; classtype:trojan-activity;sid:84563299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700200)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202305/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700200/; classtype:trojan-activity;sid:84563300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700201)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202003/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700201/; classtype:trojan-activity;sid:84563301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700202)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/202408/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700202/; classtype:trojan-activity;sid:84563302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700203)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201709/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700203/; classtype:trojan-activity;sid:84563303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700204)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/202105/photo.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700204/; classtype:trojan-activity;sid:84563304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700205)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201702/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700205/; classtype:trojan-activity;sid:84563305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700206)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201602/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700206/; classtype:trojan-activity;sid:84563306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700207)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialimage/photo.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700207/; classtype:trojan-activity;sid:84563307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700208)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201605/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700208/; classtype:trojan-activity;sid:84563308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700195)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700195/; classtype:trojan-activity;sid:84563295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700196)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201603/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700196/; classtype:trojan-activity;sid:84563296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700194)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201807/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700194/; classtype:trojan-activity;sid:84563294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700189)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201701/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700189/; classtype:trojan-activity;sid:84563289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700190)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202102/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700190/; classtype:trojan-activity;sid:84563290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.178.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700191/; classtype:trojan-activity;sid:84563291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700192)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201811/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700192/; classtype:trojan-activity;sid:84563292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700193)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202012/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700193/; classtype:trojan-activity;sid:84563293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700186)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700186/; classtype:trojan-activity;sid:84563286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700187/; classtype:trojan-activity;sid:84563287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700188)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202506/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700188/; classtype:trojan-activity;sid:84563288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700175)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201605/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700175/; classtype:trojan-activity;sid:84563275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700176)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialimage/video.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700176/; classtype:trojan-activity;sid:84563276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700177)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.16.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700177/; classtype:trojan-activity;sid:84563277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700178)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/photo.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700178/; classtype:trojan-activity;sid:84563278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700179)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.182.165.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700179/; classtype:trojan-activity;sid:84563279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700180)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201701/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700180/; classtype:trojan-activity;sid:84563280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700181)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2013/handy2013/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700181/; classtype:trojan-activity;sid:84563281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700182)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700182/; classtype:trojan-activity;sid:84563282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700183)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202102/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700183/; classtype:trojan-activity;sid:84563283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700184)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/video.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700184/; classtype:trojan-activity;sid:84563284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700185)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700185/; classtype:trojan-activity;sid:84563285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700164)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202406/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700164/; classtype:trojan-activity;sid:84563264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700165)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201805/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700165/; classtype:trojan-activity;sid:84563265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700166)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201602/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700166/; classtype:trojan-activity;sid:84563266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700167)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/03/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700167/; classtype:trojan-activity;sid:84563267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700168)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202112/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700168/; classtype:trojan-activity;sid:84563268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700169)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202301/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700169/; classtype:trojan-activity;sid:84563269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700170)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202406/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700170/; classtype:trojan-activity;sid:84563270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700171)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700171/; classtype:trojan-activity;sid:84563271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700172)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201606/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700172/; classtype:trojan-activity;sid:84563272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700173)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/07/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700173/; classtype:trojan-activity;sid:84563273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700174)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201710/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700174/; classtype:trojan-activity;sid:84563274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700162)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202505/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700162/; classtype:trojan-activity;sid:84563262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700163)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201707/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700163/; classtype:trojan-activity;sid:84563263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700161)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.135.225.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700161/; classtype:trojan-activity;sid:84563261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700158)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2010/buntgemischt2010/photo.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700158/; classtype:trojan-activity;sid:84563258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700159)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2010/wien0510/photo.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700159/; classtype:trojan-activity;sid:84563259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700160)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msg/av.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700160/; classtype:trojan-activity;sid:84563260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700155)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202103/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700155/; classtype:trojan-activity;sid:84563255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700156)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201805/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700156/; classtype:trojan-activity;sid:84563256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700157)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202107/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700157/; classtype:trojan-activity;sid:84563257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700145)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202010/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700145/; classtype:trojan-activity;sid:84563245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700146)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700146/; classtype:trojan-activity;sid:84563246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700147)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201605/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700147/; classtype:trojan-activity;sid:84563247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700148)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201906/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700148/; classtype:trojan-activity;sid:84563248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700149)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202108/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700149/; classtype:trojan-activity;sid:84563249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700150)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202104/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700150/; classtype:trojan-activity;sid:84563250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700151)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201611/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700151/; classtype:trojan-activity;sid:84563251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700152)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201605/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700152/; classtype:trojan-activity;sid:84563252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700153)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201604/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700153/; classtype:trojan-activity;sid:84563253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700154)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.79.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700154/; classtype:trojan-activity;sid:84563254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700144)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202406/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700144/; classtype:trojan-activity;sid:84563244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700140)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msgaddfiles/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700140/; classtype:trojan-activity;sid:84563240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700141)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201607/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700141/; classtype:trojan-activity;sid:84563241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700142)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201609/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700142/; classtype:trojan-activity;sid:84563242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700143)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201603/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700143/; classtype:trojan-activity;sid:84563243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700139)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700139/; classtype:trojan-activity;sid:84563239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700134)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialqcimage/video.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700134/; classtype:trojan-activity;sid:84563234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700135)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700135/; classtype:trojan-activity;sid:84563235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700136)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/sy/photo.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700136/; classtype:trojan-activity;sid:84563236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700137)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201612/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700137/; classtype:trojan-activity;sid:84563237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700138)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202108/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700138/; classtype:trojan-activity;sid:84563238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700130)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201612/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700130/; classtype:trojan-activity;sid:84563230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700131)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700131/; classtype:trojan-activity;sid:84563231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700132)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201605/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700132/; classtype:trojan-activity;sid:84563232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700133)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202112/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700133/; classtype:trojan-activity;sid:84563233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700118)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/05/photo.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700118/; classtype:trojan-activity;sid:84563218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700119)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201611/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700119/; classtype:trojan-activity;sid:84563219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700120)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/infodb/av.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700120/; classtype:trojan-activity;sid:84563220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700121)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/install/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700121/; classtype:trojan-activity;sid:84563221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700122)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202007/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700122/; classtype:trojan-activity;sid:84563222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700123)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700123/; classtype:trojan-activity;sid:84563223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700124)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201704/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700124/; classtype:trojan-activity;sid:84563224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700125)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/repair_img/photo.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700125/; classtype:trojan-activity;sid:84563225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700126)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202101/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700126/; classtype:trojan-activity;sid:84563226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700127)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201610/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700127/; classtype:trojan-activity;sid:84563227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700128)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202102/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700128/; classtype:trojan-activity;sid:84563228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.135.225.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700129/; classtype:trojan-activity;sid:84563229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700116)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201710/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700116/; classtype:trojan-activity;sid:84563216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700117)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201611/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700117/; classtype:trojan-activity;sid:84563217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700114)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202106/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700114/; classtype:trojan-activity;sid:84563214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700115)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201801/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700115/; classtype:trojan-activity;sid:84563215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700113)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.204.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700113/; classtype:trojan-activity;sid:84563213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700104)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202205/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700104/; classtype:trojan-activity;sid:84563204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700105)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.89.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700105/; classtype:trojan-activity;sid:84563205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700106)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201604/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700106/; classtype:trojan-activity;sid:84563206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700107)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700107/; classtype:trojan-activity;sid:84563207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700108)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/emppic/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700108/; classtype:trojan-activity;sid:84563208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700109)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/video.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700109/; classtype:trojan-activity;sid:84563209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700110)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.119.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700110/; classtype:trojan-activity;sid:84563210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700111)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201707/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700111/; classtype:trojan-activity;sid:84563211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700112)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700112/; classtype:trojan-activity;sid:84563212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700083)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201903/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700083/; classtype:trojan-activity;sid:84563183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700084)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201601/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700084/; classtype:trojan-activity;sid:84563184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700085)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201608/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700085/; classtype:trojan-activity;sid:84563185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700086)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202010/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700086/; classtype:trojan-activity;sid:84563186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700087)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202505/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700087/; classtype:trojan-activity;sid:84563187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700088)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/07/photo.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700088/; classtype:trojan-activity;sid:84563188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700089)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202108/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700089/; classtype:trojan-activity;sid:84563189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700090)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201605/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700090/; classtype:trojan-activity;sid:84563190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700091)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201605/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700091/; classtype:trojan-activity;sid:84563191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700092)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202406/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700092/; classtype:trojan-activity;sid:84563192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700093)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201709/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700093/; classtype:trojan-activity;sid:84563193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700094)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202103/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700094/; classtype:trojan-activity;sid:84563194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700095)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700095/; classtype:trojan-activity;sid:84563195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700096)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700096/; classtype:trojan-activity;sid:84563196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700097)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201707/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700097/; classtype:trojan-activity;sid:84563197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700098)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialqcimage/video.scr"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700098/; classtype:trojan-activity;sid:84563198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700099)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201807/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700099/; classtype:trojan-activity;sid:84563199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700100)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.81.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700100/; classtype:trojan-activity;sid:84563200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700101)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201511/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700101/; classtype:trojan-activity;sid:84563201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700102)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/av.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700102/; classtype:trojan-activity;sid:84563202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700103)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/repair_img/video.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700103/; classtype:trojan-activity;sid:84563203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700080)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201606/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700080/; classtype:trojan-activity;sid:84563180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700081)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201608/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700081/; classtype:trojan-activity;sid:84563181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700082)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202102/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700082/; classtype:trojan-activity;sid:84563182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700074)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202101/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700074/; classtype:trojan-activity;sid:84563174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700075)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201804/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700075/; classtype:trojan-activity;sid:84563175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700076)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201604/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700076/; classtype:trojan-activity;sid:84563176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700077)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700077/; classtype:trojan-activity;sid:84563177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700078)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201608/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700078/; classtype:trojan-activity;sid:84563178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700079)"; flow:established,from_client; content:"GET"; http_method; content:"/program/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700079/; classtype:trojan-activity;sid:84563179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700073)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.113.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700073/; classtype:trojan-activity;sid:84563173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700070)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.83.113.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700070/; classtype:trojan-activity;sid:84563170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700071)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201603/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700071/; classtype:trojan-activity;sid:84563171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700072)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202104/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700072/; classtype:trojan-activity;sid:84563172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700061)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"218.95.81.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700061/; classtype:trojan-activity;sid:84563161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700062)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201512/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700062/; classtype:trojan-activity;sid:84563162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700063)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.135.225.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700063/; classtype:trojan-activity;sid:84563163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700064)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202101/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700064/; classtype:trojan-activity;sid:84563164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700065)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700065/; classtype:trojan-activity;sid:84563165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700066)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201711/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700066/; classtype:trojan-activity;sid:84563166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700067)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202007/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700067/; classtype:trojan-activity;sid:84563167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700068)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201801/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700068/; classtype:trojan-activity;sid:84563168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700069)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/06/video.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700069/; classtype:trojan-activity;sid:84563169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700051)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201907/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700051/; classtype:trojan-activity;sid:84563151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700052)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202301/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700052/; classtype:trojan-activity;sid:84563152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700053)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202112/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700053/; classtype:trojan-activity;sid:84563153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700054)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700054/; classtype:trojan-activity;sid:84563154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700055)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/setup/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700055/; classtype:trojan-activity;sid:84563155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700056)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201802/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700056/; classtype:trojan-activity;sid:84563156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700057)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/infodb/video.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700057/; classtype:trojan-activity;sid:84563157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700058)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201809/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700058/; classtype:trojan-activity;sid:84563158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700059)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.89.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700059/; classtype:trojan-activity;sid:84563159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700060)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msg/av.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700060/; classtype:trojan-activity;sid:84563160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700049)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202109/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700049/; classtype:trojan-activity;sid:84563149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700050)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202203/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700050/; classtype:trojan-activity;sid:84563150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700045)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.95.81.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700045/; classtype:trojan-activity;sid:84563145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700046)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201611/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700046/; classtype:trojan-activity;sid:84563146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700047)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/05/av.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700047/; classtype:trojan-activity;sid:84563147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700048)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201611/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700048/; classtype:trojan-activity;sid:84563148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700043)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialqcimage/photo.scr"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700043/; classtype:trojan-activity;sid:84563143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700044)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.226.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700044/; classtype:trojan-activity;sid:84563144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700042)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.26.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700042/; classtype:trojan-activity;sid:84563142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700039)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.158.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700039/; classtype:trojan-activity;sid:84563139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700040)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201710/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700040/; classtype:trojan-activity;sid:84563140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700041)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201708/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700041/; classtype:trojan-activity;sid:84563141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700032)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.76.61.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700032/; classtype:trojan-activity;sid:84563132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700033)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/userimage/photo.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700033/; classtype:trojan-activity;sid:84563133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700034)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/202408/photo.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700034/; classtype:trojan-activity;sid:84563134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700035)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/06/video.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700035/; classtype:trojan-activity;sid:84563135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700036)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202101/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700036/; classtype:trojan-activity;sid:84563136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700037)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201607/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700037/; classtype:trojan-activity;sid:84563137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700038)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/05/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700038/; classtype:trojan-activity;sid:84563138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700028)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.158.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700028/; classtype:trojan-activity;sid:84563128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700029)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/update/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700029/; classtype:trojan-activity;sid:84563129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700030)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/equipimage/av.scr"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700030/; classtype:trojan-activity;sid:84563130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700031)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.158.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700031/; classtype:trojan-activity;sid:84563131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700024)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.99.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700024/; classtype:trojan-activity;sid:84563124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700025)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.118.243.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700025/; classtype:trojan-activity;sid:84563125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700026)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201611/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700026/; classtype:trojan-activity;sid:84563126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700027)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201702/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700027/; classtype:trojan-activity;sid:84563127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700023)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.26.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700023/; classtype:trojan-activity;sid:84563123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700021)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201705/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700021/; classtype:trojan-activity;sid:84563121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700022)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201907/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700022/; classtype:trojan-activity;sid:84563122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700016)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201611/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700016/; classtype:trojan-activity;sid:84563116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700017)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.154.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700017/; classtype:trojan-activity;sid:84563117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700018)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201705/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700018/; classtype:trojan-activity;sid:84563118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.89.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700019/; classtype:trojan-activity;sid:84563119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700020)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700020/; classtype:trojan-activity;sid:84563120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700010)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201907/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700010/; classtype:trojan-activity;sid:84563110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700011)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201610/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700011/; classtype:trojan-activity;sid:84563111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700012)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202203/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700012/; classtype:trojan-activity;sid:84563112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700013)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700013/; classtype:trojan-activity;sid:84563113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700014)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202102/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700014/; classtype:trojan-activity;sid:84563114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700015)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700015/; classtype:trojan-activity;sid:84563115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700007)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202010/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700007/; classtype:trojan-activity;sid:84563107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700008)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.177.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700008/; classtype:trojan-activity;sid:84563108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700009)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201703/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700009/; classtype:trojan-activity;sid:84563109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700006)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.226.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700006/; classtype:trojan-activity;sid:84563106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700001)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/emppic/video.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700001/; classtype:trojan-activity;sid:84563101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700002)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/inspecterrorimage/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700002/; classtype:trojan-activity;sid:84563102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700003)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/05/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700003/; classtype:trojan-activity;sid:84563103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700004)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.119.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700004/; classtype:trojan-activity;sid:84563104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700005)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202007/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700005/; classtype:trojan-activity;sid:84563105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699998)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201710/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699998/; classtype:trojan-activity;sid:84563098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699999)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201512/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699999/; classtype:trojan-activity;sid:84563099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700000)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201809/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700000/; classtype:trojan-activity;sid:84563100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699997)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699997/; classtype:trojan-activity;sid:84563097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699991)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699991/; classtype:trojan-activity;sid:84563091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699992)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202010/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699992/; classtype:trojan-activity;sid:84563092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699993)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201806/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699993/; classtype:trojan-activity;sid:84563093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699994)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201704/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699994/; classtype:trojan-activity;sid:84563094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699995)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.113.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699995/; classtype:trojan-activity;sid:84563095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699996)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201711/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699996/; classtype:trojan-activity;sid:84563096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699987)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.5.119"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699987/; classtype:trojan-activity;sid:84563087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699988)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699988/; classtype:trojan-activity;sid:84563088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699989)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202305/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699989/; classtype:trojan-activity;sid:84563089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699990)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202008/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699990/; classtype:trojan-activity;sid:84563090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699984)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.243.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699984/; classtype:trojan-activity;sid:84563084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699985)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201804/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699985/; classtype:trojan-activity;sid:84563085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699986)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201609/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699986/; classtype:trojan-activity;sid:84563086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699981)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699981/; classtype:trojan-activity;sid:84563081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699982)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699982/; classtype:trojan-activity;sid:84563082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699983)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201610/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699983/; classtype:trojan-activity;sid:84563083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699979)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.158.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699979/; classtype:trojan-activity;sid:84563079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699980)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msg/photo.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699980/; classtype:trojan-activity;sid:84563080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699971)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202505/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699971/; classtype:trojan-activity;sid:84563071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699972)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202110/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699972/; classtype:trojan-activity;sid:84563072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699973)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.95.81.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699973/; classtype:trojan-activity;sid:84563073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699974)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201608/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699974/; classtype:trojan-activity;sid:84563074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699975)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201602/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699975/; classtype:trojan-activity;sid:84563075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699976)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201801/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699976/; classtype:trojan-activity;sid:84563076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699977)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.115.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699977/; classtype:trojan-activity;sid:84563077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699978)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.178.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699978/; classtype:trojan-activity;sid:84563078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699967)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.91.141.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699967/; classtype:trojan-activity;sid:84563067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699968)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202008/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699968/; classtype:trojan-activity;sid:84563068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699969)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699969/; classtype:trojan-activity;sid:84563069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699970)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.182.165.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699970/; classtype:trojan-activity;sid:84563070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699964)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202012/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699964/; classtype:trojan-activity;sid:84563064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699965)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201801/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699965/; classtype:trojan-activity;sid:84563065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699966)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201706/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699966/; classtype:trojan-activity;sid:84563066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699963)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201701/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699963/; classtype:trojan-activity;sid:84563063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699962)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201707/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699962/; classtype:trojan-activity;sid:84563062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699959)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201804/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699959/; classtype:trojan-activity;sid:84563059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699960)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msgaddfiles/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699960/; classtype:trojan-activity;sid:84563060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699961)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201711/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699961/; classtype:trojan-activity;sid:84563061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699958)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.113.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699958/; classtype:trojan-activity;sid:84563058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699947)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201907/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699947/; classtype:trojan-activity;sid:84563047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699948)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialimage/video.scr"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699948/; classtype:trojan-activity;sid:84563048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699949)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201609/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699949/; classtype:trojan-activity;sid:84563049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699950)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201601/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699950/; classtype:trojan-activity;sid:84563050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699951)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202110/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699951/; classtype:trojan-activity;sid:84563051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699952)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201906/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699952/; classtype:trojan-activity;sid:84563052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699953)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201710/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699953/; classtype:trojan-activity;sid:84563053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699954)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201607/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699954/; classtype:trojan-activity;sid:84563054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699955)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202106/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699955/; classtype:trojan-activity;sid:84563055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699956)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202003/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699956/; classtype:trojan-activity;sid:84563056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699957)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201611/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699957/; classtype:trojan-activity;sid:84563057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699945)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202008/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699945/; classtype:trojan-activity;sid:84563045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699946)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201803/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699946/; classtype:trojan-activity;sid:84563046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699944)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.215.17.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699944/; classtype:trojan-activity;sid:84563044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699942)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202506/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699942/; classtype:trojan-activity;sid:84563042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699943)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201704/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699943/; classtype:trojan-activity;sid:84563043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699933)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201607/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699933/; classtype:trojan-activity;sid:84563033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699934)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699934/; classtype:trojan-activity;sid:84563034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699935)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202009/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699935/; classtype:trojan-activity;sid:84563035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699936)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201605/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699936/; classtype:trojan-activity;sid:84563036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699937)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.159.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699937/; classtype:trojan-activity;sid:84563037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699938)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201806/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699938/; classtype:trojan-activity;sid:84563038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699939)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201604/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699939/; classtype:trojan-activity;sid:84563039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699940)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.243.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699940/; classtype:trojan-activity;sid:84563040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699941)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201903/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699941/; classtype:trojan-activity;sid:84563041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699932)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.89.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699932/; classtype:trojan-activity;sid:84563032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699931)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201612/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699931/; classtype:trojan-activity;sid:84563031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699927)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201806/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699927/; classtype:trojan-activity;sid:84563027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699928)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202506/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699928/; classtype:trojan-activity;sid:84563028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699929)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202405/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699929/; classtype:trojan-activity;sid:84563029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699930)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201801/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699930/; classtype:trojan-activity;sid:84563030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699924)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201603/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699924/; classtype:trojan-activity;sid:84563024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699925)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699925/; classtype:trojan-activity;sid:84563025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699926)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201907/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699926/; classtype:trojan-activity;sid:84563026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699917)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202301/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699917/; classtype:trojan-activity;sid:84563017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699918)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699918/; classtype:trojan-activity;sid:84563018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699919)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201801/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699919/; classtype:trojan-activity;sid:84563019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699920)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/infodb/video.scr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699920/; classtype:trojan-activity;sid:84563020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699921)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/equipimage/video.scr"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699921/; classtype:trojan-activity;sid:84563021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699922)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201604/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699922/; classtype:trojan-activity;sid:84563022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699923)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202405/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699923/; classtype:trojan-activity;sid:84563023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699916)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201710/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699916/; classtype:trojan-activity;sid:84563016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699913)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201602/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699913/; classtype:trojan-activity;sid:84563013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699914)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201811/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699914/; classtype:trojan-activity;sid:84563014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699915)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/equipimage/photo.scr"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699915/; classtype:trojan-activity;sid:84563015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699909)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202012/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699909/; classtype:trojan-activity;sid:84563009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699910)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201809/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699910/; classtype:trojan-activity;sid:84563010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699911)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/photo.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699911/; classtype:trojan-activity;sid:84563011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699912)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201612/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699912/; classtype:trojan-activity;sid:84563012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699903)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201805/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699903/; classtype:trojan-activity;sid:84563003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699904)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699904/; classtype:trojan-activity;sid:84563004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699905)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699905/; classtype:trojan-activity;sid:84563005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699906)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201804/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699906/; classtype:trojan-activity;sid:84563006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699907)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.194.81.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699907/; classtype:trojan-activity;sid:84563007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699908)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/02/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699908/; classtype:trojan-activity;sid:84563008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699896)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202205/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699896/; classtype:trojan-activity;sid:84562996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699897)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201702/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699897/; classtype:trojan-activity;sid:84562997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699898)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201709/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699898/; classtype:trojan-activity;sid:84562998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699899)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201805/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699899/; classtype:trojan-activity;sid:84562999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699900)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201705/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699900/; classtype:trojan-activity;sid:84563000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699901)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201702/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699901/; classtype:trojan-activity;sid:84563001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699902)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201906/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699902/; classtype:trojan-activity;sid:84563002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699894)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201809/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699894/; classtype:trojan-activity;sid:84562994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699895)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202008/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699895/; classtype:trojan-activity;sid:84562995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699886)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202205/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699886/; classtype:trojan-activity;sid:84562986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699887)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201710/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699887/; classtype:trojan-activity;sid:84562987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699888)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201710/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699888/; classtype:trojan-activity;sid:84562988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699889)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.117.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699889/; classtype:trojan-activity;sid:84562989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699890)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202003/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699890/; classtype:trojan-activity;sid:84562990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699891)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msgaddfiles/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699891/; classtype:trojan-activity;sid:84562991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699892)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/equipimage/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699892/; classtype:trojan-activity;sid:84562992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699893)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.82.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699893/; classtype:trojan-activity;sid:84562993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699884)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201607/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699884/; classtype:trojan-activity;sid:84562984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699885)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/inspecterrorimage/photo.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699885/; classtype:trojan-activity;sid:84562985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699874)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201601/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699874/; classtype:trojan-activity;sid:84562974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699875)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202106/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699875/; classtype:trojan-activity;sid:84562975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699876)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201511/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699876/; classtype:trojan-activity;sid:84562976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699877)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201607/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699877/; classtype:trojan-activity;sid:84562977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699878)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699878/; classtype:trojan-activity;sid:84562978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699879)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202202/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699879/; classtype:trojan-activity;sid:84562979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699880)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/infodb/photo.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699880/; classtype:trojan-activity;sid:84562980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699881)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empstamp/video.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699881/; classtype:trojan-activity;sid:84562981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699882)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201705/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699882/; classtype:trojan-activity;sid:84562982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699883)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201512/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699883/; classtype:trojan-activity;sid:84562983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699873)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201607/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699873/; classtype:trojan-activity;sid:84562973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699867)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202007/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699867/; classtype:trojan-activity;sid:84562967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699868)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/07/video.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699868/; classtype:trojan-activity;sid:84562968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699869)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.178.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699869/; classtype:trojan-activity;sid:84562969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699870)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.178.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699870/; classtype:trojan-activity;sid:84562970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699871)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202506/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699871/; classtype:trojan-activity;sid:84562971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699872)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/202105/photo.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699872/; classtype:trojan-activity;sid:84562972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699866)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202405/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699866/; classtype:trojan-activity;sid:84562966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699864)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201806/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699864/; classtype:trojan-activity;sid:84562964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699865)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201706/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699865/; classtype:trojan-activity;sid:84562965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699856)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/av.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699856/; classtype:trojan-activity;sid:84562956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699857)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201607/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699857/; classtype:trojan-activity;sid:84562957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699858)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.154.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699858/; classtype:trojan-activity;sid:84562958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699859)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202007/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699859/; classtype:trojan-activity;sid:84562959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699860)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/04/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699860/; classtype:trojan-activity;sid:84562960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699861)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201806/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699861/; classtype:trojan-activity;sid:84562961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699862)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699862/; classtype:trojan-activity;sid:84562962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699863)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201802/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699863/; classtype:trojan-activity;sid:84562963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699851)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202505/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699851/; classtype:trojan-activity;sid:84562951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699852)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/08/video.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699852/; classtype:trojan-activity;sid:84562952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699853)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201609/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699853/; classtype:trojan-activity;sid:84562953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699854)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201701/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699854/; classtype:trojan-activity;sid:84562954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699855)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.76.61.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699855/; classtype:trojan-activity;sid:84562955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699849)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/photo.scr"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699849/; classtype:trojan-activity;sid:84562949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699850)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202102/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699850/; classtype:trojan-activity;sid:84562950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699848)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.193.68.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699848/; classtype:trojan-activity;sid:84562948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699846)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202109/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699846/; classtype:trojan-activity;sid:84562946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699847)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202107/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699847/; classtype:trojan-activity;sid:84562947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699840)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201806/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699840/; classtype:trojan-activity;sid:84562940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699841)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202110/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699841/; classtype:trojan-activity;sid:84562941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699842)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202102/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699842/; classtype:trojan-activity;sid:84562942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699843)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202510/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699843/; classtype:trojan-activity;sid:84562943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699844)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699844/; classtype:trojan-activity;sid:84562944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699845)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201608/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699845/; classtype:trojan-activity;sid:84562945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699835)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201608/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699835/; classtype:trojan-activity;sid:84562935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699836)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201804/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699836/; classtype:trojan-activity;sid:84562936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699837)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699837/; classtype:trojan-activity;sid:84562937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699838)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202508/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699838/; classtype:trojan-activity;sid:84562938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699839)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699839/; classtype:trojan-activity;sid:84562939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699833)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201604/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699833/; classtype:trojan-activity;sid:84562933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699834)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialimage/photo.scr"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699834/; classtype:trojan-activity;sid:84562934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699831)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202108/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699831/; classtype:trojan-activity;sid:84562931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699832)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202012/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699832/; classtype:trojan-activity;sid:84562932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699826)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202012/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699826/; classtype:trojan-activity;sid:84562926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699827)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699827/; classtype:trojan-activity;sid:84562927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699828)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/update/winnt/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699828/; classtype:trojan-activity;sid:84562928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699829)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msg/video.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699829/; classtype:trojan-activity;sid:84562929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699830)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202105/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699830/; classtype:trojan-activity;sid:84562930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699825)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202102/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699825/; classtype:trojan-activity;sid:84562925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699823)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201702/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699823/; classtype:trojan-activity;sid:84562923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699824)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202107/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699824/; classtype:trojan-activity;sid:84562924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699818)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.182.165.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699818/; classtype:trojan-activity;sid:84562918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699819)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201708/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699819/; classtype:trojan-activity;sid:84562919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699820)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201703/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699820/; classtype:trojan-activity;sid:84562920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699821)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202301/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699821/; classtype:trojan-activity;sid:84562921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699822)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699822/; classtype:trojan-activity;sid:84562922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699815)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202108/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699815/; classtype:trojan-activity;sid:84562915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699816)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201803/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699816/; classtype:trojan-activity;sid:84562916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699817)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202008/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699817/; classtype:trojan-activity;sid:84562917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699812)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699812/; classtype:trojan-activity;sid:84562912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699813)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/08/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699813/; classtype:trojan-activity;sid:84562913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699814)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empseal/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699814/; classtype:trojan-activity;sid:84562914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699810)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/video.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699810/; classtype:trojan-activity;sid:84562910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699811)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.213.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699811/; classtype:trojan-activity;sid:84562911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699807)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202010/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699807/; classtype:trojan-activity;sid:84562907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699808)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201608/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699808/; classtype:trojan-activity;sid:84562908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699809)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201702/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699809/; classtype:trojan-activity;sid:84562909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699804)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202405/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699804/; classtype:trojan-activity;sid:84562904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699805)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201802/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699805/; classtype:trojan-activity;sid:84562905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699806)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202008/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699806/; classtype:trojan-activity;sid:84562906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699802)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202003/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699802/; classtype:trojan-activity;sid:84562902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699803)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/07/av.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699803/; classtype:trojan-activity;sid:84562903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699798)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/sy/av.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699798/; classtype:trojan-activity;sid:84562898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699799)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201903/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699799/; classtype:trojan-activity;sid:84562899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699800)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201705/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699800/; classtype:trojan-activity;sid:84562900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699801)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.50.214.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699801/; classtype:trojan-activity;sid:84562901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699788)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.79.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699788/; classtype:trojan-activity;sid:84562888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699789)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/201607/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699789/; classtype:trojan-activity;sid:84562889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699790)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201802/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699790/; classtype:trojan-activity;sid:84562890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699791)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201703/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699791/; classtype:trojan-activity;sid:84562891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699792)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202008/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699792/; classtype:trojan-activity;sid:84562892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699793)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699793/; classtype:trojan-activity;sid:84562893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699794)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201709/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699794/; classtype:trojan-activity;sid:84562894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699795)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201702/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699795/; classtype:trojan-activity;sid:84562895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699796)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202007/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699796/; classtype:trojan-activity;sid:84562896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699797)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202007/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699797/; classtype:trojan-activity;sid:84562897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699783)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202009/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699783/; classtype:trojan-activity;sid:84562883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699784)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202110/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699784/; classtype:trojan-activity;sid:84562884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699785)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201906/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699785/; classtype:trojan-activity;sid:84562885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699786)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202301/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699786/; classtype:trojan-activity;sid:84562886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699787)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202508/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699787/; classtype:trojan-activity;sid:84562887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699782)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201612/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699782/; classtype:trojan-activity;sid:84562882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699779)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/202208/photo.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699779/; classtype:trojan-activity;sid:84562879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699780)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2010/zust%c3%a4nde2010/photo.scr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699780/; classtype:trojan-activity;sid:84562880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699781)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/docuimage/photo.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699781/; classtype:trojan-activity;sid:84562881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699778)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202203/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699778/; classtype:trojan-activity;sid:84562878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699776)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202110/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699776/; classtype:trojan-activity;sid:84562876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699777)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201805/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699777/; classtype:trojan-activity;sid:84562877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699771)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202008/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699771/; classtype:trojan-activity;sid:84562871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699772)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201801/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699772/; classtype:trojan-activity;sid:84562872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699773)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201711/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699773/; classtype:trojan-activity;sid:84562873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699774)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/06/av.scr"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699774/; classtype:trojan-activity;sid:84562874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699775)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201612/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699775/; classtype:trojan-activity;sid:84562875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699766)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201701/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699766/; classtype:trojan-activity;sid:84562866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699767)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.89.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699767/; classtype:trojan-activity;sid:84562867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699768)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699768/; classtype:trojan-activity;sid:84562868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699769)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/repair_img/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699769/; classtype:trojan-activity;sid:84562869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699770)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202007/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699770/; classtype:trojan-activity;sid:84562870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699762)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202508/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699762/; classtype:trojan-activity;sid:84562862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699763)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202305/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699763/; classtype:trojan-activity;sid:84562863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699764)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empseal/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699764/; classtype:trojan-activity;sid:84562864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699765)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201607/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699765/; classtype:trojan-activity;sid:84562865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699758)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.99.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699758/; classtype:trojan-activity;sid:84562858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699759)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202105/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699759/; classtype:trojan-activity;sid:84562859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699760)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202009/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699760/; classtype:trojan-activity;sid:84562860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699761)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202205/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699761/; classtype:trojan-activity;sid:84562861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699751)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empseal/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699751/; classtype:trojan-activity;sid:84562851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699752)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202102/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699752/; classtype:trojan-activity;sid:84562852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699753)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201603/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699753/; classtype:trojan-activity;sid:84562853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699754)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201608/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699754/; classtype:trojan-activity;sid:84562854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699755)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/userimage/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699755/; classtype:trojan-activity;sid:84562855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699756)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.81.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699756/; classtype:trojan-activity;sid:84562856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699757)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/06/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699757/; classtype:trojan-activity;sid:84562857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699749)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699749/; classtype:trojan-activity;sid:84562849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699750)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/06/video.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699750/; classtype:trojan-activity;sid:84562850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699743)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202508/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699743/; classtype:trojan-activity;sid:84562843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699744)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201907/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699744/; classtype:trojan-activity;sid:84562844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699745)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202506/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699745/; classtype:trojan-activity;sid:84562845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699746)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202106/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699746/; classtype:trojan-activity;sid:84562846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699747)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/setup/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699747/; classtype:trojan-activity;sid:84562847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699748)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.118.243.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699748/; classtype:trojan-activity;sid:84562848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699739)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202103/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699739/; classtype:trojan-activity;sid:84562839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699740)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201606/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699740/; classtype:trojan-activity;sid:84562840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699741)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/201607/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699741/; classtype:trojan-activity;sid:84562841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699742)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202112/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699742/; classtype:trojan-activity;sid:84562842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699735)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202406/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699735/; classtype:trojan-activity;sid:84562835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699736)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201706/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699736/; classtype:trojan-activity;sid:84562836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699737)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.204.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699737/; classtype:trojan-activity;sid:84562837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699738)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/06/photo.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699738/; classtype:trojan-activity;sid:84562838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699732)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202008/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699732/; classtype:trojan-activity;sid:84562832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699733)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201704/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699733/; classtype:trojan-activity;sid:84562833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699734)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201804/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699734/; classtype:trojan-activity;sid:84562834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699726)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201903/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699726/; classtype:trojan-activity;sid:84562826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699727)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201804/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699727/; classtype:trojan-activity;sid:84562827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699728)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201710/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699728/; classtype:trojan-activity;sid:84562828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699729)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201806/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699729/; classtype:trojan-activity;sid:84562829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699730)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201805/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699730/; classtype:trojan-activity;sid:84562830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699731)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201608/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699731/; classtype:trojan-activity;sid:84562831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699723)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2010/anzug/photo.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699723/; classtype:trojan-activity;sid:84562823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699724)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201610/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699724/; classtype:trojan-activity;sid:84562824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699725)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699725/; classtype:trojan-activity;sid:84562825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699721)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.182.165.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699721/; classtype:trojan-activity;sid:84562821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699722)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699722/; classtype:trojan-activity;sid:84562822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699718)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202405/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699718/; classtype:trojan-activity;sid:84562818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699719)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialqcimage/photo.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699719/; classtype:trojan-activity;sid:84562819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699720)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201806/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699720/; classtype:trojan-activity;sid:84562820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699709)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201707/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699709/; classtype:trojan-activity;sid:84562809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699710)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699710/; classtype:trojan-activity;sid:84562810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699711)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/201607/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699711/; classtype:trojan-activity;sid:84562811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699712)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201805/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699712/; classtype:trojan-activity;sid:84562812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699713)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202506/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699713/; classtype:trojan-activity;sid:84562813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699714)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/202105/av.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699714/; classtype:trojan-activity;sid:84562814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699715)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.154.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699715/; classtype:trojan-activity;sid:84562815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699716)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201606/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699716/; classtype:trojan-activity;sid:84562816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699717)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.79.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699717/; classtype:trojan-activity;sid:84562817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699704)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202003/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699704/; classtype:trojan-activity;sid:84562804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699705)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empseal/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699705/; classtype:trojan-activity;sid:84562805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699706)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/05/photo.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699706/; classtype:trojan-activity;sid:84562806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699707)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201707/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699707/; classtype:trojan-activity;sid:84562807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699708)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/infodb/av.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699708/; classtype:trojan-activity;sid:84562808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699702)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201606/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699702/; classtype:trojan-activity;sid:84562802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699703)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201804/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699703/; classtype:trojan-activity;sid:84562803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699699)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699699/; classtype:trojan-activity;sid:84562799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699700)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201610/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699700/; classtype:trojan-activity;sid:84562800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699701)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201607/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699701/; classtype:trojan-activity;sid:84562801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699697)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.85.26.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699697/; classtype:trojan-activity;sid:84562797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699698)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201903/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699698/; classtype:trojan-activity;sid:84562798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699692)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201710/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699692/; classtype:trojan-activity;sid:84562792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699693)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialqcimage/av.scr"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699693/; classtype:trojan-activity;sid:84562793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699694)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201809/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699694/; classtype:trojan-activity;sid:84562794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699695)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202108/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699695/; classtype:trojan-activity;sid:84562795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699696)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202008/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699696/; classtype:trojan-activity;sid:84562796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699690)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.171.160.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699690/; classtype:trojan-activity;sid:84562790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699691)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201705/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699691/; classtype:trojan-activity;sid:84562791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699689)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.113.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699689/; classtype:trojan-activity;sid:84562789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699685)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699685/; classtype:trojan-activity;sid:84562785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699686)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201907/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699686/; classtype:trojan-activity;sid:84562786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699687)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201604/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699687/; classtype:trojan-activity;sid:84562787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699688)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202203/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699688/; classtype:trojan-activity;sid:84562788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699675)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201707/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699675/; classtype:trojan-activity;sid:84562775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699676)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.135.225.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699676/; classtype:trojan-activity;sid:84562776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699677)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/docuimage/video.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699677/; classtype:trojan-activity;sid:84562777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699678)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201606/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699678/; classtype:trojan-activity;sid:84562778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699679)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/repair_img/av.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699679/; classtype:trojan-activity;sid:84562779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699680)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/202208/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699680/; classtype:trojan-activity;sid:84562780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699681)"; flow:established,from_client; content:"GET"; http_method; content:"/tinh_cuoc_xe/2025/thanh%20ti%c3%aan/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"103.226.249.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699681/; classtype:trojan-activity;sid:84562781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699682)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201701/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699682/; classtype:trojan-activity;sid:84562782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699683)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201702/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699683/; classtype:trojan-activity;sid:84562783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699684)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/inspecterrorimage/av.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699684/; classtype:trojan-activity;sid:84562784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699674)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.89.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699674/; classtype:trojan-activity;sid:84562774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699673)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201604/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699673/; classtype:trojan-activity;sid:84562773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699671)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201803/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699671/; classtype:trojan-activity;sid:84562771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699672)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.169.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699672/; classtype:trojan-activity;sid:84562772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699666)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202509/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699666/; classtype:trojan-activity;sid:84562766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699667)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201706/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699667/; classtype:trojan-activity;sid:84562767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699668)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.154.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699668/; classtype:trojan-activity;sid:84562768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699669)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201704/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699669/; classtype:trojan-activity;sid:84562769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699670)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202007/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699670/; classtype:trojan-activity;sid:84562770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699652)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/05/video.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699652/; classtype:trojan-activity;sid:84562752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699653)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/equipimage/av.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699653/; classtype:trojan-activity;sid:84562753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699654)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699654/; classtype:trojan-activity;sid:84562754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699655)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202007/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699655/; classtype:trojan-activity;sid:84562755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699656)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699656/; classtype:trojan-activity;sid:84562756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699657)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202202/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699657/; classtype:trojan-activity;sid:84562757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699658)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/05/video.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699658/; classtype:trojan-activity;sid:84562758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699659)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201806/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699659/; classtype:trojan-activity;sid:84562759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699660)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201707/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699660/; classtype:trojan-activity;sid:84562760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699661)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201709/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699661/; classtype:trojan-activity;sid:84562761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699662)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202202/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699662/; classtype:trojan-activity;sid:84562762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699663)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.135.225.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699663/; classtype:trojan-activity;sid:84562763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699664)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/05/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699664/; classtype:trojan-activity;sid:84562764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699665)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.154.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699665/; classtype:trojan-activity;sid:84562765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699651)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699651/; classtype:trojan-activity;sid:84562751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699649)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202112/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699649/; classtype:trojan-activity;sid:84562749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699650)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201610/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699650/; classtype:trojan-activity;sid:84562750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699646)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201705/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699646/; classtype:trojan-activity;sid:84562746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699647)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202305/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699647/; classtype:trojan-activity;sid:84562747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699648)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202009/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699648/; classtype:trojan-activity;sid:84562748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699641)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201807/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699641/; classtype:trojan-activity;sid:84562741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699642)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.76.61.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699642/; classtype:trojan-activity;sid:84562742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699643)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699643/; classtype:trojan-activity;sid:84562743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699644)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201707/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699644/; classtype:trojan-activity;sid:84562744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699645)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/infodb/photo.scr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699645/; classtype:trojan-activity;sid:84562745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699631)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699631/; classtype:trojan-activity;sid:84562731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699632)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/emppic/av.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699632/; classtype:trojan-activity;sid:84562732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699633)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201701/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699633/; classtype:trojan-activity;sid:84562733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699634)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/av.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699634/; classtype:trojan-activity;sid:84562734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699635)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202101/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699635/; classtype:trojan-activity;sid:84562735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699636)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699636/; classtype:trojan-activity;sid:84562736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699637)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201512/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699637/; classtype:trojan-activity;sid:84562737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699638)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/sy/video.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699638/; classtype:trojan-activity;sid:84562738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699639)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201612/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699639/; classtype:trojan-activity;sid:84562739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699640)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699640/; classtype:trojan-activity;sid:84562740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699628)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202109/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699628/; classtype:trojan-activity;sid:84562728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699629)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699629/; classtype:trojan-activity;sid:84562729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699630)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.76.61.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699630/; classtype:trojan-activity;sid:84562730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699624)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202202/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699624/; classtype:trojan-activity;sid:84562724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699625)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201702/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699625/; classtype:trojan-activity;sid:84562725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699626)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201606/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699626/; classtype:trojan-activity;sid:84562726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699627)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201811/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699627/; classtype:trojan-activity;sid:84562727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699623)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.26.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699623/; classtype:trojan-activity;sid:84562723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699621)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/update/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699621/; classtype:trojan-activity;sid:84562721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699622)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201803/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699622/; classtype:trojan-activity;sid:84562722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699620)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201610/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699620/; classtype:trojan-activity;sid:84562720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699617)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202103/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699617/; classtype:trojan-activity;sid:84562717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699618)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/08/av.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699618/; classtype:trojan-activity;sid:84562718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699619)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.89.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699619/; classtype:trojan-activity;sid:84562719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699602)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.118.243.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699602/; classtype:trojan-activity;sid:84562702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699603)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699603/; classtype:trojan-activity;sid:84562703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699604)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/05/av.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699604/; classtype:trojan-activity;sid:84562704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699605)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202301/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699605/; classtype:trojan-activity;sid:84562705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699606)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202008/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699606/; classtype:trojan-activity;sid:84562706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699607)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202009/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699607/; classtype:trojan-activity;sid:84562707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699608)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201807/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699608/; classtype:trojan-activity;sid:84562708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699609)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202008/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699609/; classtype:trojan-activity;sid:84562709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699610)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/inspecterrorimage/photo.scr"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699610/; classtype:trojan-activity;sid:84562710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699611)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201711/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699611/; classtype:trojan-activity;sid:84562711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699612)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialimage/av.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699612/; classtype:trojan-activity;sid:84562712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699613)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699613/; classtype:trojan-activity;sid:84562713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699614)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empseal/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699614/; classtype:trojan-activity;sid:84562714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699615)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201807/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699615/; classtype:trojan-activity;sid:84562715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699616)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/photo.scr"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699616/; classtype:trojan-activity;sid:84562716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699599)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202505/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699599/; classtype:trojan-activity;sid:84562699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699600)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201801/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699600/; classtype:trojan-activity;sid:84562700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699601)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201711/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699601/; classtype:trojan-activity;sid:84562701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699595)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.103.71.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699595/; classtype:trojan-activity;sid:84562695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699596)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201611/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699596/; classtype:trojan-activity;sid:84562696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699597)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201707/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699597/; classtype:trojan-activity;sid:84562697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699598)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201803/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699598/; classtype:trojan-activity;sid:84562698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699592)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empstamp/photo.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699592/; classtype:trojan-activity;sid:84562692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699593)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201811/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699593/; classtype:trojan-activity;sid:84562693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699594)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.95.81.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699594/; classtype:trojan-activity;sid:84562694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699586)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699586/; classtype:trojan-activity;sid:84562686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699587)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201710/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699587/; classtype:trojan-activity;sid:84562687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699588)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201612/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699588/; classtype:trojan-activity;sid:84562688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699589)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202008/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699589/; classtype:trojan-activity;sid:84562689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699590)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/05/video.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699590/; classtype:trojan-activity;sid:84562690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699591)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201701/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699591/; classtype:trojan-activity;sid:84562691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699584)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.169.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699584/; classtype:trojan-activity;sid:84562684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699585)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202109/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699585/; classtype:trojan-activity;sid:84562685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699581)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201706/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699581/; classtype:trojan-activity;sid:84562681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699582)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202008/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699582/; classtype:trojan-activity;sid:84562682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699583)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/05/photo.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699583/; classtype:trojan-activity;sid:84562683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699578)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699578/; classtype:trojan-activity;sid:84562678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699579)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202106/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699579/; classtype:trojan-activity;sid:84562679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699580)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.118.243.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699580/; classtype:trojan-activity;sid:84562680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699577)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202105/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699577/; classtype:trojan-activity;sid:84562677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699569)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699569/; classtype:trojan-activity;sid:84562669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699570)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/10/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699570/; classtype:trojan-activity;sid:84562670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699571)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201604/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699571/; classtype:trojan-activity;sid:84562671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699572)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/05/video.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699572/; classtype:trojan-activity;sid:84562672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699573)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201701/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699573/; classtype:trojan-activity;sid:84562673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699574)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201606/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699574/; classtype:trojan-activity;sid:84562674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699575)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/08/photo.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699575/; classtype:trojan-activity;sid:84562675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699576)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201603/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699576/; classtype:trojan-activity;sid:84562676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699566)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201605/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699566/; classtype:trojan-activity;sid:84562666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699567)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201701/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699567/; classtype:trojan-activity;sid:84562667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699568)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202305/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699568/; classtype:trojan-activity;sid:84562668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699565)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/202105/video.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699565/; classtype:trojan-activity;sid:84562665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699563)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/install/photo.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699563/; classtype:trojan-activity;sid:84562663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699564)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201609/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699564/; classtype:trojan-activity;sid:84562664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699562)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2013/handy2013/whatsapp%20bilder/photo.scr"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699562/; classtype:trojan-activity;sid:84562662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699560)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2011/berlin/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699560/; classtype:trojan-activity;sid:84562660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699561)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201805/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699561/; classtype:trojan-activity;sid:84562661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699559)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.84.169.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699559/; classtype:trojan-activity;sid:84562659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699556)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201907/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699556/; classtype:trojan-activity;sid:84562656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699557)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699557/; classtype:trojan-activity;sid:84562657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699558)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/sy/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699558/; classtype:trojan-activity;sid:84562658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699547)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202012/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699547/; classtype:trojan-activity;sid:84562647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699548)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202106/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699548/; classtype:trojan-activity;sid:84562648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699549)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201907/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699549/; classtype:trojan-activity;sid:84562649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699550)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/08/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699550/; classtype:trojan-activity;sid:84562650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699551)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201607/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699551/; classtype:trojan-activity;sid:84562651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699552)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699552/; classtype:trojan-activity;sid:84562652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699553)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/08/video.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699553/; classtype:trojan-activity;sid:84562653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699554)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202102/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699554/; classtype:trojan-activity;sid:84562654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699555)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201703/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699555/; classtype:trojan-activity;sid:84562655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699544)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201702/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699544/; classtype:trojan-activity;sid:84562644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699545)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202103/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699545/; classtype:trojan-activity;sid:84562645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699546)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201804/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699546/; classtype:trojan-activity;sid:84562646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699543)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.118.243.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699543/; classtype:trojan-activity;sid:84562643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699540)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201711/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699540/; classtype:trojan-activity;sid:84562640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699541)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202110/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699541/; classtype:trojan-activity;sid:84562641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699542)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201609/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699542/; classtype:trojan-activity;sid:84562642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699538)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/201607/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699538/; classtype:trojan-activity;sid:84562638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699539)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.182.165.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699539/; classtype:trojan-activity;sid:84562639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699528)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201608/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699528/; classtype:trojan-activity;sid:84562628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699529)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.177.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699529/; classtype:trojan-activity;sid:84562629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699530)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/infodb/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699530/; classtype:trojan-activity;sid:84562630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699531)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/05/av.scr"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699531/; classtype:trojan-activity;sid:84562631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699532)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201605/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699532/; classtype:trojan-activity;sid:84562632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699533)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202104/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699533/; classtype:trojan-activity;sid:84562633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699534)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201612/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699534/; classtype:trojan-activity;sid:84562634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699535)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/202105/av.scr"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699535/; classtype:trojan-activity;sid:84562635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699536)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201705/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699536/; classtype:trojan-activity;sid:84562636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699537)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699537/; classtype:trojan-activity;sid:84562637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699525)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201806/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699525/; classtype:trojan-activity;sid:84562625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699526)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201805/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699526/; classtype:trojan-activity;sid:84562626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699527)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/inspecterrorimage/video.scr"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699527/; classtype:trojan-activity;sid:84562627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699521)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/09/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699521/; classtype:trojan-activity;sid:84562621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699522)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699522/; classtype:trojan-activity;sid:84562622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699523)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msgaddfiles/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699523/; classtype:trojan-activity;sid:84562623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699524)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.154.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699524/; classtype:trojan-activity;sid:84562624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699518)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202009/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699518/; classtype:trojan-activity;sid:84562618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699519)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202103/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699519/; classtype:trojan-activity;sid:84562619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699520)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201806/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699520/; classtype:trojan-activity;sid:84562620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699513)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202108/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699513/; classtype:trojan-activity;sid:84562613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699514)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201705/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699514/; classtype:trojan-activity;sid:84562614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699515)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msgaddfiles/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699515/; classtype:trojan-activity;sid:84562615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699516)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201602/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699516/; classtype:trojan-activity;sid:84562616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699517)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2010/anh%c3%a4nger/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699517/; classtype:trojan-activity;sid:84562617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699506)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201702/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699506/; classtype:trojan-activity;sid:84562606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699507)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/06/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699507/; classtype:trojan-activity;sid:84562607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699508)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201807/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699508/; classtype:trojan-activity;sid:84562608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699509)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201803/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699509/; classtype:trojan-activity;sid:84562609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699510)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699510/; classtype:trojan-activity;sid:84562610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699511)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699511/; classtype:trojan-activity;sid:84562611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699512)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/06/av.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699512/; classtype:trojan-activity;sid:84562612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699501)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202506/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699501/; classtype:trojan-activity;sid:84562601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699502)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.16.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699502/; classtype:trojan-activity;sid:84562602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699503)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201706/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699503/; classtype:trojan-activity;sid:84562603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699504)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/202105/video.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699504/; classtype:trojan-activity;sid:84562604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699505)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201802/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699505/; classtype:trojan-activity;sid:84562605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699499)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201601/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699499/; classtype:trojan-activity;sid:84562599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699500)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/09/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699500/; classtype:trojan-activity;sid:84562600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699498)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.118.243.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699498/; classtype:trojan-activity;sid:84562598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699496)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202112/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699496/; classtype:trojan-activity;sid:84562596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699497)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.99.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699497/; classtype:trojan-activity;sid:84562597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699495)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.138.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699495/; classtype:trojan-activity;sid:84562595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699493)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2011/collagen/photo.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699493/; classtype:trojan-activity;sid:84562593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699494)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/emppic/av.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699494/; classtype:trojan-activity;sid:84562594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699484)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202007/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699484/; classtype:trojan-activity;sid:84562584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699485)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202009/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699485/; classtype:trojan-activity;sid:84562585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699486)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201511/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699486/; classtype:trojan-activity;sid:84562586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699487)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202405/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699487/; classtype:trojan-activity;sid:84562587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699488)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699488/; classtype:trojan-activity;sid:84562588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699489)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201702/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699489/; classtype:trojan-activity;sid:84562589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699490)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202009/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699490/; classtype:trojan-activity;sid:84562590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699491)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202008/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699491/; classtype:trojan-activity;sid:84562591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699492)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202009/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699492/; classtype:trojan-activity;sid:84562592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699482)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.135.225.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699482/; classtype:trojan-activity;sid:84562582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699483)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699483/; classtype:trojan-activity;sid:84562583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699475)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/11/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699475/; classtype:trojan-activity;sid:84562575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699476)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empseal/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699476/; classtype:trojan-activity;sid:84562576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699477)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201805/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699477/; classtype:trojan-activity;sid:84562577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699478)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201608/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699478/; classtype:trojan-activity;sid:84562578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699479)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201706/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699479/; classtype:trojan-activity;sid:84562579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699480)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201705/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699480/; classtype:trojan-activity;sid:84562580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699481)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201609/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699481/; classtype:trojan-activity;sid:84562581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699474)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/repair_img/av.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699474/; classtype:trojan-activity;sid:84562574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699467)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699467/; classtype:trojan-activity;sid:84562567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699468)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.213.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699468/; classtype:trojan-activity;sid:84562568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699469)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201511/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699469/; classtype:trojan-activity;sid:84562569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699470)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.213.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699470/; classtype:trojan-activity;sid:84562570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699471)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202009/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699471/; classtype:trojan-activity;sid:84562571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699472)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.56.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699472/; classtype:trojan-activity;sid:84562572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699473)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.79.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699473/; classtype:trojan-activity;sid:84562573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699455)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201602/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699455/; classtype:trojan-activity;sid:84562555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699456)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202012/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699456/; classtype:trojan-activity;sid:84562556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699457)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202104/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699457/; classtype:trojan-activity;sid:84562557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699458)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202104/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699458/; classtype:trojan-activity;sid:84562558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699459)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699459/; classtype:trojan-activity;sid:84562559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699460)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201602/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699460/; classtype:trojan-activity;sid:84562560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699461)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202104/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699461/; classtype:trojan-activity;sid:84562561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699462)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699462/; classtype:trojan-activity;sid:84562562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699463)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201708/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699463/; classtype:trojan-activity;sid:84562563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699464)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202003/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699464/; classtype:trojan-activity;sid:84562564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699465)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empstamp/av.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699465/; classtype:trojan-activity;sid:84562565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699466)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/06/av.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699466/; classtype:trojan-activity;sid:84562566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699449)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201707/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699449/; classtype:trojan-activity;sid:84562549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699450)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202107/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699450/; classtype:trojan-activity;sid:84562550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699451)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201612/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699451/; classtype:trojan-activity;sid:84562551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699452)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201907/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699452/; classtype:trojan-activity;sid:84562552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699453)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/06/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699453/; classtype:trojan-activity;sid:84562553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699454)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201704/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699454/; classtype:trojan-activity;sid:84562554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699448)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2011/t%c3%bcrkei2011/photo.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699448/; classtype:trojan-activity;sid:84562548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.178.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699447/; classtype:trojan-activity;sid:84562547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699446)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empstamp/photo.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699446/; classtype:trojan-activity;sid:84562546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699445)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202009/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699445/; classtype:trojan-activity;sid:84562545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699433)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202110/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699433/; classtype:trojan-activity;sid:84562533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699434)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201610/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699434/; classtype:trojan-activity;sid:84562534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699435)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699435/; classtype:trojan-activity;sid:84562535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699436)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202105/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699436/; classtype:trojan-activity;sid:84562536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699437)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msg/photo.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699437/; classtype:trojan-activity;sid:84562537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699438)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202101/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699438/; classtype:trojan-activity;sid:84562538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699439)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.5.119"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699439/; classtype:trojan-activity;sid:84562539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699440)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/07/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699440/; classtype:trojan-activity;sid:84562540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699441)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empstamp/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699441/; classtype:trojan-activity;sid:84562541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699442)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201906/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699442/; classtype:trojan-activity;sid:84562542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699443)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201801/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699443/; classtype:trojan-activity;sid:84562543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699444)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202105/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699444/; classtype:trojan-activity;sid:84562544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699427)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202109/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699427/; classtype:trojan-activity;sid:84562527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699428)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699428/; classtype:trojan-activity;sid:84562528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699429)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201811/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699429/; classtype:trojan-activity;sid:84562529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699430)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialqcimage/av.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699430/; classtype:trojan-activity;sid:84562530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699431)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202102/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699431/; classtype:trojan-activity;sid:84562531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699432)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202010/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699432/; classtype:trojan-activity;sid:84562532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699424)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201611/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699424/; classtype:trojan-activity;sid:84562524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699425)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201708/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699425/; classtype:trojan-activity;sid:84562525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699426)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699426/; classtype:trojan-activity;sid:84562526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699422)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/install/video.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699422/; classtype:trojan-activity;sid:84562522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699423)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201606/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699423/; classtype:trojan-activity;sid:84562523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699421)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201709/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699421/; classtype:trojan-activity;sid:84562521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699419)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.26.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699419/; classtype:trojan-activity;sid:84562519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699420)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.182.165.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699420/; classtype:trojan-activity;sid:84562520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699415)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.76.61.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699415/; classtype:trojan-activity;sid:84562515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699416)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202104/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699416/; classtype:trojan-activity;sid:84562516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699417)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201610/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699417/; classtype:trojan-activity;sid:84562517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699418)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msg/video.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699418/; classtype:trojan-activity;sid:84562518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699410)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201611/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699410/; classtype:trojan-activity;sid:84562510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699411)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201603/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699411/; classtype:trojan-activity;sid:84562511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699412)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201801/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699412/; classtype:trojan-activity;sid:84562512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699413)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202107/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699413/; classtype:trojan-activity;sid:84562513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699414)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201603/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699414/; classtype:trojan-activity;sid:84562514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699406)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699406/; classtype:trojan-activity;sid:84562506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699407)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201610/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699407/; classtype:trojan-activity;sid:84562507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699408)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202406/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699408/; classtype:trojan-activity;sid:84562508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699409)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201803/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699409/; classtype:trojan-activity;sid:84562509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699399)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/repair_img/video.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699399/; classtype:trojan-activity;sid:84562499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699400)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201608/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699400/; classtype:trojan-activity;sid:84562500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699401)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201704/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699401/; classtype:trojan-activity;sid:84562501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699402)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201603/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699402/; classtype:trojan-activity;sid:84562502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699403)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201603/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699403/; classtype:trojan-activity;sid:84562503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699404)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/bk/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699404/; classtype:trojan-activity;sid:84562504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699405)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/05/av.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699405/; classtype:trojan-activity;sid:84562505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699397)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201903/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699397/; classtype:trojan-activity;sid:84562497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699398)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201511/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699398/; classtype:trojan-activity;sid:84562498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699395)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/photo.scr"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699395/; classtype:trojan-activity;sid:84562495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699396)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/emppic/photo.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699396/; classtype:trojan-activity;sid:84562496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699393)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201612/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699393/; classtype:trojan-activity;sid:84562493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699394)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.194.81.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699394/; classtype:trojan-activity;sid:84562494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699391)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202105/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699391/; classtype:trojan-activity;sid:84562491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699392)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202009/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699392/; classtype:trojan-activity;sid:84562492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699380)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201607/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699380/; classtype:trojan-activity;sid:84562480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699381)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201801/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699381/; classtype:trojan-activity;sid:84562481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699382)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialqcimage/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699382/; classtype:trojan-activity;sid:84562482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699383)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201806/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699383/; classtype:trojan-activity;sid:84562483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699384)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201610/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699384/; classtype:trojan-activity;sid:84562484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699385)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201710/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699385/; classtype:trojan-activity;sid:84562485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699386)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699386/; classtype:trojan-activity;sid:84562486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699387)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202202/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699387/; classtype:trojan-activity;sid:84562487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699388)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.76.61.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699388/; classtype:trojan-activity;sid:84562488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699389)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/sy/av.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699389/; classtype:trojan-activity;sid:84562489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699390)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699390/; classtype:trojan-activity;sid:84562490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699371)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/05/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699371/; classtype:trojan-activity;sid:84562471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699372)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msg/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699372/; classtype:trojan-activity;sid:84562472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699373)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201803/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699373/; classtype:trojan-activity;sid:84562473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699374)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201604/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699374/; classtype:trojan-activity;sid:84562474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699375)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201703/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699375/; classtype:trojan-activity;sid:84562475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699376)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201811/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699376/; classtype:trojan-activity;sid:84562476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699377)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/201607/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699377/; classtype:trojan-activity;sid:84562477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699378)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201612/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699378/; classtype:trojan-activity;sid:84562478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699379)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/sy/video.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699379/; classtype:trojan-activity;sid:84562479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699370)"; flow:established,from_client; content:"GET"; http_method; content:"/crypted_guardfile.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.115.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699370/; classtype:trojan-activity;sid:84562470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.122.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699369/; classtype:trojan-activity;sid:84562469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.26.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699368/; classtype:trojan-activity;sid:84562468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.62.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699367/; classtype:trojan-activity;sid:84562467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699366)"; flow:established,from_client; content:"GET"; http_method; content:"/9jkxaoby"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"feuer.emberkranz.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699366/; classtype:trojan-activity;sid:84562466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.29.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699365/; classtype:trojan-activity;sid:84562465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.198.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699364/; classtype:trojan-activity;sid:84562464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699363)"; flow:established,from_client; content:"GET"; http_method; content:"/eb0us0xz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"spark.flintwerder.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699363/; classtype:trojan-activity;sid:84562463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.247.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699362/; classtype:trojan-activity;sid:84562462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.93.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699361/; classtype:trojan-activity;sid:84562461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.206.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699360/; classtype:trojan-activity;sid:84562460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.94.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699359/; classtype:trojan-activity;sid:84562459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.62.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699358/; classtype:trojan-activity;sid:84562458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699357)"; flow:established,from_client; content:"GET"; http_method; content:"/bpv5rl0x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"stein.flintwerder.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699357/; classtype:trojan-activity;sid:84562457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.110.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699356/; classtype:trojan-activity;sid:84562456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.186.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699355/; classtype:trojan-activity;sid:84562455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.50.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699354/; classtype:trojan-activity;sid:84562454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699352/; classtype:trojan-activity;sid:84562452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.71.212.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699353/; classtype:trojan-activity;sid:84562453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699351)"; flow:established,from_client; content:"GET"; http_method; content:"/ke9a0rea"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pfad.zirconweg.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699351/; classtype:trojan-activity;sid:84562451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.77.146.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699350/; classtype:trojan-activity;sid:84562450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699349/; classtype:trojan-activity;sid:84562449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699348)"; flow:established,from_client; content:"GET"; http_method; content:"/go0zsgvg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"grat.citrinewald.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699348/; classtype:trojan-activity;sid:84562448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.50.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699347/; classtype:trojan-activity;sid:84562447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699346)"; flow:established,from_client; content:"GET"; http_method; content:"/0hswntbr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"licht.citrinewald.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699346/; classtype:trojan-activity;sid:84562446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.65.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699344/; classtype:trojan-activity;sid:84562444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.167.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699345/; classtype:trojan-activity;sid:84562445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.212.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699343/; classtype:trojan-activity;sid:84562443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.246.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699342/; classtype:trojan-activity;sid:84562442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699338)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699338/; classtype:trojan-activity;sid:84562438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699339)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699339/; classtype:trojan-activity;sid:84562439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699340)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699340/; classtype:trojan-activity;sid:84562440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699341)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699341/; classtype:trojan-activity;sid:84562441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.77.146.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699337/; classtype:trojan-activity;sid:84562437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699336)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699336/; classtype:trojan-activity;sid:84562436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699335)"; flow:established,from_client; content:"GET"; http_method; content:"/sh81vyks"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"amber.citrinewald.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699335/; classtype:trojan-activity;sid:84562435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.78.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699334/; classtype:trojan-activity;sid:84562434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.85.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699333/; classtype:trojan-activity;sid:84562433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.172.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699332/; classtype:trojan-activity;sid:84562432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.6.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699331/; classtype:trojan-activity;sid:84562431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.89.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699330/; classtype:trojan-activity;sid:84562430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699329)"; flow:established,from_client; content:"GET"; http_method; content:"/o1yz81kj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rune.jasperhain.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699329/; classtype:trojan-activity;sid:84562429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.167.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699328/; classtype:trojan-activity;sid:84562428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699327)"; flow:established,from_client; content:"GET"; http_method; content:"/7ey5ni4q"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moor.jasperhain.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699327/; classtype:trojan-activity;sid:84562427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.246.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699326/; classtype:trojan-activity;sid:84562426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.68.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699325/; classtype:trojan-activity;sid:84562425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.124.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699324/; classtype:trojan-activity;sid:84562424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699323/; classtype:trojan-activity;sid:84562423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.152.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699322/; classtype:trojan-activity;sid:84562422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.47.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699321/; classtype:trojan-activity;sid:84562421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699320)"; flow:established,from_client; content:"GET"; http_method; content:"/wiwam7w1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"raum.rubyraum.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699320/; classtype:trojan-activity;sid:84562420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.72.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699319/; classtype:trojan-activity;sid:84562419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.126.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699318/; classtype:trojan-activity;sid:84562418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699317)"; flow:established,from_client; content:"GET"; http_method; content:"/ogjbgw8x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ruby.rubyraum.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699317/; classtype:trojan-activity;sid:84562417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.152.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699316/; classtype:trojan-activity;sid:84562416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699315)"; flow:established,from_client; content:"GET"; http_method; content:"/owpvpwiu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gruen.jadeecke.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699315/; classtype:trojan-activity;sid:84562415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699314)"; flow:established,from_client; content:"GET"; http_method; content:"/9l2hf9nq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ecke.jadeecke.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699314/; classtype:trojan-activity;sid:84562414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.124.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699313/; classtype:trojan-activity;sid:84562413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699312)"; flow:established,from_client; content:"GET"; http_method; content:"/y3acdabb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jade.jadeecke.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699312/; classtype:trojan-activity;sid:84562412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.224.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699311/; classtype:trojan-activity;sid:84562411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.47.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699310/; classtype:trojan-activity;sid:84562410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699309)"; flow:established,from_client; content:"GET"; http_method; content:"/1joe84jp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wind.hawkmast.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699309/; classtype:trojan-activity;sid:84562409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.247.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699308/; classtype:trojan-activity;sid:84562408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699307)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.246.109.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699307/; classtype:trojan-activity;sid:84562407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.53.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699306/; classtype:trojan-activity;sid:84562406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.63.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699305/; classtype:trojan-activity;sid:84562405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.130.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699304/; classtype:trojan-activity;sid:84562404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.83.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699303/; classtype:trojan-activity;sid:84562403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699302/; classtype:trojan-activity;sid:84562402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.47.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699301/; classtype:trojan-activity;sid:84562401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699300)"; flow:established,from_client; content:"GET"; http_method; content:"/yy6jhe7f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0er.owlflug.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699300/; classtype:trojan-activity;sid:84562400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.199.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699299/; classtype:trojan-activity;sid:84562399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.63.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699298/; classtype:trojan-activity;sid:84562398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.130.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699297/; classtype:trojan-activity;sid:84562397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.48.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699296/; classtype:trojan-activity;sid:84562396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.53.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699295/; classtype:trojan-activity;sid:84562395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.175.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699294/; classtype:trojan-activity;sid:84562394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.191.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699293/; classtype:trojan-activity;sid:84562393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699292)"; flow:established,from_client; content:"GET"; http_method; content:"/h6yfzjcw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.heronturm.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699292/; classtype:trojan-activity;sid:84562392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.48.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699291/; classtype:trojan-activity;sid:84562391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.33.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699290/; classtype:trojan-activity;sid:84562390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.173.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699289/; classtype:trojan-activity;sid:84562389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.121.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699288/; classtype:trojan-activity;sid:84562388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.33.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699287/; classtype:trojan-activity;sid:84562387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.182.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699286/; classtype:trojan-activity;sid:84562386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.115.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699285/; classtype:trojan-activity;sid:84562385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.175.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699284/; classtype:trojan-activity;sid:84562384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699283)"; flow:established,from_client; content:"GET"; http_method; content:"/ai18js1b"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"schiff.pumaschiff.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699283/; classtype:trojan-activity;sid:84562383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699282/; classtype:trojan-activity;sid:84562382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699281)"; flow:established,from_client; content:"GET"; http_method; content:"/td44cy8s"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"claw.tigerzaun.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699281/; classtype:trojan-activity;sid:84562381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.194.28.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699280/; classtype:trojan-activity;sid:84562380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.121.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699279/; classtype:trojan-activity;sid:84562379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699270)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699270/; classtype:trojan-activity;sid:84562370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699271)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699271/; classtype:trojan-activity;sid:84562371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699272)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699272/; classtype:trojan-activity;sid:84562372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699273)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699273/; classtype:trojan-activity;sid:84562373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699274)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699274/; classtype:trojan-activity;sid:84562374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699275)"; flow:established,from_client; content:"GET"; http_method; content:"/ipcam.goahead-rep.sh"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699275/; classtype:trojan-activity;sid:84562375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699276)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.jaws.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699276/; classtype:trojan-activity;sid:84562376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699277)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699277/; classtype:trojan-activity;sid:84562377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699278)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699278/; classtype:trojan-activity;sid:84562378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699269)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.tvt-rep.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699269/; classtype:trojan-activity;sid:84562369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699266)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.lilin-rep.sh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699266/; classtype:trojan-activity;sid:84562366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699267)"; flow:established,from_client; content:"GET"; http_method; content:"/router.lblink-rep.sh"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699267/; classtype:trojan-activity;sid:84562367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699268)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699268/; classtype:trojan-activity;sid:84562368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699265)"; flow:established,from_client; content:"GET"; http_method; content:"/hlryqtcq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zaun.tigerzaun.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699265/; classtype:trojan-activity;sid:84562365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.194.28.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699264/; classtype:trojan-activity;sid:84562364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.182.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699263/; classtype:trojan-activity;sid:84562363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.155.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699261/; classtype:trojan-activity;sid:84562361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699262/; classtype:trojan-activity;sid:84562362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.50.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699260/; classtype:trojan-activity;sid:84562360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699259)"; flow:established,from_client; content:"GET"; http_method; content:"/ncgq3k2q"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tiger.tigerzaun.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699259/; classtype:trojan-activity;sid:84562359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.173.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699258/; classtype:trojan-activity;sid:84562358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.232.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699257/; classtype:trojan-activity;sid:84562357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.132.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699256/; classtype:trojan-activity;sid:84562356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.178.218.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699254/; classtype:trojan-activity;sid:84562354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.122.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699255/; classtype:trojan-activity;sid:84562355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699253)"; flow:established,from_client; content:"GET"; http_method; content:"/jvrp3w4w"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zeit.cranezeit.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699253/; classtype:trojan-activity;sid:84562353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.188.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699252/; classtype:trojan-activity;sid:84562352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.155.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699251/; classtype:trojan-activity;sid:84562351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.106.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699250/; classtype:trojan-activity;sid:84562350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699249)"; flow:established,from_client; content:"GET"; http_method; content:"/b3"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.234.96.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699249/; classtype:trojan-activity;sid:84562349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.58.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699248/; classtype:trojan-activity;sid:84562348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699247/; classtype:trojan-activity;sid:84562347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.188.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699246/; classtype:trojan-activity;sid:84562346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699245)"; flow:established,from_client; content:"GET"; http_method; content:"/kpxajo1x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wolke.cloudkreis.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699245/; classtype:trojan-activity;sid:84562345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699240)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699240/; classtype:trojan-activity;sid:84562340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699241)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699241/; classtype:trojan-activity;sid:84562341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699242)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699242/; classtype:trojan-activity;sid:84562342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699243)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699243/; classtype:trojan-activity;sid:84562343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699244)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699244/; classtype:trojan-activity;sid:84562344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699235)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699235/; classtype:trojan-activity;sid:84562335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699236)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699236/; classtype:trojan-activity;sid:84562336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699237)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699237/; classtype:trojan-activity;sid:84562337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699238)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699238/; classtype:trojan-activity;sid:84562338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699239)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699239/; classtype:trojan-activity;sid:84562339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699230)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699230/; classtype:trojan-activity;sid:84562330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699231)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699231/; classtype:trojan-activity;sid:84562331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699232)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699232/; classtype:trojan-activity;sid:84562332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699233)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699233/; classtype:trojan-activity;sid:84562333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699234)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699234/; classtype:trojan-activity;sid:84562334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.75.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699229/; classtype:trojan-activity;sid:84562329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.218.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699228/; classtype:trojan-activity;sid:84562328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.122.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699226/; classtype:trojan-activity;sid:84562326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.132.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699227/; classtype:trojan-activity;sid:84562327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.106.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699225/; classtype:trojan-activity;sid:84562325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.124.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699224/; classtype:trojan-activity;sid:84562324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.109.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699223/; classtype:trojan-activity;sid:84562323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699222)"; flow:established,from_client; content:"GET"; http_method; content:"/5wcp9zlz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cloud.cloudkreis.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699222/; classtype:trojan-activity;sid:84562322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.75.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699221/; classtype:trojan-activity;sid:84562321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699220)"; flow:established,from_client; content:"GET"; http_method; content:"/yc5cwobj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rad.rainrad.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699220/; classtype:trojan-activity;sid:84562320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.108.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699219/; classtype:trojan-activity;sid:84562319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.124.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699218/; classtype:trojan-activity;sid:84562318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.222.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699217/; classtype:trojan-activity;sid:84562317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.87.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699216/; classtype:trojan-activity;sid:84562316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.60.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699215/; classtype:trojan-activity;sid:84562315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.0.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699214/; classtype:trojan-activity;sid:84562314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.251.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699213/; classtype:trojan-activity;sid:84562313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.235.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699212/; classtype:trojan-activity;sid:84562312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699211/; classtype:trojan-activity;sid:84562311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699210)"; flow:established,from_client; content:"GET"; http_method; content:"/b4xcsunm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"weg.otterweg.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699210/; classtype:trojan-activity;sid:84562310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699209/; classtype:trojan-activity;sid:84562309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.98.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699208/; classtype:trojan-activity;sid:84562308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699207)"; flow:established,from_client; content:"GET"; http_method; content:"/j0yfvhmy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"otter.otterweg.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699207/; classtype:trojan-activity;sid:84562307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.87.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699206/; classtype:trojan-activity;sid:84562306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.108.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699205/; classtype:trojan-activity;sid:84562305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.60.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699204/; classtype:trojan-activity;sid:84562304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.251.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699203/; classtype:trojan-activity;sid:84562303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.235.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699202/; classtype:trojan-activity;sid:84562302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.66.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699201/; classtype:trojan-activity;sid:84562301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.191.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699200/; classtype:trojan-activity;sid:84562300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.182.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699199/; classtype:trojan-activity;sid:84562299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699198/; classtype:trojan-activity;sid:84562298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.164.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699197/; classtype:trojan-activity;sid:84562297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.95.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699196/; classtype:trojan-activity;sid:84562296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.17.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699195/; classtype:trojan-activity;sid:84562295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.108.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699194/; classtype:trojan-activity;sid:84562294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.80.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699193/; classtype:trojan-activity;sid:84562293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699192/; classtype:trojan-activity;sid:84562292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.234.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699191/; classtype:trojan-activity;sid:84562291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.222.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699190/; classtype:trojan-activity;sid:84562290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699189)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7323453331/wwae789.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699189/; classtype:trojan-activity;sid:84562289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699188/; classtype:trojan-activity;sid:84562288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.182.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699187/; classtype:trojan-activity;sid:84562287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699186)"; flow:established,from_client; content:"GET"; http_method; content:"/e5a5yll8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"feld.harewinkel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699186/; classtype:trojan-activity;sid:84562286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.95.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699185/; classtype:trojan-activity;sid:84562285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.78.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699184/; classtype:trojan-activity;sid:84562284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.164.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699183/; classtype:trojan-activity;sid:84562283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.164.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699182/; classtype:trojan-activity;sid:84562282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699181)"; flow:established,from_client; content:"GET"; http_method; content:"/9rzq58a5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"winkel.harewinkel.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699181/; classtype:trojan-activity;sid:84562281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.222.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699180/; classtype:trojan-activity;sid:84562280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699179)"; flow:established,from_client; content:"GET"; http_method; content:"/24lxa1im"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hare.harewinkel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699179/; classtype:trojan-activity;sid:84562279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.173.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699178/; classtype:trojan-activity;sid:84562278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.206.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699177/; classtype:trojan-activity;sid:84562277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.234.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699176/; classtype:trojan-activity;sid:84562276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699175/; classtype:trojan-activity;sid:84562275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699174)"; flow:established,from_client; content:"GET"; http_method; content:"/fsvprq1h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wald.martenhain.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699174/; classtype:trojan-activity;sid:84562274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699173)"; flow:established,from_client; content:"GET"; http_method; content:"/zcqa8b0c"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hain.martenhain.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699173/; classtype:trojan-activity;sid:84562273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.28.230.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699172/; classtype:trojan-activity;sid:84562272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.110.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699171/; classtype:trojan-activity;sid:84562271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.181.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699170/; classtype:trojan-activity;sid:84562270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.68.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699169/; classtype:trojan-activity;sid:84562269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.64.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699168/; classtype:trojan-activity;sid:84562268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.206.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699167/; classtype:trojan-activity;sid:84562267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.81.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699166/; classtype:trojan-activity;sid:84562266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.28.230.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699165/; classtype:trojan-activity;sid:84562265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.72.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699164/; classtype:trojan-activity;sid:84562264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.68.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699163/; classtype:trojan-activity;sid:84562263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.4.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699162/; classtype:trojan-activity;sid:84562262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.9.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699161/; classtype:trojan-activity;sid:84562261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699160/; classtype:trojan-activity;sid:84562260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699159)"; flow:established,from_client; content:"GET"; http_method; content:"/5e1krcap"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"peak.eaglekrone.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699159/; classtype:trojan-activity;sid:84562259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.117.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699158/; classtype:trojan-activity;sid:84562258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699157/; classtype:trojan-activity;sid:84562257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.158.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699156/; classtype:trojan-activity;sid:84562256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.57.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699155/; classtype:trojan-activity;sid:84562255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.185.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699154/; classtype:trojan-activity;sid:84562254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.81.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699153/; classtype:trojan-activity;sid:84562253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.117.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699152/; classtype:trojan-activity;sid:84562252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.116.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699151/; classtype:trojan-activity;sid:84562251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.9.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699150/; classtype:trojan-activity;sid:84562250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699149/; classtype:trojan-activity;sid:84562249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699148)"; flow:established,from_client; content:"GET"; http_method; content:"/tzdii2vm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wren.wrenhafen.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699148/; classtype:trojan-activity;sid:84562248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.83.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699147/; classtype:trojan-activity;sid:84562247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.217.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699145/; classtype:trojan-activity;sid:84562245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.191.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699146/; classtype:trojan-activity;sid:84562246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699144)"; flow:established,from_client; content:"GET"; http_method; content:"/815iq1kj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wild.boargrund.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699144/; classtype:trojan-activity;sid:84562244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.48.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699141/; classtype:trojan-activity;sid:84562241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.77.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699142/; classtype:trojan-activity;sid:84562242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.240.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699143/; classtype:trojan-activity;sid:84562243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.116.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699140/; classtype:trojan-activity;sid:84562240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.158.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699139/; classtype:trojan-activity;sid:84562239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.35.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699138/; classtype:trojan-activity;sid:84562238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.136.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699135/; classtype:trojan-activity;sid:84562235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.21.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699136/; classtype:trojan-activity;sid:84562236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.8.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699137/; classtype:trojan-activity;sid:84562237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.123.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699134/; classtype:trojan-activity;sid:84562234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699133)"; flow:established,from_client; content:"GET"; http_method; content:"/fpfbz5gh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"heath.beechmoor.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699133/; classtype:trojan-activity;sid:84562233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699132/; classtype:trojan-activity;sid:84562232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.191.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699131/; classtype:trojan-activity;sid:84562231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699130/; classtype:trojan-activity;sid:84562230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699129/; classtype:trojan-activity;sid:84562229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.136.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699128/; classtype:trojan-activity;sid:84562228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699127)"; flow:established,from_client; content:"GET"; http_method; content:"/1w2w.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"virtvan.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699127/; classtype:trojan-activity;sid:84562227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699126)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"virtvan.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699126/; classtype:trojan-activity;sid:84562226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699125)"; flow:established,from_client; content:"GET"; http_method; content:"/meeting/windows/invite.php"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mine.teknikbayi.com.tr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699125/; classtype:trojan-activity;sid:84562225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699123/; classtype:trojan-activity;sid:84562223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.177.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699124/; classtype:trojan-activity;sid:84562224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699122)"; flow:established,from_client; content:"GET"; http_method; content:"/0any6gop"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fluss.nickelweide.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699122/; classtype:trojan-activity;sid:84562222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699121/; classtype:trojan-activity;sid:84562221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699120/; classtype:trojan-activity;sid:84562220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699119/; classtype:trojan-activity;sid:84562219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.208.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699118/; classtype:trojan-activity;sid:84562218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.117.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699117/; classtype:trojan-activity;sid:84562217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699116)"; flow:established,from_client; content:"GET"; http_method; content:"/qix7ft79"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4q.rubyraum.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699116/; classtype:trojan-activity;sid:84562216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.123.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699115/; classtype:trojan-activity;sid:84562215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699114)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6306648329/qri0ssa.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699114/; classtype:trojan-activity;sid:84562214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.59.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699113/; classtype:trojan-activity;sid:84562213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.103.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699112/; classtype:trojan-activity;sid:84562212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.148.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699111/; classtype:trojan-activity;sid:84562211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699110)"; flow:established,from_client; content:"GET"; http_method; content:"/soda7rav"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"frost.icylotus.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699110/; classtype:trojan-activity;sid:84562210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699109)"; flow:established,from_client; content:"GET"; http_method; content:"/f8ci831a"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"weave.m00nweaver.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699109/; classtype:trojan-activity;sid:84562209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699108/; classtype:trojan-activity;sid:84562208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.253.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699107/; classtype:trojan-activity;sid:84562207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.103.84.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699106/; classtype:trojan-activity;sid:84562206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.223.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699104/; classtype:trojan-activity;sid:84562204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.4.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699105/; classtype:trojan-activity;sid:84562205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699103/; classtype:trojan-activity;sid:84562203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699102)"; flow:established,from_client; content:"GET"; http_method; content:"/bg4b5hu1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mist.1ittleriver.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699102/; classtype:trojan-activity;sid:84562202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.126.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699101/; classtype:trojan-activity;sid:84562201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.139.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699100/; classtype:trojan-activity;sid:84562200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699099)"; flow:established,from_client; content:"GET"; http_method; content:"/8oyfahbf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"stern.1ittleriver.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699099/; classtype:trojan-activity;sid:84562199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.233.83.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699098/; classtype:trojan-activity;sid:84562198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.108.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699097/; classtype:trojan-activity;sid:84562197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.103.84.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699096/; classtype:trojan-activity;sid:84562196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699095)"; flow:established,from_client; content:"GET"; http_method; content:"/y1qw246a"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fluss.1ittleriver.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699095/; classtype:trojan-activity;sid:84562195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.21.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699094/; classtype:trojan-activity;sid:84562194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.212.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699093/; classtype:trojan-activity;sid:84562193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.39.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699092/; classtype:trojan-activity;sid:84562192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699091)"; flow:established,from_client; content:"GET"; http_method; content:"/xrcophuy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"oak.1ittleriver.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699091/; classtype:trojan-activity;sid:84562191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.126.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699090/; classtype:trojan-activity;sid:84562190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.129.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699089/; classtype:trojan-activity;sid:84562189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.233.83.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699088/; classtype:trojan-activity;sid:84562188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.248.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699087/; classtype:trojan-activity;sid:84562187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.212.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699086/; classtype:trojan-activity;sid:84562186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.47.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699085/; classtype:trojan-activity;sid:84562185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.77.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699084/; classtype:trojan-activity;sid:84562184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.248.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699083/; classtype:trojan-activity;sid:84562183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.39.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699082/; classtype:trojan-activity;sid:84562182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.74.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699081/; classtype:trojan-activity;sid:84562181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699080)"; flow:established,from_client; content:"GET"; http_method; content:"/il0hbl7p"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"copperwerft.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699080/; classtype:trojan-activity;sid:84562180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699079)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699079/; classtype:trojan-activity;sid:84562179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699077)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.13.175.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699077/; classtype:trojan-activity;sid:84562177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699078)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.53.36.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699078/; classtype:trojan-activity;sid:84562178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.78.218.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699076/; classtype:trojan-activity;sid:84562176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.235.225.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699075/; classtype:trojan-activity;sid:84562175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.7.157.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699070/; classtype:trojan-activity;sid:84562170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.157.28.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699071/; classtype:trojan-activity;sid:84562171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.74.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699072/; classtype:trojan-activity;sid:84562172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.237.78.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699073/; classtype:trojan-activity;sid:84562173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.4.215.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699074/; classtype:trojan-activity;sid:84562174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.49.210.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699068/; classtype:trojan-activity;sid:84562168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.147.66.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699069/; classtype:trojan-activity;sid:84562169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.7.129.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699067/; classtype:trojan-activity;sid:84562167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699065)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.147.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699065/; classtype:trojan-activity;sid:84562165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699066)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.174.217.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699066/; classtype:trojan-activity;sid:84562166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699059)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.128.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699059/; classtype:trojan-activity;sid:84562159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699060)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.145.128.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699060/; classtype:trojan-activity;sid:84562160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699061)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.145.128.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699061/; classtype:trojan-activity;sid:84562161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699062)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.104.231.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699062/; classtype:trojan-activity;sid:84562162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699063)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.88.239.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699063/; classtype:trojan-activity;sid:84562163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699064)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.104.231.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699064/; classtype:trojan-activity;sid:84562164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699058)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.137.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699058/; classtype:trojan-activity;sid:84562158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.129.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699056/; classtype:trojan-activity;sid:84562156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.249.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699057/; classtype:trojan-activity;sid:84562157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.70.238.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699055/; classtype:trojan-activity;sid:84562155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.100.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699054/; classtype:trojan-activity;sid:84562154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.1.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699053/; classtype:trojan-activity;sid:84562153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.74.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699052/; classtype:trojan-activity;sid:84562152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.77.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699051/; classtype:trojan-activity;sid:84562151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.249.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699050/; classtype:trojan-activity;sid:84562150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.1.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699049/; classtype:trojan-activity;sid:84562149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.100.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699048/; classtype:trojan-activity;sid:84562148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.218.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699047/; classtype:trojan-activity;sid:84562147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.187.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699046/; classtype:trojan-activity;sid:84562146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699045)"; flow:established,from_client; content:"GET"; http_method; content:"/e9grzmpj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"starmarkt.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699045/; classtype:trojan-activity;sid:84562145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.89.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699044/; classtype:trojan-activity;sid:84562144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.76.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699043/; classtype:trojan-activity;sid:84562143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.75.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699042/; classtype:trojan-activity;sid:84562142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.128.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699041/; classtype:trojan-activity;sid:84562141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699040)"; flow:established,from_client; content:"GET"; http_method; content:"/1qh7pjtd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"quartzdamm.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699040/; classtype:trojan-activity;sid:84562140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699039/; classtype:trojan-activity;sid:84562139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.142.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699038/; classtype:trojan-activity;sid:84562138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699037/; classtype:trojan-activity;sid:84562137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.101.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699036/; classtype:trojan-activity;sid:84562136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.93.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699035/; classtype:trojan-activity;sid:84562135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699034)"; flow:established,from_client; content:"GET"; http_method; content:"/48vw78km"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"berylhammer.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699034/; classtype:trojan-activity;sid:84562134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.75.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699033/; classtype:trojan-activity;sid:84562133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.254.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699032/; classtype:trojan-activity;sid:84562132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.157.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699031/; classtype:trojan-activity;sid:84562131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.174.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699030/; classtype:trojan-activity;sid:84562130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699029/; classtype:trojan-activity;sid:84562129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.128.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699028/; classtype:trojan-activity;sid:84562128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.32.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699027/; classtype:trojan-activity;sid:84562127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699026)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7882370143/gx4ev0u.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699026/; classtype:trojan-activity;sid:84562126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699025)"; flow:established,from_client; content:"GET"; http_method; content:"/s41dfgj2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ebonyecke.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699025/; classtype:trojan-activity;sid:84562125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.142.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699024/; classtype:trojan-activity;sid:84562124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.101.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699023/; classtype:trojan-activity;sid:84562123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.139.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699022/; classtype:trojan-activity;sid:84562122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699021)"; flow:established,from_client; content:"GET"; http_method; content:"/ob1x6dqa"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pearlkrone.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699021/; classtype:trojan-activity;sid:84562121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.63.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699020/; classtype:trojan-activity;sid:84562120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699019)"; flow:established,from_client; content:"GET"; http_method; content:"/files/77546367/j4ca3di.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699019/; classtype:trojan-activity;sid:84562119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.87.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699018/; classtype:trojan-activity;sid:84562118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.254.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699017/; classtype:trojan-activity;sid:84562117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699016)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7212043758/ovzrhnn.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699016/; classtype:trojan-activity;sid:84562116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.32.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699015/; classtype:trojan-activity;sid:84562115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.139.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699014/; classtype:trojan-activity;sid:84562114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.35.150.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699013/; classtype:trojan-activity;sid:84562113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.163.134.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699012/; classtype:trojan-activity;sid:84562112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699011)"; flow:established,from_client; content:"GET"; http_method; content:"/mgljdhkx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mistgraben.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699011/; classtype:trojan-activity;sid:84562111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.63.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699010/; classtype:trojan-activity;sid:84562110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.93.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699009/; classtype:trojan-activity;sid:84562109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.108.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699008/; classtype:trojan-activity;sid:84562108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699007)"; flow:established,from_client; content:"GET"; http_method; content:"/zhs6flao"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"prismboden.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699007/; classtype:trojan-activity;sid:84562107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.77.171.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699006/; classtype:trojan-activity;sid:84562106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.95.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699005/; classtype:trojan-activity;sid:84562105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.59.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699004/; classtype:trojan-activity;sid:84562104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699003)"; flow:established,from_client; content:"GET"; http_method; content:"/1q9ck0ny"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"embergrund.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699003/; classtype:trojan-activity;sid:84562103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.108.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699002/; classtype:trojan-activity;sid:84562102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.185.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699001/; classtype:trojan-activity;sid:84562101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.60.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699000/; classtype:trojan-activity;sid:84562100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698999)"; flow:established,from_client; content:"GET"; http_method; content:"/q5bv6zb2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"giowrust.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698999/; classtype:trojan-activity;sid:84562099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.59.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698998/; classtype:trojan-activity;sid:84562098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.95.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698997/; classtype:trojan-activity;sid:84562097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.49.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698996/; classtype:trojan-activity;sid:84562096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698995)"; flow:established,from_client; content:"GET"; http_method; content:"/us0q7u3o"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"redfern.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698995/; classtype:trojan-activity;sid:84562095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698994)"; flow:established,from_client; content:"GET"; http_method; content:"/%ec%a0%84%eb%b3%b4.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"telegram-31-10.netlify.app"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698994/; classtype:trojan-activity;sid:84562094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698992)"; flow:established,from_client; content:"GET"; http_method; content:"/page/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"surrezooominvite.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698992/; classtype:trojan-activity;sid:84562092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698993)"; flow:established,from_client; content:"GET"; http_method; content:"/meeting/windows/zoomworkspace.clientsetup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"mine.teknikbayi.com.tr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698993/; classtype:trojan-activity;sid:84562093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698991)"; flow:established,from_client; content:"GET"; http_method; content:"/live/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"surrezooominvite.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698991/; classtype:trojan-activity;sid:84562091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698990)"; flow:established,from_client; content:"GET"; http_method; content:"/msi/documentos.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"93.88.74.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698990/; classtype:trojan-activity;sid:84562090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698988)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1420135270296322239/1420516253247733831/based.exe.zip|3f|ex=690e5eda|7c|26|7c|is=690d0d5a|7c|26|7c|hm=dc9af610b3a6e18998b50786346eadd43871e05ed1d4542eeaff9690c99144d1|7c|26|7c|"; http_uri; depth:189; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698988/; classtype:trojan-activity;sid:84562088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698989)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"zoommeeting1.n2c0.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698989/; classtype:trojan-activity;sid:84562089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698987)"; flow:established,from_client; content:"GET"; http_method; content:"/pankoza2-pl/trihydridoarsenic.exe/blob/main/trihydridoarsenic.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698987/; classtype:trojan-activity;sid:84562087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698986)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/2ewxrbmmy6h05c9yoogt6/documento.exe|3f|rlkey=xcy6wtr4my9nugt1mo7w2e60r|7c|26|7c|st=sdl4xklb|7c|26|7c|dl=1"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698986/; classtype:trojan-activity;sid:84562086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698985)"; flow:established,from_client; content:"GET"; http_method; content:"/public/js/cloudflare.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tema-com-ua-568517.hostingersite.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698985/; classtype:trojan-activity;sid:84562085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698984)"; flow:established,from_client; content:"GET"; http_method; content:"/znjje5en"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"quietwhite.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698984/; classtype:trojan-activity;sid:84562084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.27.60.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698983/; classtype:trojan-activity;sid:84562083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.181.95.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698980/; classtype:trojan-activity;sid:84562080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.6.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698981/; classtype:trojan-activity;sid:84562081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.108.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698982/; classtype:trojan-activity;sid:84562082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.84.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698977/; classtype:trojan-activity;sid:84562077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698978/; classtype:trojan-activity;sid:84562078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.154.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698979/; classtype:trojan-activity;sid:84562079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.187.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698975/; classtype:trojan-activity;sid:84562075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.6.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698976/; classtype:trojan-activity;sid:84562076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.253.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698974/; classtype:trojan-activity;sid:84562074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.171.177.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698973/; classtype:trojan-activity;sid:84562073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698972)"; flow:established,from_client; content:"GET"; http_method; content:"/1ghwa0fh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fox3den.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698972/; classtype:trojan-activity;sid:84562072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.171.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698971/; classtype:trojan-activity;sid:84562071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.60.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698970/; classtype:trojan-activity;sid:84562070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698969/; classtype:trojan-activity;sid:84562069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.189.54.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698968/; classtype:trojan-activity;sid:84562068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.49.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698967/; classtype:trojan-activity;sid:84562067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.55.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698966/; classtype:trojan-activity;sid:84562066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.171.177.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698965/; classtype:trojan-activity;sid:84562065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698964/; classtype:trojan-activity;sid:84562064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.117.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698963/; classtype:trojan-activity;sid:84562063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.0.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698962/; classtype:trojan-activity;sid:84562062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698960/; classtype:trojan-activity;sid:84562060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.55.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698961/; classtype:trojan-activity;sid:84562061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698959)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7939550397/niopeh1.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698959/; classtype:trojan-activity;sid:84562059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.179.230.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698958/; classtype:trojan-activity;sid:84562058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.248.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698957/; classtype:trojan-activity;sid:84562057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.153.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698956/; classtype:trojan-activity;sid:84562056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.87.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698955/; classtype:trojan-activity;sid:84562055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.212.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698954/; classtype:trojan-activity;sid:84562054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.248.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698953/; classtype:trojan-activity;sid:84562053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.83.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698952/; classtype:trojan-activity;sid:84562052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698951/; classtype:trojan-activity;sid:84562051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.24.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698950/; classtype:trojan-activity;sid:84562050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698949/; classtype:trojan-activity;sid:84562049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698948)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique5/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698948/; classtype:trojan-activity;sid:84562048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.21.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698947/; classtype:trojan-activity;sid:84562047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.24.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698946/; classtype:trojan-activity;sid:84562046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.195.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698944/; classtype:trojan-activity;sid:84562044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698945/; classtype:trojan-activity;sid:84562045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.68.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698943/; classtype:trojan-activity;sid:84562043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698942)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/nr6lwyl.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698942/; classtype:trojan-activity;sid:84562042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.235.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698941/; classtype:trojan-activity;sid:84562041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.21.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698940/; classtype:trojan-activity;sid:84562040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.47.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698939/; classtype:trojan-activity;sid:84562039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.189.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698938/; classtype:trojan-activity;sid:84562038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.84.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698937/; classtype:trojan-activity;sid:84562037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.152.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698936/; classtype:trojan-activity;sid:84562036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.5.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698935/; classtype:trojan-activity;sid:84562035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.235.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698934/; classtype:trojan-activity;sid:84562034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.117.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698933/; classtype:trojan-activity;sid:84562033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698932)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698932/; classtype:trojan-activity;sid:84562032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698931)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698931/; classtype:trojan-activity;sid:84562031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698930)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698930/; classtype:trojan-activity;sid:84562030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698924)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698924/; classtype:trojan-activity;sid:84562024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698925)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698925/; classtype:trojan-activity;sid:84562025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698926)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698926/; classtype:trojan-activity;sid:84562026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698927)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698927/; classtype:trojan-activity;sid:84562027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698928)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698928/; classtype:trojan-activity;sid:84562028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698929)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698929/; classtype:trojan-activity;sid:84562029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698918)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698918/; classtype:trojan-activity;sid:84562018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698919)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698919/; classtype:trojan-activity;sid:84562019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698920)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698920/; classtype:trojan-activity;sid:84562020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698921)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698921/; classtype:trojan-activity;sid:84562021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698922)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698922/; classtype:trojan-activity;sid:84562022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698923)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698923/; classtype:trojan-activity;sid:84562023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698917)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698917/; classtype:trojan-activity;sid:84562017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.84.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698916/; classtype:trojan-activity;sid:84562016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.189.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698915/; classtype:trojan-activity;sid:84562015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.255.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698914/; classtype:trojan-activity;sid:84562014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698913/; classtype:trojan-activity;sid:84562013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698912)"; flow:established,from_client; content:"GET"; http_method; content:"/bxo.google|3f|t=7z8xuk58"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"4j1.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698912/; classtype:trojan-activity;sid:84562012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698911)"; flow:established,from_client; content:"GET"; http_method; content:"/41.google|3f|t=tshlu6of"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m7.glacierbruecke.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698911/; classtype:trojan-activity;sid:84562011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.94.31.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698910/; classtype:trojan-activity;sid:84562010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698909/; classtype:trojan-activity;sid:84562009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698908)"; flow:established,from_client; content:"GET"; http_method; content:"/cou.check|3f|t=nxuht4hl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qtf.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698908/; classtype:trojan-activity;sid:84562008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698907)"; flow:established,from_client; content:"GET"; http_method; content:"/aoo.check|3f|t=hxxmoqhj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g8p.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698907/; classtype:trojan-activity;sid:84562007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.174.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698906/; classtype:trojan-activity;sid:84562006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698905)"; flow:established,from_client; content:"GET"; http_method; content:"/sfj.google|3f|t=ezacyaw5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"3fp.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698905/; classtype:trojan-activity;sid:84562005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698904)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7719064868/sjcggrm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698904/; classtype:trojan-activity;sid:84562004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.250.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698903/; classtype:trojan-activity;sid:84562003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698902/; classtype:trojan-activity;sid:84562002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698901)"; flow:established,from_client; content:"GET"; http_method; content:"/sfj.google|3f|t=bk9ytb60"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"3fp.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698901/; classtype:trojan-activity;sid:84562001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.93.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698900/; classtype:trojan-activity;sid:84562000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.59.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698899/; classtype:trojan-activity;sid:84561999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.94.31.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698898/; classtype:trojan-activity;sid:84561998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698897)"; flow:established,from_client; content:"GET"; http_method; content:"/9j.check|3f|t=nwf62rx3"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"daj.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698897/; classtype:trojan-activity;sid:84561997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.109.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698896/; classtype:trojan-activity;sid:84561996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698895)"; flow:established,from_client; content:"GET"; http_method; content:"/ie.google|3f|t=y6dznukm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"10.glacierbruecke.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698895/; classtype:trojan-activity;sid:84561995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.174.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698894/; classtype:trojan-activity;sid:84561994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698893)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique4/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698893/; classtype:trojan-activity;sid:84561993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.222.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698892/; classtype:trojan-activity;sid:84561992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698891)"; flow:established,from_client; content:"GET"; http_method; content:"/qw2.google|3f|t=90p8epgj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"w1i.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698891/; classtype:trojan-activity;sid:84561991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698890)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/vxumdyy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698890/; classtype:trojan-activity;sid:84561990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698889)"; flow:established,from_client; content:"GET"; http_method; content:"/qw2.google|3f|t=jk758ogc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"w1i.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698889/; classtype:trojan-activity;sid:84561989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.52.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698888/; classtype:trojan-activity;sid:84561988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.238.101.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698886/; classtype:trojan-activity;sid:84561986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.109.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698887/; classtype:trojan-activity;sid:84561987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698885)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7103746036/dd7vj9i.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698885/; classtype:trojan-activity;sid:84561985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698884)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=asxsxjqv"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"l3.basaltwerk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698884/; classtype:trojan-activity;sid:84561984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.250.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698883/; classtype:trojan-activity;sid:84561983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698882)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=1y0q4kqd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"l3.basaltwerk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698882/; classtype:trojan-activity;sid:84561982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698881)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=8wooidyg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8343.basaltwerk.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698881/; classtype:trojan-activity;sid:84561981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.63.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698880/; classtype:trojan-activity;sid:84561980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698879)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=o7uw35ud"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sbeo.basaltwerk.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698879/; classtype:trojan-activity;sid:84561979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.238.101.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698878/; classtype:trojan-activity;sid:84561978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698877)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=xfkunb4a"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sbeo.basaltwerk.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698877/; classtype:trojan-activity;sid:84561977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.222.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698876/; classtype:trojan-activity;sid:84561976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698875)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=1ilmy5fl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sbeo.basaltwerk.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698875/; classtype:trojan-activity;sid:84561975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698874)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=rrsr62k2"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sbeo.basaltwerk.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698874/; classtype:trojan-activity;sid:84561974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.193.63.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698873/; classtype:trojan-activity;sid:84561973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.222.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698872/; classtype:trojan-activity;sid:84561972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.75.132.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698871/; classtype:trojan-activity;sid:84561971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.128.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698870/; classtype:trojan-activity;sid:84561970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698869)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698869/; classtype:trojan-activity;sid:84561969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698868)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698868/; classtype:trojan-activity;sid:84561968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698862)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698862/; classtype:trojan-activity;sid:84561962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698863)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698863/; classtype:trojan-activity;sid:84561963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698864)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698864/; classtype:trojan-activity;sid:84561964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698865)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698865/; classtype:trojan-activity;sid:84561965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698866)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698866/; classtype:trojan-activity;sid:84561966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698867)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698867/; classtype:trojan-activity;sid:84561967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698860)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698860/; classtype:trojan-activity;sid:84561960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698861)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698861/; classtype:trojan-activity;sid:84561961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698858)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698858/; classtype:trojan-activity;sid:84561958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698859)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698859/; classtype:trojan-activity;sid:84561959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698857)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698857/; classtype:trojan-activity;sid:84561957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698855)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698855/; classtype:trojan-activity;sid:84561955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698856)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698856/; classtype:trojan-activity;sid:84561956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698852)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698852/; classtype:trojan-activity;sid:84561952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698853)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698853/; classtype:trojan-activity;sid:84561953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698854)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698854/; classtype:trojan-activity;sid:84561954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698850)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698850/; classtype:trojan-activity;sid:84561950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698851)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698851/; classtype:trojan-activity;sid:84561951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698848)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698848/; classtype:trojan-activity;sid:84561948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698849)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698849/; classtype:trojan-activity;sid:84561949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698842)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698842/; classtype:trojan-activity;sid:84561942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698843)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698843/; classtype:trojan-activity;sid:84561943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698844)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698844/; classtype:trojan-activity;sid:84561944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698845)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698845/; classtype:trojan-activity;sid:84561945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698846)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698846/; classtype:trojan-activity;sid:84561946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698847)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698847/; classtype:trojan-activity;sid:84561947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698841)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698841/; classtype:trojan-activity;sid:84561941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698840)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698840/; classtype:trojan-activity;sid:84561940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698836)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698836/; classtype:trojan-activity;sid:84561936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698837)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698837/; classtype:trojan-activity;sid:84561937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698838)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698838/; classtype:trojan-activity;sid:84561938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698839)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698839/; classtype:trojan-activity;sid:84561939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698833)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698833/; classtype:trojan-activity;sid:84561933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698834)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698834/; classtype:trojan-activity;sid:84561934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698835)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698835/; classtype:trojan-activity;sid:84561935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698829)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698829/; classtype:trojan-activity;sid:84561929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698830)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698830/; classtype:trojan-activity;sid:84561930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698831)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698831/; classtype:trojan-activity;sid:84561931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698832)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698832/; classtype:trojan-activity;sid:84561932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698824)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698824/; classtype:trojan-activity;sid:84561924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698825)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698825/; classtype:trojan-activity;sid:84561925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698826)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698826/; classtype:trojan-activity;sid:84561926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698827)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698827/; classtype:trojan-activity;sid:84561927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698828)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698828/; classtype:trojan-activity;sid:84561928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698820)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698820/; classtype:trojan-activity;sid:84561920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698821)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698821/; classtype:trojan-activity;sid:84561921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698822)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698822/; classtype:trojan-activity;sid:84561922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698823)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698823/; classtype:trojan-activity;sid:84561923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698817)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698817/; classtype:trojan-activity;sid:84561917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698818)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698818/; classtype:trojan-activity;sid:84561918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698819)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698819/; classtype:trojan-activity;sid:84561919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698816)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698816/; classtype:trojan-activity;sid:84561916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698812)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698812/; classtype:trojan-activity;sid:84561912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698813)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698813/; classtype:trojan-activity;sid:84561913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698814)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698814/; classtype:trojan-activity;sid:84561914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698815)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698815/; classtype:trojan-activity;sid:84561915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698809)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698809/; classtype:trojan-activity;sid:84561909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698810)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698810/; classtype:trojan-activity;sid:84561910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698811)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698811/; classtype:trojan-activity;sid:84561911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698800)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698800/; classtype:trojan-activity;sid:84561900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698801)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698801/; classtype:trojan-activity;sid:84561901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698802)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698802/; classtype:trojan-activity;sid:84561902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698803)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698803/; classtype:trojan-activity;sid:84561903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698804)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698804/; classtype:trojan-activity;sid:84561904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698805)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698805/; classtype:trojan-activity;sid:84561905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698806)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698806/; classtype:trojan-activity;sid:84561906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698807)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698807/; classtype:trojan-activity;sid:84561907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698808)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698808/; classtype:trojan-activity;sid:84561908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698798)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698798/; classtype:trojan-activity;sid:84561898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698799)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698799/; classtype:trojan-activity;sid:84561899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698793)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698793/; classtype:trojan-activity;sid:84561893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698794)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698794/; classtype:trojan-activity;sid:84561894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698795)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698795/; classtype:trojan-activity;sid:84561895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698796)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698796/; classtype:trojan-activity;sid:84561896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698797)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698797/; classtype:trojan-activity;sid:84561897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698785)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698785/; classtype:trojan-activity;sid:84561885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698786)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698786/; classtype:trojan-activity;sid:84561886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698787)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698787/; classtype:trojan-activity;sid:84561887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698788)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698788/; classtype:trojan-activity;sid:84561888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698789)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698789/; classtype:trojan-activity;sid:84561889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698790)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698790/; classtype:trojan-activity;sid:84561890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698791)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698791/; classtype:trojan-activity;sid:84561891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698792)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698792/; classtype:trojan-activity;sid:84561892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698776)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698776/; classtype:trojan-activity;sid:84561876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698777)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698777/; classtype:trojan-activity;sid:84561877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698778)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698778/; classtype:trojan-activity;sid:84561878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698779)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698779/; classtype:trojan-activity;sid:84561879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698780)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698780/; classtype:trojan-activity;sid:84561880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698781)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698781/; classtype:trojan-activity;sid:84561881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698782)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698782/; classtype:trojan-activity;sid:84561882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698783)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698783/; classtype:trojan-activity;sid:84561883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698784)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698784/; classtype:trojan-activity;sid:84561884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698767)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698767/; classtype:trojan-activity;sid:84561867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698768)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698768/; classtype:trojan-activity;sid:84561868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698769)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698769/; classtype:trojan-activity;sid:84561869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698770)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698770/; classtype:trojan-activity;sid:84561870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698771)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698771/; classtype:trojan-activity;sid:84561871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698772)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698772/; classtype:trojan-activity;sid:84561872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698773)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698773/; classtype:trojan-activity;sid:84561873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698774)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698774/; classtype:trojan-activity;sid:84561874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698775)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698775/; classtype:trojan-activity;sid:84561875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698760)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698760/; classtype:trojan-activity;sid:84561860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698761)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698761/; classtype:trojan-activity;sid:84561861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698762)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698762/; classtype:trojan-activity;sid:84561862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698763)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698763/; classtype:trojan-activity;sid:84561863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698764)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698764/; classtype:trojan-activity;sid:84561864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698765)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698765/; classtype:trojan-activity;sid:84561865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698766)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698766/; classtype:trojan-activity;sid:84561866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.195.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698759/; classtype:trojan-activity;sid:84561859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.59.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698758/; classtype:trojan-activity;sid:84561858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.88.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698757/; classtype:trojan-activity;sid:84561857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.44.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698756/; classtype:trojan-activity;sid:84561856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698755)"; flow:established,from_client; content:"GET"; http_method; content:"/s03kduq6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"j4.basaltwerk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698755/; classtype:trojan-activity;sid:84561855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.87.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698754/; classtype:trojan-activity;sid:84561854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698753)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=3xsohu97"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"j4.basaltwerk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698753/; classtype:trojan-activity;sid:84561853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698752)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7957086213/hdi9wtb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698752/; classtype:trojan-activity;sid:84561852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.163.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698751/; classtype:trojan-activity;sid:84561851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.55.92.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698750/; classtype:trojan-activity;sid:84561850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698749)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=zkwq9tci"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bv9.basaltwerk.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698749/; classtype:trojan-activity;sid:84561849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.104.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698748/; classtype:trojan-activity;sid:84561848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.58.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698747/; classtype:trojan-activity;sid:84561847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698746)"; flow:established,from_client; content:"GET"; http_method; content:"/vc2.check|3f|t=gbfhh2xd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q7.basaltwerk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698746/; classtype:trojan-activity;sid:84561846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.226.104.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698745/; classtype:trojan-activity;sid:84561845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.226.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698740/; classtype:trojan-activity;sid:84561840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.2.185.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698741/; classtype:trojan-activity;sid:84561841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.2.185.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698742/; classtype:trojan-activity;sid:84561842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.147.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698743/; classtype:trojan-activity;sid:84561843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.221.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698744/; classtype:trojan-activity;sid:84561844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.40.48.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698738/; classtype:trojan-activity;sid:84561838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.229.174.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698739/; classtype:trojan-activity;sid:84561839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.148.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698737/; classtype:trojan-activity;sid:84561837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698736)"; flow:established,from_client; content:"GET"; http_method; content:"/tv2utj3r"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"q7.basaltwerk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698736/; classtype:trojan-activity;sid:84561836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.194.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698735/; classtype:trojan-activity;sid:84561835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.107.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698734/; classtype:trojan-activity;sid:84561834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.88.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698733/; classtype:trojan-activity;sid:84561833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.163.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698732/; classtype:trojan-activity;sid:84561832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.55.92.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698731/; classtype:trojan-activity;sid:84561831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.182.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698730/; classtype:trojan-activity;sid:84561830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.109.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698729/; classtype:trojan-activity;sid:84561829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698728)"; flow:established,from_client; content:"GET"; http_method; content:"/56zvny7b"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wp6.basaltwerk.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698728/; classtype:trojan-activity;sid:84561828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.148.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698727/; classtype:trojan-activity;sid:84561827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.56.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698726/; classtype:trojan-activity;sid:84561826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.109.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698725/; classtype:trojan-activity;sid:84561825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698724)"; flow:established,from_client; content:"GET"; http_method; content:"/q4q.check|3f|t=1x7c9feu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wp6.basaltwerk.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698724/; classtype:trojan-activity;sid:84561824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.182.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698723/; classtype:trojan-activity;sid:84561823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.181.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698722/; classtype:trojan-activity;sid:84561822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.194.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698721/; classtype:trojan-activity;sid:84561821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.165.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698720/; classtype:trojan-activity;sid:84561820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698719)"; flow:established,from_client; content:"GET"; http_method; content:"/a7os0hh1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uhz.basaltwerk.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698719/; classtype:trojan-activity;sid:84561819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.29.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698718/; classtype:trojan-activity;sid:84561818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.13.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698717/; classtype:trojan-activity;sid:84561817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.209.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698716/; classtype:trojan-activity;sid:84561816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.56.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698715/; classtype:trojan-activity;sid:84561815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698714)"; flow:established,from_client; content:"GET"; http_method; content:"/3ao.check|3f|t=gnz78rys"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3t.bramblestrom.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698714/; classtype:trojan-activity;sid:84561814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.165.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698713/; classtype:trojan-activity;sid:84561813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.152.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698712/; classtype:trojan-activity;sid:84561812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.38.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698711/; classtype:trojan-activity;sid:84561811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.181.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698710/; classtype:trojan-activity;sid:84561810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698709)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6400879960/g4v4qym.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698709/; classtype:trojan-activity;sid:84561809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.29.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698708/; classtype:trojan-activity;sid:84561808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698707)"; flow:established,from_client; content:"GET"; http_method; content:"/f9.google|3f|t=gzq1voi5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"9ls.bramblestrom.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698707/; classtype:trojan-activity;sid:84561807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.83.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698706/; classtype:trojan-activity;sid:84561806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.28.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698705/; classtype:trojan-activity;sid:84561805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698704)"; flow:established,from_client; content:"GET"; http_method; content:"/ap.google|3f|t=q6h2mz01"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mi.bramblestrom.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698704/; classtype:trojan-activity;sid:84561804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.152.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698703/; classtype:trojan-activity;sid:84561803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698702)"; flow:established,from_client; content:"GET"; http_method; content:"/n5.google|3f|t=dixf87ed"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3hg.bramblestrom.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698702/; classtype:trojan-activity;sid:84561802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.40.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698701/; classtype:trojan-activity;sid:84561801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.107.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698700/; classtype:trojan-activity;sid:84561800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698699)"; flow:established,from_client; content:"GET"; http_method; content:"/reprofo.mso"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698699/; classtype:trojan-activity;sid:84561799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.i486"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698683/; classtype:trojan-activity;sid:84561783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698684/; classtype:trojan-activity;sid:84561784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698685/; classtype:trojan-activity;sid:84561785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698686/; classtype:trojan-activity;sid:84561786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698687/; classtype:trojan-activity;sid:84561787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698688/; classtype:trojan-activity;sid:84561788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698689)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698689/; classtype:trojan-activity;sid:84561789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698690/; classtype:trojan-activity;sid:84561790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698691/; classtype:trojan-activity;sid:84561791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698692/; classtype:trojan-activity;sid:84561792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698693/; classtype:trojan-activity;sid:84561793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.mips64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698694/; classtype:trojan-activity;sid:84561794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698695/; classtype:trojan-activity;sid:84561795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698696/; classtype:trojan-activity;sid:84561796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698697/; classtype:trojan-activity;sid:84561797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698698/; classtype:trojan-activity;sid:84561798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698682)"; flow:established,from_client; content:"GET"; http_method; content:"/gkvys7xa"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ehu.bramblestrom.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698682/; classtype:trojan-activity;sid:84561782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698681)"; flow:established,from_client; content:"GET"; http_method; content:"/xcs.google|3f|t=l0g2nrdd"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ehu.bramblestrom.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698681/; classtype:trojan-activity;sid:84561781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.49.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698680/; classtype:trojan-activity;sid:84561780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698679)"; flow:established,from_client; content:"GET"; http_method; content:"/meu/new_ibo_app.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5go5.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698679/; classtype:trojan-activity;sid:84561779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698678)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/1xbet.apk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"1xbet-android.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698678/; classtype:trojan-activity;sid:84561778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698677)"; flow:established,from_client; content:"GET"; http_method; content:"/fishmaps.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"rybkakis.store"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698677/; classtype:trojan-activity;sid:84561777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698676)"; flow:established,from_client; content:"GET"; http_method; content:"/7ec62d3c50d033b0857fe6f7e1e09de219001cf3bcc25fe5ddac25596b0c2922.apk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"ultraviewv.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698676/; classtype:trojan-activity;sid:84561776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698675)"; flow:established,from_client; content:"GET"; http_method; content:"/m.apk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ampayz.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698675/; classtype:trojan-activity;sid:84561775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698673)"; flow:established,from_client; content:"GET"; http_method; content:"/els.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"elementscript.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698673/; classtype:trojan-activity;sid:84561773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698674)"; flow:established,from_client; content:"GET"; http_method; content:"/files/tiktoktv.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"xingba888.today"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698674/; classtype:trojan-activity;sid:84561774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698671)"; flow:established,from_client; content:"GET"; http_method; content:"/daemons.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"daemons.studio"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698671/; classtype:trojan-activity;sid:84561771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698672)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/youtubeultra.apk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"youtubeultra.digital"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698672/; classtype:trojan-activity;sid:84561772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698670)"; flow:established,from_client; content:"GET"; http_method; content:"/youtubegg.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"youtubegg.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698670/; classtype:trojan-activity;sid:84561770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698667)"; flow:established,from_client; content:"GET"; http_method; content:"/fishmaps.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"rybkakis.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698667/; classtype:trojan-activity;sid:84561767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698668)"; flow:established,from_client; content:"GET"; http_method; content:"/trafficflow.apk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"trafficflow.life"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698668/; classtype:trojan-activity;sid:84561768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698669)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/storybet138v3.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"wahanastory.store"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698669/; classtype:trojan-activity;sid:84561769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.51.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698664/; classtype:trojan-activity;sid:84561764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.81.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698665/; classtype:trojan-activity;sid:84561765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698666)"; flow:established,from_client; content:"GET"; http_method; content:"/document.url"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"112.198.135.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698666/; classtype:trojan-activity;sid:84561766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.55.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698663/; classtype:trojan-activity;sid:84561763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698662)"; flow:established,from_client; content:"GET"; http_method; content:"/94f.check|3f|t=61bvcda4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bq.bramblestrom.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698662/; classtype:trojan-activity;sid:84561762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698661)"; flow:established,from_client; content:"GET"; http_method; content:"/xjw062o4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bq.bramblestrom.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698661/; classtype:trojan-activity;sid:84561761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.100.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698660/; classtype:trojan-activity;sid:84561760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698659)"; flow:established,from_client; content:"GET"; http_method; content:"/knyxwdg3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4r.bramblestrom.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698659/; classtype:trojan-activity;sid:84561759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698658)"; flow:established,from_client; content:"GET"; http_method; content:"/i9.check|3f|t=songuvm9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"4r.bramblestrom.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698658/; classtype:trojan-activity;sid:84561758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.107.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698657/; classtype:trojan-activity;sid:84561757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698654)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698654/; classtype:trojan-activity;sid:84561754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698655)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698655/; classtype:trojan-activity;sid:84561755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698656)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698656/; classtype:trojan-activity;sid:84561756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698648)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698648/; classtype:trojan-activity;sid:84561748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698649)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698649/; classtype:trojan-activity;sid:84561749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698650)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698650/; classtype:trojan-activity;sid:84561750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698651)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698651/; classtype:trojan-activity;sid:84561751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698652)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698652/; classtype:trojan-activity;sid:84561752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698653)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698653/; classtype:trojan-activity;sid:84561753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698647)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698647/; classtype:trojan-activity;sid:84561747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698646)"; flow:established,from_client; content:"GET"; http_method; content:"/dfssharesync20251031183017.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"212.132.112.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698646/; classtype:trojan-activity;sid:84561746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698644)"; flow:established,from_client; content:"GET"; http_method; content:"/invoke-dfssharesync20251031183017inject-3.ps1"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"212.132.112.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698644/; classtype:trojan-activity;sid:84561744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698645)"; flow:established,from_client; content:"GET"; http_method; content:"/invoke-4.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.132.112.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698645/; classtype:trojan-activity;sid:84561745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698643)"; flow:established,from_client; content:"GET"; http_method; content:"/qa8.check|3f|t=x5ftph55"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k2m.horizonspur.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698643/; classtype:trojan-activity;sid:84561743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698642/; classtype:trojan-activity;sid:84561742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.86.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698641/; classtype:trojan-activity;sid:84561741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.83.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698640/; classtype:trojan-activity;sid:84561740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.27.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698639/; classtype:trojan-activity;sid:84561739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.101.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698638/; classtype:trojan-activity;sid:84561738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698637)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=1jfyjllf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p0x.horizonspur.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698637/; classtype:trojan-activity;sid:84561737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.136.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698636/; classtype:trojan-activity;sid:84561736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.100.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698635/; classtype:trojan-activity;sid:84561735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698634)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=2drjpdzo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oz.horizonspur.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698634/; classtype:trojan-activity;sid:84561734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.174.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698633/; classtype:trojan-activity;sid:84561733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698632/; classtype:trojan-activity;sid:84561732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.101.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698631/; classtype:trojan-activity;sid:84561731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698630/; classtype:trojan-activity;sid:84561730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698629)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7957086213/kdjpzar.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698629/; classtype:trojan-activity;sid:84561729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698627)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698627/; classtype:trojan-activity;sid:84561727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698628)"; flow:established,from_client; content:"GET"; http_method; content:"/huh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698628/; classtype:trojan-activity;sid:84561728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.64.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698626/; classtype:trojan-activity;sid:84561726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698625)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=71stjaq4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3r.horizonspur.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698625/; classtype:trojan-activity;sid:84561725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.136.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698624/; classtype:trojan-activity;sid:84561724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698623/; classtype:trojan-activity;sid:84561723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.238.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698622/; classtype:trojan-activity;sid:84561722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698621/; classtype:trojan-activity;sid:84561721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698620)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=wak3mevs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"so.horizonspur.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698620/; classtype:trojan-activity;sid:84561720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.76.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698619/; classtype:trojan-activity;sid:84561719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.175.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698618/; classtype:trojan-activity;sid:84561718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698617/; classtype:trojan-activity;sid:84561717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.229.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698616/; classtype:trojan-activity;sid:84561716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698615)"; flow:established,from_client; content:"GET"; http_method; content:"/yb2.check|3f|t=vfjonc3i"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h4n.phoenixbogen.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698615/; classtype:trojan-activity;sid:84561715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698614)"; flow:established,from_client; content:"GET"; http_method; content:"/m04.google|3f|t=azhktb7g"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xk.phoenixbogen.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698614/; classtype:trojan-activity;sid:84561714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.238.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698613/; classtype:trojan-activity;sid:84561713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698612)"; flow:established,from_client; content:"GET"; http_method; content:"/tn3.check|3f|t=oi8oku74"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p2k.phoenixbogen.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698612/; classtype:trojan-activity;sid:84561712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.175.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698611/; classtype:trojan-activity;sid:84561711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.38.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698610/; classtype:trojan-activity;sid:84561710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698609/; classtype:trojan-activity;sid:84561709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698608)"; flow:established,from_client; content:"GET"; http_method; content:"/h7.google|3f|t=87px2k0y"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c3r.phoenixbogen.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698608/; classtype:trojan-activity;sid:84561708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.82.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698607/; classtype:trojan-activity;sid:84561707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.107.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698606/; classtype:trojan-activity;sid:84561706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.238.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698605/; classtype:trojan-activity;sid:84561705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.187.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698604/; classtype:trojan-activity;sid:84561704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.53.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698603/; classtype:trojan-activity;sid:84561703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698602)"; flow:established,from_client; content:"GET"; http_method; content:"/ra.google|3f|t=d1cfnu2v"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"be.phoenixbogen.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698602/; classtype:trojan-activity;sid:84561702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698601)"; flow:established,from_client; content:"GET"; http_method; content:"/twmxlbtk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"be.phoenixbogen.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698601/; classtype:trojan-activity;sid:84561701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.82.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698600/; classtype:trojan-activity;sid:84561700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698599)"; flow:established,from_client; content:"GET"; http_method; content:"/keu9slp4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c9.crystalmoor.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698599/; classtype:trojan-activity;sid:84561699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698598)"; flow:established,from_client; content:"GET"; http_method; content:"/ra1.check|3f|t=wdz3k4kk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c9.crystalmoor.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698598/; classtype:trojan-activity;sid:84561698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.104.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698597/; classtype:trojan-activity;sid:84561697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.107.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698595/; classtype:trojan-activity;sid:84561695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698596/; classtype:trojan-activity;sid:84561696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698594)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.google|3f|t=j18xkd6y"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tqf.crystalmoor.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698594/; classtype:trojan-activity;sid:84561694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.248.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698593/; classtype:trojan-activity;sid:84561693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.117.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698592/; classtype:trojan-activity;sid:84561692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698591)"; flow:established,from_client; content:"GET"; http_method; content:"/pk2.check|3f|t=6p0abi4y"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z1.crystalmoor.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698591/; classtype:trojan-activity;sid:84561691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.226.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698590/; classtype:trojan-activity;sid:84561690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.104.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698589/; classtype:trojan-activity;sid:84561689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698588)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.google|3f|t=ezcviv08"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bd2.crystalmoor.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698588/; classtype:trojan-activity;sid:84561688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.113.53.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698587/; classtype:trojan-activity;sid:84561687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698586)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.check|3f|t=uf0krgar"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q7m.crystalmoor.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698586/; classtype:trojan-activity;sid:84561686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.208.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698585/; classtype:trojan-activity;sid:84561685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698584)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.google|3f|t=iwsybecq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gs.crystalmoor.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698584/; classtype:trojan-activity;sid:84561684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.219.189.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698583/; classtype:trojan-activity;sid:84561683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698582/; classtype:trojan-activity;sid:84561682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.217.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698581/; classtype:trojan-activity;sid:84561681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698580)"; flow:established,from_client; content:"GET"; http_method; content:"/zn9.check|3f|t=4ev7aoyz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t7z.saffronkern.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698580/; classtype:trojan-activity;sid:84561680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.113.53.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698579/; classtype:trojan-activity;sid:84561679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698578)"; flow:established,from_client; content:"GET"; http_method; content:"/1c0.google|3f|t=6di4895c"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bqk.saffronkern.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698578/; classtype:trojan-activity;sid:84561678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.3.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698577/; classtype:trojan-activity;sid:84561677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.208.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698576/; classtype:trojan-activity;sid:84561676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.198.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698575/; classtype:trojan-activity;sid:84561675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.189.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698574/; classtype:trojan-activity;sid:84561674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698573)"; flow:established,from_client; content:"GET"; http_method; content:"/ab3.check|3f|t=1ky6cfnw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x2.saffronkern.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698573/; classtype:trojan-activity;sid:84561673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.245.232.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698572/; classtype:trojan-activity;sid:84561672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.109.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698571/; classtype:trojan-activity;sid:84561671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698570)"; flow:established,from_client; content:"GET"; http_method; content:"/0w4.google|3f|t=tsgmephk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pc4.saffronkern.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698570/; classtype:trojan-activity;sid:84561670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.100.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698569/; classtype:trojan-activity;sid:84561669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698568)"; flow:established,from_client; content:"GET"; http_method; content:"/ulg3cgw8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pc4.saffronkern.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698568/; classtype:trojan-activity;sid:84561668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.159.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698567/; classtype:trojan-activity;sid:84561667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.116.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698566/; classtype:trojan-activity;sid:84561666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.181.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698565/; classtype:trojan-activity;sid:84561665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.3.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698564/; classtype:trojan-activity;sid:84561664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698563)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.192.99.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698563/; classtype:trojan-activity;sid:84561663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.9.223"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698559/; classtype:trojan-activity;sid:84561659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.117.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698560/; classtype:trojan-activity;sid:84561660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.13.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698561/; classtype:trojan-activity;sid:84561661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.226.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698562/; classtype:trojan-activity;sid:84561662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.207.64.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698558/; classtype:trojan-activity;sid:84561658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.89.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698557/; classtype:trojan-activity;sid:84561657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.163.189.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698556/; classtype:trojan-activity;sid:84561656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698555)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698555/; classtype:trojan-activity;sid:84561655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698554)"; flow:established,from_client; content:"GET"; http_method; content:"/7m.google|3f|t=gnzfv65o"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"aj.saffronkern.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698554/; classtype:trojan-activity;sid:84561654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.179.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698553/; classtype:trojan-activity;sid:84561653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.182.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698551/; classtype:trojan-activity;sid:84561651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.109.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698552/; classtype:trojan-activity;sid:84561652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.159.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698550/; classtype:trojan-activity;sid:84561650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698549)"; flow:established,from_client; content:"GET"; http_method; content:"/p0x.check|3f|t=vm0cb50f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z0r.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698549/; classtype:trojan-activity;sid:84561649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.100.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698548/; classtype:trojan-activity;sid:84561648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.209.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698547/; classtype:trojan-activity;sid:84561647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698546)"; flow:established,from_client; content:"GET"; http_method; content:"/k2.google|3f|t=19ogde3t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nq5.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698546/; classtype:trojan-activity;sid:84561646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698545)"; flow:established,from_client; content:"GET"; http_method; content:"/wu58y365"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nq5.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698545/; classtype:trojan-activity;sid:84561645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.245.232.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698544/; classtype:trojan-activity;sid:84561644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.89.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698543/; classtype:trojan-activity;sid:84561643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.179.230.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698542/; classtype:trojan-activity;sid:84561642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.125.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698541/; classtype:trojan-activity;sid:84561641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.124.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698540/; classtype:trojan-activity;sid:84561640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.240.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698539/; classtype:trojan-activity;sid:84561639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698538)"; flow:established,from_client; content:"GET"; http_method; content:"/r19.check|3f|t=blxutcp9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"d34.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698538/; classtype:trojan-activity;sid:84561638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.209.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698537/; classtype:trojan-activity;sid:84561637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698536/; classtype:trojan-activity;sid:84561636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698535)"; flow:established,from_client; content:"GET"; http_method; content:"/3qa.google|3f|t=qs7d3vdq"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"w9.nebularanke.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698535/; classtype:trojan-activity;sid:84561635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698534)"; flow:established,from_client; content:"GET"; http_method; content:"/v0f.check|3f|t=hhazjyc2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k7x.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698534/; classtype:trojan-activity;sid:84561634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698533)"; flow:established,from_client; content:"GET"; http_method; content:"/38g4pw0w"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"k7x.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698533/; classtype:trojan-activity;sid:84561633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.124.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698532/; classtype:trojan-activity;sid:84561632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698531/; classtype:trojan-activity;sid:84561631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698530)"; flow:established,from_client; content:"GET"; http_method; content:"/t8.google|3f|t=85475f8j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"f2a.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698530/; classtype:trojan-activity;sid:84561630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698529)"; flow:established,from_client; content:"GET"; http_method; content:"/xdmtnv0q"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f2a.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698529/; classtype:trojan-activity;sid:84561629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.27.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698528/; classtype:trojan-activity;sid:84561628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.149.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698527/; classtype:trojan-activity;sid:84561627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.75.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698526/; classtype:trojan-activity;sid:84561626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698525)"; flow:established,from_client; content:"GET"; http_method; content:"/lq0.google|3f|t=sp2ry3xs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"v2r.whisperlake.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698525/; classtype:trojan-activity;sid:84561625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698524)"; flow:established,from_client; content:"GET"; http_method; content:"/dp2.check|3f|t=9sx1aj6u"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c4n.whisperlake.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698524/; classtype:trojan-activity;sid:84561624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.87.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698523/; classtype:trojan-activity;sid:84561623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.18.226"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698522/; classtype:trojan-activity;sid:84561622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698521)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.koukaki.moonwp.fr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698521/; classtype:trojan-activity;sid:84561621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698520)"; flow:established,from_client; content:"GET"; http_method; content:"/uesskkwy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c4n.whisperlake.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698520/; classtype:trojan-activity;sid:84561620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.59.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698519/; classtype:trojan-activity;sid:84561619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698518)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.koukaki.moonwp.fr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698518/; classtype:trojan-activity;sid:84561618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698517)"; flow:established,from_client; content:"GET"; http_method; content:"/a0.google|3f|t=2ag61r4e"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yxm4.whisperlake.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698517/; classtype:trojan-activity;sid:84561617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.195.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698516/; classtype:trojan-activity;sid:84561616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.182.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698515/; classtype:trojan-activity;sid:84561615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.117.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698514/; classtype:trojan-activity;sid:84561614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698513)"; flow:established,from_client; content:"GET"; http_method; content:"/9m1.check|3f|t=npy2w4ys"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t3q.whisperlake.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698513/; classtype:trojan-activity;sid:84561613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.27.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698512/; classtype:trojan-activity;sid:84561612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.108.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698511/; classtype:trojan-activity;sid:84561611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.228.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698510/; classtype:trojan-activity;sid:84561610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.87.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698509/; classtype:trojan-activity;sid:84561609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.4.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698507/; classtype:trojan-activity;sid:84561607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.24.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698508/; classtype:trojan-activity;sid:84561608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.195.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698506/; classtype:trojan-activity;sid:84561606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698505)"; flow:established,from_client; content:"GET"; http_method; content:"/rd.google|3f|t=dyaqottq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k2v.whisperlake.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698505/; classtype:trojan-activity;sid:84561605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698504)"; flow:established,from_client; content:"GET"; http_method; content:"/vryshubj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"k2v.whisperlake.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698504/; classtype:trojan-activity;sid:84561604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.77.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698503/; classtype:trojan-activity;sid:84561603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.24.27.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698502/; classtype:trojan-activity;sid:84561602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698501)"; flow:established,from_client; content:"GET"; http_method; content:"/x3to2hit"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rz4.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698501/; classtype:trojan-activity;sid:84561601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698500)"; flow:established,from_client; content:"GET"; http_method; content:"/bn2.check|3f|t=oceatkvq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rz4.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698500/; classtype:trojan-activity;sid:84561600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.148.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698499/; classtype:trojan-activity;sid:84561599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698498)"; flow:established,from_client; content:"GET"; http_method; content:"/updater.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.137.246.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698498/; classtype:trojan-activity;sid:84561598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698497)"; flow:established,from_client; content:"GET"; http_method; content:"/ty3.check|3f|t=i7xa2vq5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x1p.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698497/; classtype:trojan-activity;sid:84561597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.228.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698496/; classtype:trojan-activity;sid:84561596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.177.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698495/; classtype:trojan-activity;sid:84561595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698494)"; flow:established,from_client; content:"GET"; http_method; content:"/v0.google|3f|t=noll66xx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q2k.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698494/; classtype:trojan-activity;sid:84561594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698493)"; flow:established,from_client; content:"GET"; http_method; content:"/r66vgxlb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"q2k.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698493/; classtype:trojan-activity;sid:84561593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.243.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698492/; classtype:trojan-activity;sid:84561592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698491)"; flow:established,from_client; content:"GET"; http_method; content:"/1za.check|3f|t=i68ti6ul"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m9x.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698491/; classtype:trojan-activity;sid:84561591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698490)"; flow:established,from_client; content:"GET"; http_method; content:"/wxc51kmq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m9x.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698490/; classtype:trojan-activity;sid:84561590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.242.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698489/; classtype:trojan-activity;sid:84561589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.159.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698488/; classtype:trojan-activity;sid:84561588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.236.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698487/; classtype:trojan-activity;sid:84561587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698486)"; flow:established,from_client; content:"GET"; http_method; content:"/qm.google|3f|t=p3tctchp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ab7.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698486/; classtype:trojan-activity;sid:84561586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.239.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698485/; classtype:trojan-activity;sid:84561585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.159.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698484/; classtype:trojan-activity;sid:84561584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.35.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698483/; classtype:trojan-activity;sid:84561583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698482/; classtype:trojan-activity;sid:84561582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.88.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698481/; classtype:trojan-activity;sid:84561581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698480)"; flow:established,from_client; content:"GET"; http_method; content:"/zn0kpt23"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"brightsilk.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698480/; classtype:trojan-activity;sid:84561580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698479)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=jf1k4njj"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"brightsilk.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698479/; classtype:trojan-activity;sid:84561579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698477)"; flow:established,from_client; content:"GET"; http_method; content:"/pppoeb"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.157.106.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698477/; classtype:trojan-activity;sid:84561577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698478)"; flow:established,from_client; content:"GET"; http_method; content:"/mwah"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.157.106.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698478/; classtype:trojan-activity;sid:84561578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698476)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/0x4szpi.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698476/; classtype:trojan-activity;sid:84561576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698475)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/9zumni2.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698475/; classtype:trojan-activity;sid:84561575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.35.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698474/; classtype:trojan-activity;sid:84561574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698473)"; flow:established,from_client; content:"GET"; http_method; content:"/q5rx0daw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"serenapoint.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698473/; classtype:trojan-activity;sid:84561573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698472)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=640f2nx7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"serenapoint.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698472/; classtype:trojan-activity;sid:84561572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698471)"; flow:established,from_client; content:"GET"; http_method; content:"/68cr2int"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ic0nicr1ver.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698471/; classtype:trojan-activity;sid:84561571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698470/; classtype:trojan-activity;sid:84561570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698469)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=i0lwo7pe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ic0nicr1ver.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698469/; classtype:trojan-activity;sid:84561569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.153.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698468/; classtype:trojan-activity;sid:84561568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.239.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698467/; classtype:trojan-activity;sid:84561567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698466)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=magej7bu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"shadow-grove.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698466/; classtype:trojan-activity;sid:84561566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698465/; classtype:trojan-activity;sid:84561565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698464)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=almjvbdr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"m0onsh1nebay.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698464/; classtype:trojan-activity;sid:84561564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.153.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698463/; classtype:trojan-activity;sid:84561563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.11.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698462/; classtype:trojan-activity;sid:84561562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698461)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=c2ngqurv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sunnyharbor.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698461/; classtype:trojan-activity;sid:84561561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698460/; classtype:trojan-activity;sid:84561560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698459)"; flow:established,from_client; content:"GET"; http_method; content:"/24bu97cc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sunnyharbor.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698459/; classtype:trojan-activity;sid:84561559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698458/; classtype:trojan-activity;sid:84561558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698457)"; flow:established,from_client; content:"GET"; http_method; content:"/nskrzc8m"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"serena-point.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698457/; classtype:trojan-activity;sid:84561557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698456)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=otpvgs0c"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"serena-point.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698456/; classtype:trojan-activity;sid:84561556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.121.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698455/; classtype:trojan-activity;sid:84561555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.84.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698454/; classtype:trojan-activity;sid:84561554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.116.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698453/; classtype:trojan-activity;sid:84561553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698452/; classtype:trojan-activity;sid:84561552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.150.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698451/; classtype:trojan-activity;sid:84561551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698450)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=ichtuqzx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dawn-mirror.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698450/; classtype:trojan-activity;sid:84561550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.231.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698449/; classtype:trojan-activity;sid:84561549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.116.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698448/; classtype:trojan-activity;sid:84561548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698447/; classtype:trojan-activity;sid:84561547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698446)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=2p22jcmw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mighty-flora.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698446/; classtype:trojan-activity;sid:84561546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698445)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7044575709/ifils8q.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698445/; classtype:trojan-activity;sid:84561545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698444)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/pec68gw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698444/; classtype:trojan-activity;sid:84561544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.224.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698443/; classtype:trojan-activity;sid:84561543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.81.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698442/; classtype:trojan-activity;sid:84561542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698441)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=9t6p0bax"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"shadowgrove.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698441/; classtype:trojan-activity;sid:84561541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698440)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=q7avbfux"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"1unarpetal.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698440/; classtype:trojan-activity;sid:84561540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.121.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698439/; classtype:trojan-activity;sid:84561539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.231.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698438/; classtype:trojan-activity;sid:84561538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698437/; classtype:trojan-activity;sid:84561537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.103.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698436/; classtype:trojan-activity;sid:84561536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698434)"; flow:established,from_client; content:"GET"; http_method; content:"/5w8h.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dolmain.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698434/; classtype:trojan-activity;sid:84561534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698435)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"flowascatch.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698435/; classtype:trojan-activity;sid:84561535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698430)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"edentista.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698430/; classtype:trojan-activity;sid:84561530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698431)"; flow:established,from_client; content:"GET"; http_method; content:"/qqrtyw0g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dawnmirror.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698431/; classtype:trojan-activity;sid:84561531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698432)"; flow:established,from_client; content:"GET"; http_method; content:"/5g7o.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"edentista.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698432/; classtype:trojan-activity;sid:84561532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698433)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dolmain.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698433/; classtype:trojan-activity;sid:84561533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.105.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698429/; classtype:trojan-activity;sid:84561529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.181.95.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698428/; classtype:trojan-activity;sid:84561528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.254.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698426/; classtype:trojan-activity;sid:84561526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.24.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698427/; classtype:trojan-activity;sid:84561527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.90.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698425/; classtype:trojan-activity;sid:84561525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698424)"; flow:established,from_client; content:"GET"; http_method; content:"/sample.mp4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.file-secure-sharing.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698424/; classtype:trojan-activity;sid:84561524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698422)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.233.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698422/; classtype:trojan-activity;sid:84561522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698423)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.224.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698423/; classtype:trojan-activity;sid:84561523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698421)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.87.10.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698421/; classtype:trojan-activity;sid:84561521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698420)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.79.19.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698420/; classtype:trojan-activity;sid:84561520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698419)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/sample.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.155.8.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698419/; classtype:trojan-activity;sid:84561519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698416)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.152.223.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698416/; classtype:trojan-activity;sid:84561516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698417)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.7.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698417/; classtype:trojan-activity;sid:84561517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698418)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.126.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698418/; classtype:trojan-activity;sid:84561518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698409)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.92.78.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698409/; classtype:trojan-activity;sid:84561509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698410)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"59.110.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698410/; classtype:trojan-activity;sid:84561510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698411)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.25.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698411/; classtype:trojan-activity;sid:84561511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698412)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.104.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698412/; classtype:trojan-activity;sid:84561512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698413)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.38.251.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698413/; classtype:trojan-activity;sid:84561513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698414)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.204.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698414/; classtype:trojan-activity;sid:84561514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698415)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.192.49.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698415/; classtype:trojan-activity;sid:84561515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698407)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.120.24.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698407/; classtype:trojan-activity;sid:84561507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698408)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.14.244.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698408/; classtype:trojan-activity;sid:84561508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.136.112.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698405/; classtype:trojan-activity;sid:84561505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.85.4.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698406/; classtype:trojan-activity;sid:84561506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.246.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698403/; classtype:trojan-activity;sid:84561503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.197.49.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698404/; classtype:trojan-activity;sid:84561504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.244.205.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698389/; classtype:trojan-activity;sid:84561489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.83.61.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698390/; classtype:trojan-activity;sid:84561490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.195.194.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698391/; classtype:trojan-activity;sid:84561491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698392/; classtype:trojan-activity;sid:84561492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.12.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698393/; classtype:trojan-activity;sid:84561493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.101.128.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698394/; classtype:trojan-activity;sid:84561494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.236.56.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698395/; classtype:trojan-activity;sid:84561495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.209.171.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698396/; classtype:trojan-activity;sid:84561496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.129.218.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698397/; classtype:trojan-activity;sid:84561497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.130.225.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698398/; classtype:trojan-activity;sid:84561498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.51.140.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698399/; classtype:trojan-activity;sid:84561499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.250.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698400/; classtype:trojan-activity;sid:84561500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.241.192.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698401/; classtype:trojan-activity;sid:84561501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.48.137.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698402/; classtype:trojan-activity;sid:84561502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.72.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698387/; classtype:trojan-activity;sid:84561487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.157.28.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698388/; classtype:trojan-activity;sid:84561488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.125.40.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698385/; classtype:trojan-activity;sid:84561485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.76.33.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698386/; classtype:trojan-activity;sid:84561486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698384/; classtype:trojan-activity;sid:84561484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.218.75.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698382/; classtype:trojan-activity;sid:84561482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.166.215.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698383/; classtype:trojan-activity;sid:84561483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698381)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.159.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698381/; classtype:trojan-activity;sid:84561481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698380)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.105.142.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698380/; classtype:trojan-activity;sid:84561480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698379)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.159.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698379/; classtype:trojan-activity;sid:84561479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698377)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.92.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698377/; classtype:trojan-activity;sid:84561477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698378)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.178.208.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698378/; classtype:trojan-activity;sid:84561478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698366)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"105.184.116.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698366/; classtype:trojan-activity;sid:84561466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698367)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.44.66.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698367/; classtype:trojan-activity;sid:84561467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698368)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.19.33.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698368/; classtype:trojan-activity;sid:84561468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698369)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.243.71.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698369/; classtype:trojan-activity;sid:84561469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698370)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.145.128.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698370/; classtype:trojan-activity;sid:84561470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698371)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"97.131.113.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698371/; classtype:trojan-activity;sid:84561471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698372)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"97.131.113.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698372/; classtype:trojan-activity;sid:84561472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698373)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.104.94"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698373/; classtype:trojan-activity;sid:84561473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698374)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.145.128.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698374/; classtype:trojan-activity;sid:84561474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698375)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.178.208.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698375/; classtype:trojan-activity;sid:84561475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698376)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.73.163.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698376/; classtype:trojan-activity;sid:84561476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698362)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.66.24.14"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698362/; classtype:trojan-activity;sid:84561462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698363)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.154.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698363/; classtype:trojan-activity;sid:84561463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698364)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.118.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698364/; classtype:trojan-activity;sid:84561464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698365)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.74.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698365/; classtype:trojan-activity;sid:84561465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698361)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.197.141.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698361/; classtype:trojan-activity;sid:84561461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.8.118.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698360/; classtype:trojan-activity;sid:84561460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698359)"; flow:established,from_client; content:"GET"; http_method; content:"/8am63pq5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mightyflora.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698359/; classtype:trojan-activity;sid:84561459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.144.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698358/; classtype:trojan-activity;sid:84561458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698357)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=6lq1uhdn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mightyflora.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698357/; classtype:trojan-activity;sid:84561457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.83.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698356/; classtype:trojan-activity;sid:84561456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698355/; classtype:trojan-activity;sid:84561455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698354)"; flow:established,from_client; content:"GET"; http_method; content:"/f180alms"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mintnord.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698354/; classtype:trojan-activity;sid:84561454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698353)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=qzsatl1l"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mintnord.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698353/; classtype:trojan-activity;sid:84561453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.254.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698352/; classtype:trojan-activity;sid:84561452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.250.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698351/; classtype:trojan-activity;sid:84561451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.42.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698350/; classtype:trojan-activity;sid:84561450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.144.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698349/; classtype:trojan-activity;sid:84561449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.8.118.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698348/; classtype:trojan-activity;sid:84561448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698347)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=q31kh0u2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cindertau.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698347/; classtype:trojan-activity;sid:84561447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.208.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698346/; classtype:trojan-activity;sid:84561446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698345)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=eqo78ccg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"indigowelle.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698345/; classtype:trojan-activity;sid:84561445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.244.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698343/; classtype:trojan-activity;sid:84561443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698344/; classtype:trojan-activity;sid:84561444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698342/; classtype:trojan-activity;sid:84561442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698341)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=iyx51zhn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ambergeist.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698341/; classtype:trojan-activity;sid:84561441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698340)"; flow:established,from_client; content:"GET"; http_method; content:"/710v9ilb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ambergeist.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698340/; classtype:trojan-activity;sid:84561440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.42.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698339/; classtype:trojan-activity;sid:84561439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.103.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698338/; classtype:trojan-activity;sid:84561438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698337)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=gdikoazs"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zenithspitze.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698337/; classtype:trojan-activity;sid:84561437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.195.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698336/; classtype:trojan-activity;sid:84561436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.156.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698335/; classtype:trojan-activity;sid:84561435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698334)"; flow:established,from_client; content:"GET"; http_method; content:"/zohjhrc2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gladeeiche.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698334/; classtype:trojan-activity;sid:84561434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698333)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=8m5595oa"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"gladeeiche.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698333/; classtype:trojan-activity;sid:84561433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.243.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698332/; classtype:trojan-activity;sid:84561432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698331/; classtype:trojan-activity;sid:84561431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.136.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698330/; classtype:trojan-activity;sid:84561430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698329)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=d26dudiq"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"vectorblitz.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698329/; classtype:trojan-activity;sid:84561429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698328)"; flow:established,from_client; content:"GET"; http_method; content:"/3ul1i6da"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vectorblitz.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698328/; classtype:trojan-activity;sid:84561428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.71.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698327/; classtype:trojan-activity;sid:84561427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698326)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=gzstka00"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tidalschatten.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698326/; classtype:trojan-activity;sid:84561426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.92.90.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698325/; classtype:trojan-activity;sid:84561425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.93.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698323/; classtype:trojan-activity;sid:84561423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.195.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698324/; classtype:trojan-activity;sid:84561424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.71.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698322/; classtype:trojan-activity;sid:84561422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698321/; classtype:trojan-activity;sid:84561421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.129.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698320/; classtype:trojan-activity;sid:84561420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.39.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698319/; classtype:trojan-activity;sid:84561419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698318)"; flow:established,from_client; content:"GET"; http_method; content:"/p32ihrja"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ovs.amberr-0-ck-et.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698318/; classtype:trojan-activity;sid:84561418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698317/; classtype:trojan-activity;sid:84561417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.145.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698316/; classtype:trojan-activity;sid:84561416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.129.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698315/; classtype:trojan-activity;sid:84561415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.51.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698314/; classtype:trojan-activity;sid:84561414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.208.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698313/; classtype:trojan-activity;sid:84561413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.252.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698312/; classtype:trojan-activity;sid:84561412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.54.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698311/; classtype:trojan-activity;sid:84561411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.9.133.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698310/; classtype:trojan-activity;sid:84561410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.54.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698309/; classtype:trojan-activity;sid:84561409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.208.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698308/; classtype:trojan-activity;sid:84561408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.145.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698307/; classtype:trojan-activity;sid:84561407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.80.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698306/; classtype:trojan-activity;sid:84561406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.207.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698305/; classtype:trojan-activity;sid:84561405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.137.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698304/; classtype:trojan-activity;sid:84561404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.252.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698303/; classtype:trojan-activity;sid:84561403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698302/; classtype:trojan-activity;sid:84561402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.75.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698301/; classtype:trojan-activity;sid:84561401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.166.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698300/; classtype:trojan-activity;sid:84561400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698299)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/t5yvmrj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698299/; classtype:trojan-activity;sid:84561399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.9.133.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698298/; classtype:trojan-activity;sid:84561398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698297)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.73.107.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698297/; classtype:trojan-activity;sid:84561397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.162.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698296/; classtype:trojan-activity;sid:84561396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.80.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698295/; classtype:trojan-activity;sid:84561395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.246.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698293/; classtype:trojan-activity;sid:84561393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.160.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698294/; classtype:trojan-activity;sid:84561394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.87.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698292/; classtype:trojan-activity;sid:84561392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.206.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698291/; classtype:trojan-activity;sid:84561391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.66.146.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698290/; classtype:trojan-activity;sid:84561390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698289)"; flow:established,from_client; content:"GET"; http_method; content:"/b95.google|3f|t=prj9k9ob"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fsrm.lilacsilo.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698289/; classtype:trojan-activity;sid:84561389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.70.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698288/; classtype:trojan-activity;sid:84561388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.66.146.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698287/; classtype:trojan-activity;sid:84561387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.0.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698286/; classtype:trojan-activity;sid:84561386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.114.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698285/; classtype:trojan-activity;sid:84561385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.87.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698284/; classtype:trojan-activity;sid:84561384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.173.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698283/; classtype:trojan-activity;sid:84561383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.67.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698282/; classtype:trojan-activity;sid:84561382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.128.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698281/; classtype:trojan-activity;sid:84561381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.206.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698280/; classtype:trojan-activity;sid:84561380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.177.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698279/; classtype:trojan-activity;sid:84561379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.170.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698278/; classtype:trojan-activity;sid:84561378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698277)"; flow:established,from_client; content:"GET"; http_method; content:"/miyileho98.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g1t4.starmarkt.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698277/; classtype:trojan-activity;sid:84561377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698276)"; flow:established,from_client; content:"GET"; http_method; content:"/fqb.google|3f|t=apu5vesb"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"silicon-moss.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698276/; classtype:trojan-activity;sid:84561376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.51.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698275/; classtype:trojan-activity;sid:84561375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698273)"; flow:established,from_client; content:"GET"; http_method; content:"/pd.check|3f|t=1nlwzv0s"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"soniccobalt.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698273/; classtype:trojan-activity;sid:84561373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698274)"; flow:established,from_client; content:"GET"; http_method; content:"/1ffsun8djp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k8x1.starmarkt.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698274/; classtype:trojan-activity;sid:84561374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698272)"; flow:established,from_client; content:"GET"; http_method; content:"/download/b.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"us2.bot-hosting.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698272/; classtype:trojan-activity;sid:84561372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.173.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698271/; classtype:trojan-activity;sid:84561371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698269)"; flow:established,from_client; content:"GET"; http_method; content:"/00d953e8e48743ceaa364ca2fec5372d_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"62.60.226.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698269/; classtype:trojan-activity;sid:84561369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698270)"; flow:established,from_client; content:"GET"; http_method; content:"/f48224f1b2d34770a71e9fac3f52b91e_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"62.60.226.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698270/; classtype:trojan-activity;sid:84561370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698268)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"54654.alphacinder.digital"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698268/; classtype:trojan-activity;sid:84561368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.114.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698267/; classtype:trojan-activity;sid:84561367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698265)"; flow:established,from_client; content:"GET"; http_method; content:"/vd3mt452"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"soniccobalt.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698265/; classtype:trojan-activity;sid:84561365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698266)"; flow:established,from_client; content:"GET"; http_method; content:"/id69a0kw35.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"orbitkrone.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698266/; classtype:trojan-activity;sid:84561366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.67.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698264/; classtype:trojan-activity;sid:84561364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698263/; classtype:trojan-activity;sid:84561363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.137.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698261/; classtype:trojan-activity;sid:84561361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698262)"; flow:established,from_client; content:"GET"; http_method; content:"/vm8m4qt5vj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k8x1.starmarkt.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698262/; classtype:trojan-activity;sid:84561362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698260)"; flow:established,from_client; content:"GET"; http_method; content:"/fw.check|3f|t=uthiuapp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lotioniron.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698260/; classtype:trojan-activity;sid:84561360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.128.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698258/; classtype:trojan-activity;sid:84561358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698259)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8455735771/2tva1kd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698259/; classtype:trojan-activity;sid:84561359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.69.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698257/; classtype:trojan-activity;sid:84561357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.246.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698256/; classtype:trojan-activity;sid:84561356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698255)"; flow:established,from_client; content:"GET"; http_method; content:"/qbxg5wb9ct.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"driftfels.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698255/; classtype:trojan-activity;sid:84561355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698254)"; flow:established,from_client; content:"GET"; http_method; content:"/6iwogh1v"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"siliconmoss.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698254/; classtype:trojan-activity;sid:84561354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.177.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698253/; classtype:trojan-activity;sid:84561353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.170.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698252/; classtype:trojan-activity;sid:84561352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.114.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698251/; classtype:trojan-activity;sid:84561351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698250)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/hwj1dzo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698250/; classtype:trojan-activity;sid:84561350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.19.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698249/; classtype:trojan-activity;sid:84561349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.241.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698248/; classtype:trojan-activity;sid:84561348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698247)"; flow:established,from_client; content:"GET"; http_method; content:"/b3zhv5mw27.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r0b3.starmarkt.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698247/; classtype:trojan-activity;sid:84561347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698246)"; flow:established,from_client; content:"GET"; http_method; content:"/a1.google|3f|t=bpcdt38r"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pixel-orbit.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698246/; classtype:trojan-activity;sid:84561346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.163.25.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698245/; classtype:trojan-activity;sid:84561345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.65.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698244/; classtype:trojan-activity;sid:84561344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.114.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698243/; classtype:trojan-activity;sid:84561343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698242)"; flow:established,from_client; content:"GET"; http_method; content:"/vlb3lazm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"solarviolet.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698242/; classtype:trojan-activity;sid:84561342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698241)"; flow:established,from_client; content:"GET"; http_method; content:"/mvsl3vrjw1.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"swiftfluss.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698241/; classtype:trojan-activity;sid:84561341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.109.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698240/; classtype:trojan-activity;sid:84561340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698239)"; flow:established,from_client; content:"GET"; http_method; content:"/vuh.google|3f|t=7oamh19r"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pixelorbit.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698239/; classtype:trojan-activity;sid:84561339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698238)"; flow:established,from_client; content:"GET"; http_method; content:"/uhdmsv98gv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l2f7.starmarkt.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698238/; classtype:trojan-activity;sid:84561338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698237)"; flow:established,from_client; content:"GET"; http_method; content:"/unh3q64kdo.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"swiftfluss.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698237/; classtype:trojan-activity;sid:84561337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698236)"; flow:established,from_client; content:"GET"; http_method; content:"/d4z0erh0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pixelorbit.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698236/; classtype:trojan-activity;sid:84561336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.246.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698235/; classtype:trojan-activity;sid:84561335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.117.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698234/; classtype:trojan-activity;sid:84561334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.250.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698233/; classtype:trojan-activity;sid:84561333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.43.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698232/; classtype:trojan-activity;sid:84561332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.156.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698230/; classtype:trojan-activity;sid:84561330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.46.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698231/; classtype:trojan-activity;sid:84561331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.212.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698229/; classtype:trojan-activity;sid:84561329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698228/; classtype:trojan-activity;sid:84561328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.104.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698227/; classtype:trojan-activity;sid:84561327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.241.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698225/; classtype:trojan-activity;sid:84561325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.19.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698226/; classtype:trojan-activity;sid:84561326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698224)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8455735771/upt37rc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698224/; classtype:trojan-activity;sid:84561324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698223)"; flow:established,from_client; content:"GET"; http_method; content:"/uzjcgpa65s.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"meteorsegel.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698223/; classtype:trojan-activity;sid:84561323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698222)"; flow:established,from_client; content:"GET"; http_method; content:"/r4hxgqnm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"alphacinder.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698222/; classtype:trojan-activity;sid:84561322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.56.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698221/; classtype:trojan-activity;sid:84561321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698220)"; flow:established,from_client; content:"GET"; http_method; content:"/rk5emxovx6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l2f7.starmarkt.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698220/; classtype:trojan-activity;sid:84561320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698219)"; flow:established,from_client; content:"GET"; http_method; content:"/j8w.check|3f|t=dykb8cd2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"alphacinder.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698219/; classtype:trojan-activity;sid:84561319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.169.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698218/; classtype:trojan-activity;sid:84561318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.58.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698217/; classtype:trojan-activity;sid:84561317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.43.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698216/; classtype:trojan-activity;sid:84561316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.123.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698214/; classtype:trojan-activity;sid:84561314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.116.176.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698215/; classtype:trojan-activity;sid:84561315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.11.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698213/; classtype:trojan-activity;sid:84561313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.109.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698211/; classtype:trojan-activity;sid:84561311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.69.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698212/; classtype:trojan-activity;sid:84561312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.156.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698210/; classtype:trojan-activity;sid:84561310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698209/; classtype:trojan-activity;sid:84561309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.117.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698208/; classtype:trojan-activity;sid:84561308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698207)"; flow:established,from_client; content:"GET"; http_method; content:"/lsmlh71t4c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p9c.starmarkt.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698207/; classtype:trojan-activity;sid:84561307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698206)"; flow:established,from_client; content:"GET"; http_method; content:"/cw.check|3f|t=nau2ewwu"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ix.n0vaharbor.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698206/; classtype:trojan-activity;sid:84561306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.56.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698205/; classtype:trojan-activity;sid:84561305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.116.176.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698204/; classtype:trojan-activity;sid:84561304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698203)"; flow:established,from_client; content:"GET"; http_method; content:"/8z0.check|3f|t=slj10ihz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5d.n0vaharbor.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698203/; classtype:trojan-activity;sid:84561303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698202)"; flow:established,from_client; content:"GET"; http_method; content:"/g5z45dxy9w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a6v1.brassufer.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698202/; classtype:trojan-activity;sid:84561302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.11.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698201/; classtype:trojan-activity;sid:84561301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698200)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"smilesmash.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698200/; classtype:trojan-activity;sid:84561300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698199)"; flow:established,from_client; content:"GET"; http_method; content:"/2x.google|3f|t=7s2iin8x"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5kch.n0vaharbor.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698199/; classtype:trojan-activity;sid:84561299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698198)"; flow:established,from_client; content:"GET"; http_method; content:"/u4kxftrjsq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a6v1.brassufer.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698198/; classtype:trojan-activity;sid:84561298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.49.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698197/; classtype:trojan-activity;sid:84561297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698196)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.171.160.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698196/; classtype:trojan-activity;sid:84561296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.104.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698195/; classtype:trojan-activity;sid:84561295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.134.254.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698194/; classtype:trojan-activity;sid:84561294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.104.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698193/; classtype:trojan-activity;sid:84561293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.145.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698191/; classtype:trojan-activity;sid:84561291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.198.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698192/; classtype:trojan-activity;sid:84561292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.192.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698190/; classtype:trojan-activity;sid:84561290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.229.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698188/; classtype:trojan-activity;sid:84561288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.45.232.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698189/; classtype:trojan-activity;sid:84561289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.215.166.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698185/; classtype:trojan-activity;sid:84561285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698186/; classtype:trojan-activity;sid:84561286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.4.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698187/; classtype:trojan-activity;sid:84561287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.145.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698184/; classtype:trojan-activity;sid:84561284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698183)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698183/; classtype:trojan-activity;sid:84561283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698181)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698181/; classtype:trojan-activity;sid:84561281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698182)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698182/; classtype:trojan-activity;sid:84561282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.182.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698180/; classtype:trojan-activity;sid:84561280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698178)"; flow:established,from_client; content:"GET"; http_method; content:"/duck/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698178/; classtype:trojan-activity;sid:84561278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698179/; classtype:trojan-activity;sid:84561279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698177)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698177/; classtype:trojan-activity;sid:84561277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698175)"; flow:established,from_client; content:"GET"; http_method; content:"/duck/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698175/; classtype:trojan-activity;sid:84561275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698176)"; flow:established,from_client; content:"GET"; http_method; content:"/duck/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698176/; classtype:trojan-activity;sid:84561276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.165.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698174/; classtype:trojan-activity;sid:84561274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698173)"; flow:established,from_client; content:"GET"; http_method; content:"/jw.google|3f|t=r0goww5w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"d7x.ember-grove.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698173/; classtype:trojan-activity;sid:84561273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.238.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698172/; classtype:trojan-activity;sid:84561272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.187.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698171/; classtype:trojan-activity;sid:84561271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698170/; classtype:trojan-activity;sid:84561270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698169)"; flow:established,from_client; content:"GET"; http_method; content:"/uex3qczcih.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"flintwiese.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698169/; classtype:trojan-activity;sid:84561269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698168)"; flow:established,from_client; content:"GET"; http_method; content:"/q49jv7fl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"quartzraven.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698168/; classtype:trojan-activity;sid:84561268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698167)"; flow:established,from_client; content:"GET"; http_method; content:"/fq2xkkxe4d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h8s2.brassufer.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698167/; classtype:trojan-activity;sid:84561267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698166)"; flow:established,from_client; content:"GET"; http_method; content:"/4y.check|3f|t=bdvdwga9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"quartzraven.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698166/; classtype:trojan-activity;sid:84561266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698165)"; flow:established,from_client; content:"GET"; http_method; content:"/w1pp/r503749j637r01.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"ethical-points-competitive-fluid.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698165/; classtype:trojan-activity;sid:84561265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698164)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb3wsf/7/8/9/uju.wsf"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ethical-points-competitive-fluid.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698164/; classtype:trojan-activity;sid:84561264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698161)"; flow:established,from_client; content:"GET"; http_method; content:"/wya/r537js829031.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ethical-points-competitive-fluid.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698161/; classtype:trojan-activity;sid:84561261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698162)"; flow:established,from_client; content:"GET"; http_method; content:"/rup/re-5704937421.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ethical-points-competitive-fluid.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698162/; classtype:trojan-activity;sid:84561262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698163)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/1/2/3/tyma.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ethical-points-competitive-fluid.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698163/; classtype:trojan-activity;sid:84561263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698160)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/tyma.wsf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ethical-points-competitive-fluid.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698160/; classtype:trojan-activity;sid:84561260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698159)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb2wsf/4/5/6/kola.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ethical-points-competitive-fluid.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698159/; classtype:trojan-activity;sid:84561259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.174.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698158/; classtype:trojan-activity;sid:84561258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.209.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698157/; classtype:trojan-activity;sid:84561257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698156)"; flow:established,from_client; content:"GET"; http_method; content:"/5xwuuqb12q.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h8s2.brassufer.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698156/; classtype:trojan-activity;sid:84561256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698155)"; flow:established,from_client; content:"GET"; http_method; content:"/xa5.google|3f|t=zsws1rxi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pixe1tu1ip.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698155/; classtype:trojan-activity;sid:84561255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.165.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698154/; classtype:trojan-activity;sid:84561254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.233.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698152/; classtype:trojan-activity;sid:84561252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.136.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698153/; classtype:trojan-activity;sid:84561253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698151)"; flow:established,from_client; content:"GET"; http_method; content:"/mxwj9bfvus.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"thunderforst.online"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698151/; classtype:trojan-activity;sid:84561251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698150)"; flow:established,from_client; content:"GET"; http_method; content:"/l0yjzezk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"frost-indigo.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698150/; classtype:trojan-activity;sid:84561250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.207.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698149/; classtype:trojan-activity;sid:84561249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.232.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698148/; classtype:trojan-activity;sid:84561248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698146)"; flow:established,from_client; content:"GET"; http_method; content:"/lq.check|3f|t=wt5go7sn"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"frost-indigo.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698146/; classtype:trojan-activity;sid:84561246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698147)"; flow:established,from_client; content:"GET"; http_method; content:"/mkf0y9xuoy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z5m.brassufer.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698147/; classtype:trojan-activity;sid:84561247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698145/; classtype:trojan-activity;sid:84561245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.233.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698144/; classtype:trojan-activity;sid:84561244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.76.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698143/; classtype:trojan-activity;sid:84561243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698141)"; flow:established,from_client; content:"GET"; http_method; content:"/fva.check|3f|t=jrbezutw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5a.frost-indigo.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698141/; classtype:trojan-activity;sid:84561241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698142)"; flow:established,from_client; content:"GET"; http_method; content:"/eyxwzfphfq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1q4.brassufer.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698142/; classtype:trojan-activity;sid:84561242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.174.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698140/; classtype:trojan-activity;sid:84561240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698139)"; flow:established,from_client; content:"GET"; http_method; content:"/4n9kqox6x4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1q4.brassufer.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698139/; classtype:trojan-activity;sid:84561239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698138)"; flow:established,from_client; content:"GET"; http_method; content:"/kh.google|3f|t=1kskc828"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"frostindigo.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698138/; classtype:trojan-activity;sid:84561238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698137/; classtype:trojan-activity;sid:84561237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.94.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698136/; classtype:trojan-activity;sid:84561236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698135)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/photo.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698135/; classtype:trojan-activity;sid:84561235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698133)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698133/; classtype:trojan-activity;sid:84561233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698134)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698134/; classtype:trojan-activity;sid:84561234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698130)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/photo.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698130/; classtype:trojan-activity;sid:84561230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698131)"; flow:established,from_client; content:"GET"; http_method; content:"/807"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"49.232.102.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698131/; classtype:trojan-activity;sid:84561231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698132)"; flow:established,from_client; content:"GET"; http_method; content:"/8065"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"49.232.102.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698132/; classtype:trojan-activity;sid:84561232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698128)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698128/; classtype:trojan-activity;sid:84561228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698129)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/av.scr"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698129/; classtype:trojan-activity;sid:84561229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698127)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/video.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698127/; classtype:trojan-activity;sid:84561227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698126)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"54.185.104.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698126/; classtype:trojan-activity;sid:84561226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698124)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698124/; classtype:trojan-activity;sid:84561224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698125)"; flow:established,from_client; content:"GET"; http_method; content:"/setup_x64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"happymoddl.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698125/; classtype:trojan-activity;sid:84561225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698120)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/av.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698120/; classtype:trojan-activity;sid:84561220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698121)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/video.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698121/; classtype:trojan-activity;sid:84561221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698122)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698122/; classtype:trojan-activity;sid:84561222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698123)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698123/; classtype:trojan-activity;sid:84561223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.94.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698119/; classtype:trojan-activity;sid:84561219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.207.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698118/; classtype:trojan-activity;sid:84561218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.50.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698117/; classtype:trojan-activity;sid:84561217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.44.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698116/; classtype:trojan-activity;sid:84561216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.168.41.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698115/; classtype:trojan-activity;sid:84561215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.246.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698114/; classtype:trojan-activity;sid:84561214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.52.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698113/; classtype:trojan-activity;sid:84561213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.52.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698112/; classtype:trojan-activity;sid:84561212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.57.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698111/; classtype:trojan-activity;sid:84561211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.233.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698110/; classtype:trojan-activity;sid:84561210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.108.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698109/; classtype:trojan-activity;sid:84561209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.33.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698108/; classtype:trojan-activity;sid:84561208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.52.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698107/; classtype:trojan-activity;sid:84561207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698105)"; flow:established,from_client; content:"GET"; http_method; content:"/7zb.google|3f|t=9m57w3jb"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ve1vet0rchid.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698105/; classtype:trojan-activity;sid:84561205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698106)"; flow:established,from_client; content:"GET"; http_method; content:"/cwcuvpmjkt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e3k9.brassufer.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698106/; classtype:trojan-activity;sid:84561206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.244.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698103/; classtype:trojan-activity;sid:84561203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.212.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698104/; classtype:trojan-activity;sid:84561204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698102)"; flow:established,from_client; content:"GET"; http_method; content:"/v2.google|3f|t=us99f51r"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"et.ve1vet0rchid.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698102/; classtype:trojan-activity;sid:84561202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698101)"; flow:established,from_client; content:"GET"; http_method; content:"/bb8ebtqh1s.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w7d.brassufer.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698101/; classtype:trojan-activity;sid:84561201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.134.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698100/; classtype:trojan-activity;sid:84561200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.103.84.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698099/; classtype:trojan-activity;sid:84561199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698098)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/utls1ti.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698098/; classtype:trojan-activity;sid:84561198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698097)"; flow:established,from_client; content:"GET"; http_method; content:"/x9ow98gpvq.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"copperwerft.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698097/; classtype:trojan-activity;sid:84561197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698096)"; flow:established,from_client; content:"GET"; http_method; content:"/6crhb1mu1p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w7d.brassufer.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698096/; classtype:trojan-activity;sid:84561196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698095)"; flow:established,from_client; content:"GET"; http_method; content:"/gj87txty"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bw9.ve1vet0rchid.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698095/; classtype:trojan-activity;sid:84561195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698094)"; flow:established,from_client; content:"GET"; http_method; content:"/xp.google|3f|t=5lsd2kzz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bw9.ve1vet0rchid.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698094/; classtype:trojan-activity;sid:84561194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.163.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698093/; classtype:trojan-activity;sid:84561193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.188.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698092/; classtype:trojan-activity;sid:84561192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.41.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698091/; classtype:trojan-activity;sid:84561191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698090)"; flow:established,from_client; content:"GET"; http_method; content:"/ec9q27pkpu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c1t7.ironbucht.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698090/; classtype:trojan-activity;sid:84561190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698089)"; flow:established,from_client; content:"GET"; http_method; content:"/xvt.check|3f|t=vqr0inph"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"maplexenon.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698089/; classtype:trojan-activity;sid:84561189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.82.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698087/; classtype:trojan-activity;sid:84561187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.61.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698088/; classtype:trojan-activity;sid:84561188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.84.134.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698086/; classtype:trojan-activity;sid:84561186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.136.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698085/; classtype:trojan-activity;sid:84561185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.103.84.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698084/; classtype:trojan-activity;sid:84561184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.134.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698083/; classtype:trojan-activity;sid:84561183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698082)"; flow:established,from_client; content:"GET"; http_method; content:"/e9jom3dw9n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x9l2.ironbucht.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698082/; classtype:trojan-activity;sid:84561182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698081)"; flow:established,from_client; content:"GET"; http_method; content:"/nq.google|3f|t=nrlzem40"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g74n.maplexenon.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698081/; classtype:trojan-activity;sid:84561181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.141.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698080/; classtype:trojan-activity;sid:84561180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698079)"; flow:established,from_client; content:"GET"; http_method; content:"/doc.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.219.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698079/; classtype:trojan-activity;sid:84561179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698078)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698078/; classtype:trojan-activity;sid:84561178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698077)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698077/; classtype:trojan-activity;sid:84561177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698075)"; flow:established,from_client; content:"GET"; http_method; content:"/meu/new_ibo_app.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ptiptv.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698075/; classtype:trojan-activity;sid:84561175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698076)"; flow:established,from_client; content:"GET"; http_method; content:"/fishscanner.apk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fishspike.pro"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698076/; classtype:trojan-activity;sid:84561176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698073)"; flow:established,from_client; content:"GET"; http_method; content:"/seuapp/ibo-09-temas-rev.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"brplay.store"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698073/; classtype:trojan-activity;sid:84561173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698074)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/agent188.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"agent188core.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698074/; classtype:trojan-activity;sid:84561174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698072)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/agent188.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"agent188strong.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698072/; classtype:trojan-activity;sid:84561172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698067)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698067/; classtype:trojan-activity;sid:84561167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698068)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/agent188.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"agent188super.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698068/; classtype:trojan-activity;sid:84561168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698069)"; flow:established,from_client; content:"GET"; http_method; content:"/ativos/app.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"eurogoles.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698069/; classtype:trojan-activity;sid:84561169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698070)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698070/; classtype:trojan-activity;sid:84561170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698071)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/united/united.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hdteam.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698071/; classtype:trojan-activity;sid:84561171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698066)"; flow:established,from_client; content:"GET"; http_method; content:"/images/turna%20battle.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"turnabattle.fun"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698066/; classtype:trojan-activity;sid:84561166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698064)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/video.scr"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698064/; classtype:trojan-activity;sid:84561164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698065)"; flow:established,from_client; content:"GET"; http_method; content:"/cinemafree.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"domenuss.store"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698065/; classtype:trojan-activity;sid:84561165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698061)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/boboslot_1.0.0.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"boboslotl.cfd"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698061/; classtype:trojan-activity;sid:84561161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698062)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698062/; classtype:trojan-activity;sid:84561162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.162.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698063/; classtype:trojan-activity;sid:84561163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698060)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/angkanet.apk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"angka5.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698060/; classtype:trojan-activity;sid:84561160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698059)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698059/; classtype:trojan-activity;sid:84561159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698056)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698056/; classtype:trojan-activity;sid:84561156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698057)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698057/; classtype:trojan-activity;sid:84561157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698058)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698058/; classtype:trojan-activity;sid:84561158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698053)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/video.scr"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698053/; classtype:trojan-activity;sid:84561153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698054)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/av.scr"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698054/; classtype:trojan-activity;sid:84561154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698055)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/video.scr"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698055/; classtype:trojan-activity;sid:84561155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698049)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/av.scr"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698049/; classtype:trojan-activity;sid:84561149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698050)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/video.scr"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698050/; classtype:trojan-activity;sid:84561150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698051)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/av.scr"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698051/; classtype:trojan-activity;sid:84561151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698052)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/av.scr"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698052/; classtype:trojan-activity;sid:84561152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.35.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698048/; classtype:trojan-activity;sid:84561148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.61.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698047/; classtype:trojan-activity;sid:84561147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698046)"; flow:established,from_client; content:"GET"; http_method; content:"/ip12u6i7d0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x9l2.ironbucht.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698046/; classtype:trojan-activity;sid:84561146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698045)"; flow:established,from_client; content:"GET"; http_method; content:"/t77.check|3f|t=148h96kj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kmg.maplexenon.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698045/; classtype:trojan-activity;sid:84561145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.82.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698044/; classtype:trojan-activity;sid:84561144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698043)"; flow:established,from_client; content:"GET"; http_method; content:"/tf.google|3f|t=71w8dx4g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1hx8.maplexenon.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698043/; classtype:trojan-activity;sid:84561143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698042)"; flow:established,from_client; content:"GET"; http_method; content:"/0xjpyl5ktr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f5q.ironbucht.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698042/; classtype:trojan-activity;sid:84561142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.154.80.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698041/; classtype:trojan-activity;sid:84561141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698040)"; flow:established,from_client; content:"GET"; http_method; content:"/jm.check|3f|t=hhyyb7mz"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sz.maplexenon.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698040/; classtype:trojan-activity;sid:84561140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698039)"; flow:established,from_client; content:"GET"; http_method; content:"/b0nj8xgyql.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f5q.ironbucht.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698039/; classtype:trojan-activity;sid:84561139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698038)"; flow:established,from_client; content:"GET"; http_method; content:"/wb.check|3f|t=nyt1mdnw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"xt83.maplexenon.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698038/; classtype:trojan-activity;sid:84561138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698037)"; flow:established,from_client; content:"GET"; http_method; content:"/mo6pg58jnk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d7w2.zephyrsteg.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698037/; classtype:trojan-activity;sid:84561137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698036)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698036/; classtype:trojan-activity;sid:84561136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.154.80.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698035/; classtype:trojan-activity;sid:84561135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698034)"; flow:established,from_client; content:"GET"; http_method; content:"/06ag7gycui.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d7w2.zephyrsteg.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698034/; classtype:trojan-activity;sid:84561134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698033)"; flow:established,from_client; content:"GET"; http_method; content:"/yeacfxl3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5m.maplexenon.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698033/; classtype:trojan-activity;sid:84561133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698032)"; flow:established,from_client; content:"GET"; http_method; content:"/llsymdvdc9.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"j4va.frosthain.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698032/; classtype:trojan-activity;sid:84561132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698031)"; flow:established,from_client; content:"GET"; http_method; content:"/um.google|3f|t=rrf377v4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5m.maplexenon.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698031/; classtype:trojan-activity;sid:84561131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.0.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698030/; classtype:trojan-activity;sid:84561130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698029)"; flow:established,from_client; content:"GET"; http_method; content:"/bckomavjxl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s0r.zephyrsteg.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698029/; classtype:trojan-activity;sid:84561129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698028)"; flow:established,from_client; content:"GET"; http_method; content:"/um.google|3f|t=9dmg8i96"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5m.maplexenon.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698028/; classtype:trojan-activity;sid:84561128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698027)"; flow:established,from_client; content:"GET"; http_method; content:"/7z8v5tqy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5m.maplexenon.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698027/; classtype:trojan-activity;sid:84561127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.81.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698026/; classtype:trojan-activity;sid:84561126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698025)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.182.160.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698025/; classtype:trojan-activity;sid:84561125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.254.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698024/; classtype:trojan-activity;sid:84561124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.101.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698023/; classtype:trojan-activity;sid:84561123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.149.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698022/; classtype:trojan-activity;sid:84561122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698021)"; flow:established,from_client; content:"GET"; http_method; content:"/s6.check|3f|t=npuxlp7k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"8w.amberr0cket.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698021/; classtype:trojan-activity;sid:84561121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698020)"; flow:established,from_client; content:"GET"; http_method; content:"/citzn0zvyz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m3t9.zephyrsteg.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698020/; classtype:trojan-activity;sid:84561120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698019)"; flow:established,from_client; content:"GET"; http_method; content:"/es4jeiaq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m1r3.amberr0cket.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698019/; classtype:trojan-activity;sid:84561119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698017)"; flow:established,from_client; content:"GET"; http_method; content:"/xut.check|3f|t=regkctkm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m1r3.amberr0cket.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698017/; classtype:trojan-activity;sid:84561117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698018)"; flow:established,from_client; content:"GET"; http_method; content:"/qcruln928k.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"xse3.frosthain.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698018/; classtype:trojan-activity;sid:84561118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698016)"; flow:established,from_client; content:"GET"; http_method; content:"/6isc77492s.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kp6.zephyrsteg.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698016/; classtype:trojan-activity;sid:84561116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698015)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.check|3f|t=el7dr95m"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2d63.amberr0cket.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698015/; classtype:trojan-activity;sid:84561115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.195.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698014/; classtype:trojan-activity;sid:84561114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.81.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698013/; classtype:trojan-activity;sid:84561113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.43.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698012/; classtype:trojan-activity;sid:84561112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698011)"; flow:established,from_client; content:"GET"; http_method; content:"/dxzxy8v3gj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kp6.zephyrsteg.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698011/; classtype:trojan-activity;sid:84561111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698010)"; flow:established,from_client; content:"GET"; http_method; content:"/11.google|3f|t=4kni5ggw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oa.amberr0cket.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698010/; classtype:trojan-activity;sid:84561110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698009)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xx8.alphacinder.digital"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698009/; classtype:trojan-activity;sid:84561109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.120.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698008/; classtype:trojan-activity;sid:84561108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.232.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698007/; classtype:trojan-activity;sid:84561107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.102.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698006/; classtype:trojan-activity;sid:84561106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.196.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698005/; classtype:trojan-activity;sid:84561105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.163.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698004/; classtype:trojan-activity;sid:84561104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.0.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698003/; classtype:trojan-activity;sid:84561103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698002)"; flow:established,from_client; content:"GET"; http_method; content:"/5kr82br9ux.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v4n1.zephyrsteg.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698002/; classtype:trojan-activity;sid:84561102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698001)"; flow:established,from_client; content:"GET"; http_method; content:"/7nq.check|3f|t=yj99qpax"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"f8s.amberr0cket.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698001/; classtype:trojan-activity;sid:84561101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698000)"; flow:established,from_client; content:"GET"; http_method; content:"/62lf02rwk9.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"m7rd.frosthain.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698000/; classtype:trojan-activity;sid:84561100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697999)"; flow:established,from_client; content:"GET"; http_method; content:"/lw0s5h3y"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f8s.amberr0cket.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697999/; classtype:trojan-activity;sid:84561099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.93.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697998/; classtype:trojan-activity;sid:84561098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.123.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697997/; classtype:trojan-activity;sid:84561097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697996)"; flow:established,from_client; content:"GET"; http_method; content:"/zflk1muw1f.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y8c.zephyrsteg.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697996/; classtype:trojan-activity;sid:84561096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697995)"; flow:established,from_client; content:"GET"; http_method; content:"/3b.google|3f|t=pwrzr6f6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"u3k.amberr0cket.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697995/; classtype:trojan-activity;sid:84561095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.107.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697994/; classtype:trojan-activity;sid:84561094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.195.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697993/; classtype:trojan-activity;sid:84561093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697992)"; flow:established,from_client; content:"GET"; http_method; content:"/s665d6ziul.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"a9x.frosthain.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697992/; classtype:trojan-activity;sid:84561092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697991)"; flow:established,from_client; content:"GET"; http_method; content:"/q2bi0emx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"u3k.amberr0cket.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697991/; classtype:trojan-activity;sid:84561091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.187.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697990/; classtype:trojan-activity;sid:84561090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.102.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697989/; classtype:trojan-activity;sid:84561089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697987)"; flow:established,from_client; content:"GET"; http_method; content:"/zq.google|3f|t=mszzbx9l"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zm4.amberr0cket.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697987/; classtype:trojan-activity;sid:84561087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697988)"; flow:established,from_client; content:"GET"; http_method; content:"/y6r5y1afio.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h0f8.solarfracht.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697988/; classtype:trojan-activity;sid:84561088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.196.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697986/; classtype:trojan-activity;sid:84561086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.232.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697984/; classtype:trojan-activity;sid:84561084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.116.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697985/; classtype:trojan-activity;sid:84561085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.107.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697983/; classtype:trojan-activity;sid:84561083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.123.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697982/; classtype:trojan-activity;sid:84561082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697980)"; flow:established,from_client; content:"GET"; http_method; content:"/dvzbccietd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2l.solarfracht.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697980/; classtype:trojan-activity;sid:84561080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697981)"; flow:established,from_client; content:"GET"; http_method; content:"/9ti.check|3f|t=mftl1raw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yzc.amberr0cket.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697981/; classtype:trojan-activity;sid:84561081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.17.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697979/; classtype:trojan-activity;sid:84561079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.224.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697977/; classtype:trojan-activity;sid:84561077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697978/; classtype:trojan-activity;sid:84561078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697975)"; flow:established,from_client; content:"GET"; http_method; content:"/0o.google|3f|t=nttnubbb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"2n.dr1ftpanda.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697975/; classtype:trojan-activity;sid:84561075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697976)"; flow:established,from_client; content:"GET"; http_method; content:"/3wt6ak75jh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b1x3.solarfracht.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697976/; classtype:trojan-activity;sid:84561076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.174.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697974/; classtype:trojan-activity;sid:84561074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697972)"; flow:established,from_client; content:"GET"; http_method; content:"/5fy.check|3f|t=vp18lxl6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"u3zc.dr1ftpanda.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697972/; classtype:trojan-activity;sid:84561072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697973)"; flow:established,from_client; content:"GET"; http_method; content:"/ox6zcomtyx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk7.solarfracht.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697973/; classtype:trojan-activity;sid:84561073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.214.144.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697971/; classtype:trojan-activity;sid:84561071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697970)"; flow:established,from_client; content:"GET"; http_method; content:"/f128pz6jbw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk7.solarfracht.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697970/; classtype:trojan-activity;sid:84561070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697969)"; flow:established,from_client; content:"GET"; http_method; content:"/h6.google|3f|t=6h6mzijz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"we.dr1ftpanda.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697969/; classtype:trojan-activity;sid:84561069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.187.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697968/; classtype:trojan-activity;sid:84561068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.192.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697967/; classtype:trojan-activity;sid:84561067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697966)"; flow:established,from_client; content:"GET"; http_method; content:"/e80qblgulc.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"y6kb.l3rc-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697966/; classtype:trojan-activity;sid:84561066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697965)"; flow:established,from_client; content:"GET"; http_method; content:"/35mtw433"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"we.dr1ftpanda.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697965/; classtype:trojan-activity;sid:84561065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.62.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697964/; classtype:trojan-activity;sid:84561064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697962)"; flow:established,from_client; content:"GET"; http_method; content:"/sc6.google|3f|t=24qz839z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hbo8.dr1ftpanda.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697962/; classtype:trojan-activity;sid:84561062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697963)"; flow:established,from_client; content:"GET"; http_method; content:"/sxo5cjxuro.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t9m2.solarfracht.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697963/; classtype:trojan-activity;sid:84561063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697961)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5638395652/jfp2zjq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697961/; classtype:trojan-activity;sid:84561061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.46.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697957/; classtype:trojan-activity;sid:84561057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.122.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697958/; classtype:trojan-activity;sid:84561058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.123.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697959/; classtype:trojan-activity;sid:84561059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.76.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697960/; classtype:trojan-activity;sid:84561060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.230.141.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697952/; classtype:trojan-activity;sid:84561052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.224.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697953/; classtype:trojan-activity;sid:84561053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.1.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697954/; classtype:trojan-activity;sid:84561054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697955/; classtype:trojan-activity;sid:84561055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.171.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697956/; classtype:trojan-activity;sid:84561056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.42.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697951/; classtype:trojan-activity;sid:84561051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.253.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697950/; classtype:trojan-activity;sid:84561050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.66.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697949/; classtype:trojan-activity;sid:84561049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.100.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697948/; classtype:trojan-activity;sid:84561048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.44.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697947/; classtype:trojan-activity;sid:84561047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697946)"; flow:established,from_client; content:"GET"; http_method; content:"/tk61jrv31g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4v.solarfracht.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697946/; classtype:trojan-activity;sid:84561046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697945)"; flow:established,from_client; content:"GET"; http_method; content:"/w5u.google|3f|t=dit6qxfs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"vo5.dr1ftpanda.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697945/; classtype:trojan-activity;sid:84561045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697944)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697944/; classtype:trojan-activity;sid:84561044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697941)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697941/; classtype:trojan-activity;sid:84561041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697942)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697942/; classtype:trojan-activity;sid:84561042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697943)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697943/; classtype:trojan-activity;sid:84561043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697940)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697940/; classtype:trojan-activity;sid:84561040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697939/; classtype:trojan-activity;sid:84561039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697938)"; flow:established,from_client; content:"GET"; http_method; content:"/8jxy11r5gg.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"p3wz1.l3rc-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697938/; classtype:trojan-activity;sid:84561038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697937)"; flow:established,from_client; content:"GET"; http_method; content:"/rm59mst3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sj.dr1ftpanda.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697937/; classtype:trojan-activity;sid:84561037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.47.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697936/; classtype:trojan-activity;sid:84561036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.192.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697935/; classtype:trojan-activity;sid:84561035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.235.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697934/; classtype:trojan-activity;sid:84561034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697933)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697933/; classtype:trojan-activity;sid:84561033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697932)"; flow:established,from_client; content:"GET"; http_method; content:"/t6zimgt461.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"7.kzg-w-4-y.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697932/; classtype:trojan-activity;sid:84561032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.5.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697931/; classtype:trojan-activity;sid:84561031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697930)"; flow:established,from_client; content:"GET"; http_method; content:"/ura.check|3f|t=sbqm5pj2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sj.dr1ftpanda.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697930/; classtype:trojan-activity;sid:84561030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.66.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697929/; classtype:trojan-activity;sid:84561029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.51.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697928/; classtype:trojan-activity;sid:84561028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697927)"; flow:established,from_client; content:"GET"; http_method; content:"/oct27mainrq.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"scientists-protection-tiny-musician.trycloudflare.com"; http_host; depth:53; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697927/; classtype:trojan-activity;sid:84561027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697926)"; flow:established,from_client; content:"GET"; http_method; content:"/sep01x86_ayoo.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"scientists-protection-tiny-musician.trycloudflare.com"; http_host; depth:53; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697926/; classtype:trojan-activity;sid:84561026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697925)"; flow:established,from_client; content:"GET"; http_method; content:"/oct27starqq.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"scientists-protection-tiny-musician.trycloudflare.com"; http_host; depth:53; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697925/; classtype:trojan-activity;sid:84561025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697924)"; flow:established,from_client; content:"GET"; http_method; content:"/oct27sfsa.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"scientists-protection-tiny-musician.trycloudflare.com"; http_host; depth:53; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697924/; classtype:trojan-activity;sid:84561024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697923)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"alpina.alphacinder.digital"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697923/; classtype:trojan-activity;sid:84561023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.253.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697922/; classtype:trojan-activity;sid:84561022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697921)"; flow:established,from_client; content:"GET"; http_method; content:"/zue6w6a18g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c2.kzg-w-4-y.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697921/; classtype:trojan-activity;sid:84561021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697920)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=m2osw2qr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"g5.tundrasable.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697920/; classtype:trojan-activity;sid:84561020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697919)"; flow:established,from_client; content:"GET"; http_method; content:"/jp79bmrd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"g5.tundrasable.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697919/; classtype:trojan-activity;sid:84561019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.42.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697918/; classtype:trojan-activity;sid:84561018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697917)"; flow:established,from_client; content:"GET"; http_method; content:"/7t3rarzip8.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"a9hm.l3rc-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697917/; classtype:trojan-activity;sid:84561017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697916)"; flow:established,from_client; content:"GET"; http_method; content:"/177/fjhjhsdfixcvsihfisidfwfbnnfsdhfjhicxcxhvifhsidfihdfihsdifisfisidfisficx.hta"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"23.95.243.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697916/; classtype:trojan-activity;sid:84561016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697915)"; flow:established,from_client; content:"GET"; http_method; content:"/xa0.check|3f|t=q3tu98oq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e5.tundrasable.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697915/; classtype:trojan-activity;sid:84561015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697914)"; flow:established,from_client; content:"GET"; http_method; content:"/s3bavcir0a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c2.kzg-w-4-y.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697914/; classtype:trojan-activity;sid:84561014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.65.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697913/; classtype:trojan-activity;sid:84561013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697912)"; flow:established,from_client; content:"GET"; http_method; content:"/pjj0hd1eiz.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"v4q7p.l3rc-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697912/; classtype:trojan-activity;sid:84561012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697911)"; flow:established,from_client; content:"GET"; http_method; content:"/cetimurt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e5.tundrasable.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697911/; classtype:trojan-activity;sid:84561011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697910)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697910/; classtype:trojan-activity;sid:84561010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697909)"; flow:established,from_client; content:"GET"; http_method; content:"/i24.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697909/; classtype:trojan-activity;sid:84561009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697908)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697908/; classtype:trojan-activity;sid:84561008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697907)"; flow:established,from_client; content:"GET"; http_method; content:"/eznoted2b1405e.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697907/; classtype:trojan-activity;sid:84561007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697906)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697906/; classtype:trojan-activity;sid:84561006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697904)"; flow:established,from_client; content:"GET"; http_method; content:"/0.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.205.191.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697904/; classtype:trojan-activity;sid:84561004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697905)"; flow:established,from_client; content:"GET"; http_method; content:"/xwormclient.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"integraciya.keenetic.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697905/; classtype:trojan-activity;sid:84561005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697903)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.77.20.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697903/; classtype:trojan-activity;sid:84561003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697898)"; flow:established,from_client; content:"GET"; http_method; content:"/qax.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"43.139.226.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697898/; classtype:trojan-activity;sid:84560998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697899)"; flow:established,from_client; content:"GET"; http_method; content:"/rabert.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.180.49.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697899/; classtype:trojan-activity;sid:84560999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697900)"; flow:established,from_client; content:"GET"; http_method; content:"/2.msi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"194.165.17.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697900/; classtype:trojan-activity;sid:84561000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697901)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.py"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697901/; classtype:trojan-activity;sid:84561001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697902)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.215.85.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697902/; classtype:trojan-activity;sid:84561002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697889)"; flow:established,from_client; content:"GET"; http_method; content:"/docx.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.199.157.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697889/; classtype:trojan-activity;sid:84560989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697890)"; flow:established,from_client; content:"GET"; http_method; content:"/share.zip.bak2"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.234.150.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697890/; classtype:trojan-activity;sid:84560990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697891)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/docx.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.199.157.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697891/; classtype:trojan-activity;sid:84560991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697892)"; flow:established,from_client; content:"GET"; http_method; content:"/uuu.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.165.17.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697892/; classtype:trojan-activity;sid:84560992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697893)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"integraciya.keenetic.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697893/; classtype:trojan-activity;sid:84560993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697894)"; flow:established,from_client; content:"GET"; http_method; content:"/0.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"integraciya.keenetic.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697894/; classtype:trojan-activity;sid:84560994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697895)"; flow:established,from_client; content:"GET"; http_method; content:"/1.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"integraciya.keenetic.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697895/; classtype:trojan-activity;sid:84560995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697896)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.199.157.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697896/; classtype:trojan-activity;sid:84560996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697897)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.205.191.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697897/; classtype:trojan-activity;sid:84560997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697879/; classtype:trojan-activity;sid:84560979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697880)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.205.191.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697880/; classtype:trojan-activity;sid:84560980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697881)"; flow:established,from_client; content:"GET"; http_method; content:"/window.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"139.199.157.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697881/; classtype:trojan-activity;sid:84560981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697882)"; flow:established,from_client; content:"GET"; http_method; content:"/windows.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"139.199.157.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697882/; classtype:trojan-activity;sid:84560982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697883)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode/shellcode.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"139.199.157.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697883/; classtype:trojan-activity;sid:84560983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697884)"; flow:established,from_client; content:"GET"; http_method; content:"/meitu.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"139.199.157.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697884/; classtype:trojan-activity;sid:84560984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697885)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"integraciya.keenetic.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697885/; classtype:trojan-activity;sid:84560985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697886)"; flow:established,from_client; content:"GET"; http_method; content:"/xwormclient.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.205.191.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697886/; classtype:trojan-activity;sid:84560986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697887)"; flow:established,from_client; content:"GET"; http_method; content:"/2.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"integraciya.keenetic.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697887/; classtype:trojan-activity;sid:84560987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697888)"; flow:established,from_client; content:"GET"; http_method; content:"/share.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.234.150.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697888/; classtype:trojan-activity;sid:84560988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697871)"; flow:established,from_client; content:"GET"; http_method; content:"/vip.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697871/; classtype:trojan-activity;sid:84560971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697872)"; flow:established,from_client; content:"GET"; http_method; content:"/2.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"62.234.150.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697872/; classtype:trojan-activity;sid:84560972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697873)"; flow:established,from_client; content:"GET"; http_method; content:"/1.apk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"62.234.150.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697873/; classtype:trojan-activity;sid:84560973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697874)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.py"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697874/; classtype:trojan-activity;sid:84560974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697875)"; flow:established,from_client; content:"GET"; http_method; content:"/2222.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.205.191.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697875/; classtype:trojan-activity;sid:84560975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697876)"; flow:established,from_client; content:"GET"; http_method; content:"/2.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.205.191.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697876/; classtype:trojan-activity;sid:84560976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697877)"; flow:established,from_client; content:"GET"; http_method; content:"/2222.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"integraciya.keenetic.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697877/; classtype:trojan-activity;sid:84560977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697878)"; flow:established,from_client; content:"GET"; http_method; content:"/1.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.205.191.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697878/; classtype:trojan-activity;sid:84560978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697870)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697870/; classtype:trojan-activity;sid:84560970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697868)"; flow:established,from_client; content:"GET"; http_method; content:"/test.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.234.150.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697868/; classtype:trojan-activity;sid:84560968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697869)"; flow:established,from_client; content:"GET"; http_method; content:"/mysqla.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"137.220.176.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697869/; classtype:trojan-activity;sid:84560969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697866)"; flow:established,from_client; content:"GET"; http_method; content:"/eznote.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697866/; classtype:trojan-activity;sid:84560966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697867)"; flow:established,from_client; content:"GET"; http_method; content:"/putong.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697867/; classtype:trojan-activity;sid:84560967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697865)"; flow:established,from_client; content:"GET"; http_method; content:"/simple-backdoor.php"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"51.77.20.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697865/; classtype:trojan-activity;sid:84560965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697863)"; flow:established,from_client; content:"GET"; http_method; content:"/exec.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.77.20.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697863/; classtype:trojan-activity;sid:84560963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697864)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.77.20.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697864/; classtype:trojan-activity;sid:84560964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697862)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.141.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697862/; classtype:trojan-activity;sid:84560962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697861)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.223.243.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697861/; classtype:trojan-activity;sid:84560961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697859)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.151.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697859/; classtype:trojan-activity;sid:84560959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697860)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.243.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697860/; classtype:trojan-activity;sid:84560960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697858)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.151.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697858/; classtype:trojan-activity;sid:84560958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697856)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.177.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697856/; classtype:trojan-activity;sid:84560956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697857)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.177.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697857/; classtype:trojan-activity;sid:84560957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697855)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697855/; classtype:trojan-activity;sid:84560955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697852)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697852/; classtype:trojan-activity;sid:84560952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697853)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.79.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697853/; classtype:trojan-activity;sid:84560953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697854)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.127.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697854/; classtype:trojan-activity;sid:84560954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697851)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.152.72.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697851/; classtype:trojan-activity;sid:84560951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697850)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.151.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697850/; classtype:trojan-activity;sid:84560950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697848)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.171.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697848/; classtype:trojan-activity;sid:84560948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697849)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697849/; classtype:trojan-activity;sid:84560949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697846)"; flow:established,from_client; content:"GET"; http_method; content:"/bound_app.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"37.27.17.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697846/; classtype:trojan-activity;sid:84560946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697847)"; flow:established,from_client; content:"GET"; http_method; content:"/chevapchichi.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"199.217.98.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697847/; classtype:trojan-activity;sid:84560947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697844)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.160.215.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697844/; classtype:trojan-activity;sid:84560944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697845)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"189.177.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697845/; classtype:trojan-activity;sid:84560945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.54.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697843/; classtype:trojan-activity;sid:84560943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697837)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.211.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697837/; classtype:trojan-activity;sid:84560937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697838)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.223.243.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697838/; classtype:trojan-activity;sid:84560938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697839)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.72.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697839/; classtype:trojan-activity;sid:84560939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697840)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.148.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697840/; classtype:trojan-activity;sid:84560940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697841)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697841/; classtype:trojan-activity;sid:84560941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697842)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.72.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697842/; classtype:trojan-activity;sid:84560942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697835)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.77.244.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697835/; classtype:trojan-activity;sid:84560935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697836)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.77.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697836/; classtype:trojan-activity;sid:84560936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697834)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"218.158.139.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697834/; classtype:trojan-activity;sid:84560934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697830)"; flow:established,from_client; content:"GET"; http_method; content:"/sbi.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.27.17.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697830/; classtype:trojan-activity;sid:84560930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697831)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.177.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697831/; classtype:trojan-activity;sid:84560931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697832)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697832/; classtype:trojan-activity;sid:84560932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697833)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.243.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697833/; classtype:trojan-activity;sid:84560933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697829)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.195.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697829/; classtype:trojan-activity;sid:84560929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697828)"; flow:established,from_client; content:"GET"; http_method; content:"/mysqla.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"137.220.176.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697828/; classtype:trojan-activity;sid:84560928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.249.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697823/; classtype:trojan-activity;sid:84560923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697824)"; flow:established,from_client; content:"GET"; http_method; content:"/pop/tor.wsf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hardware-added-mba-night.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697824/; classtype:trojan-activity;sid:84560924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697825)"; flow:established,from_client; content:"GET"; http_method; content:"/hero.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"199.217.98.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697825/; classtype:trojan-activity;sid:84560925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697826)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.171.160.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697826/; classtype:trojan-activity;sid:84560926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.47.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697827/; classtype:trojan-activity;sid:84560927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.141.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697821/; classtype:trojan-activity;sid:84560921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.178.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697822/; classtype:trojan-activity;sid:84560922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697818)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.160.215.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697818/; classtype:trojan-activity;sid:84560918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697819)"; flow:established,from_client; content:"GET"; http_method; content:"/svekla.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"199.217.98.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697819/; classtype:trojan-activity;sid:84560919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697820)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.151.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697820/; classtype:trojan-activity;sid:84560920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697817)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.151.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697817/; classtype:trojan-activity;sid:84560917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697812)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.171.160.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697812/; classtype:trojan-activity;sid:84560912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697813)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.160.215.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697813/; classtype:trojan-activity;sid:84560913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697814)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.google|3f|t=x6lwhu4j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1m.tundrasable.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697814/; classtype:trojan-activity;sid:84560914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697815)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.80.195.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697815/; classtype:trojan-activity;sid:84560915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697816)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697816/; classtype:trojan-activity;sid:84560916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697808)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.223.243.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697808/; classtype:trojan-activity;sid:84560908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697809)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697809/; classtype:trojan-activity;sid:84560909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697810)"; flow:established,from_client; content:"GET"; http_method; content:"/calculator.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"37.27.17.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697810/; classtype:trojan-activity;sid:84560910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697811)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.171.160.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697811/; classtype:trojan-activity;sid:84560911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697800)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.171.160.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697800/; classtype:trojan-activity;sid:84560900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697801)"; flow:established,from_client; content:"GET"; http_method; content:"/update.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.27.17.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697801/; classtype:trojan-activity;sid:84560901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697802)"; flow:established,from_client; content:"GET"; http_method; content:"/mk7z9jhkgu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"la.kzg-w-4-y.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697802/; classtype:trojan-activity;sid:84560902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697803)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697803/; classtype:trojan-activity;sid:84560903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697804)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.177.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697804/; classtype:trojan-activity;sid:84560904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697805)"; flow:established,from_client; content:"GET"; http_method; content:"/young.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.217.98.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697805/; classtype:trojan-activity;sid:84560905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697806)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697806/; classtype:trojan-activity;sid:84560906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697807)"; flow:established,from_client; content:"GET"; http_method; content:"/demodata.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"37.27.17.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697807/; classtype:trojan-activity;sid:84560907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697799)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.114.75.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697799/; classtype:trojan-activity;sid:84560899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697794)"; flow:established,from_client; content:"GET"; http_method; content:"/attackshark/g3pro/g3prosoftware.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"support.attackshark.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697794/; classtype:trojan-activity;sid:84560894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.92.50.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697793/; classtype:trojan-activity;sid:84560893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697792)"; flow:established,from_client; content:"GET"; http_method; content:"/invade/remote/metasploit/windows/crack.rar"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"115.227.166.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697792/; classtype:trojan-activity;sid:84560892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697791)"; flow:established,from_client; content:"GET"; http_method; content:"/tran.dsp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697791/; classtype:trojan-activity;sid:84560891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697790)"; flow:established,from_client; content:"GET"; http_method; content:"/d/server.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"wafflemafia.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697790/; classtype:trojan-activity;sid:84560890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697787)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/fat_10_2025_873412345.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"hardware-added-mba-night.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697787/; classtype:trojan-activity;sid:84560887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697788)"; flow:established,from_client; content:"GET"; http_method; content:"/d/server.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.208.159.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697788/; classtype:trojan-activity;sid:84560888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697789)"; flow:established,from_client; content:"GET"; http_method; content:"/aibkp63.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697789/; classtype:trojan-activity;sid:84560889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697786)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hurted/run.ps1"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697786/; classtype:trojan-activity;sid:84560886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697785)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51201.billingfox.digital"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697785/; classtype:trojan-activity;sid:84560885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697784)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=wi1xl5py"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.tundrasable.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697784/; classtype:trojan-activity;sid:84560884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697783)"; flow:established,from_client; content:"GET"; http_method; content:"/4q2gfnsumt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"la.kzg-w-4-y.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697783/; classtype:trojan-activity;sid:84560883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.141.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697782/; classtype:trojan-activity;sid:84560882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.65.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697781/; classtype:trojan-activity;sid:84560881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.248.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697780/; classtype:trojan-activity;sid:84560880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697779)"; flow:established,from_client; content:"GET"; http_method; content:"/ya.google|3f|t=pbcbifwj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sm.tundrasable.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697779/; classtype:trojan-activity;sid:84560879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697778)"; flow:established,from_client; content:"GET"; http_method; content:"/3g8fl38arf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wwe.kzg-w-4-y.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697778/; classtype:trojan-activity;sid:84560878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.193.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697777/; classtype:trojan-activity;sid:84560877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697776)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rome.alphacinder.digital"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697776/; classtype:trojan-activity;sid:84560876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697774)"; flow:established,from_client; content:"GET"; http_method; content:"/az4.google|3f|t=kozy17vj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y7.quasarorchid.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697774/; classtype:trojan-activity;sid:84560874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697775)"; flow:established,from_client; content:"GET"; http_method; content:"/9l7fcyr9fj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wwe.kzg-w-4-y.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697775/; classtype:trojan-activity;sid:84560875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697773)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697773/; classtype:trojan-activity;sid:84560873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697772)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697772/; classtype:trojan-activity;sid:84560872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697769)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697769/; classtype:trojan-activity;sid:84560869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697770)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697770/; classtype:trojan-activity;sid:84560870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697771)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697771/; classtype:trojan-activity;sid:84560871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697767)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697767/; classtype:trojan-activity;sid:84560867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697768)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697768/; classtype:trojan-activity;sid:84560868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697764)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697764/; classtype:trojan-activity;sid:84560864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697765)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697765/; classtype:trojan-activity;sid:84560865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697766)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697766/; classtype:trojan-activity;sid:84560866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697762)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697762/; classtype:trojan-activity;sid:84560862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697763)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697763/; classtype:trojan-activity;sid:84560863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697758)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697758/; classtype:trojan-activity;sid:84560858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697759)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697759/; classtype:trojan-activity;sid:84560859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697760)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697760/; classtype:trojan-activity;sid:84560860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697761)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697761/; classtype:trojan-activity;sid:84560861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697757)"; flow:established,from_client; content:"GET"; http_method; content:"/vvj3mbgkbo.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"c1k.coralglanz.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697757/; classtype:trojan-activity;sid:84560857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697756)"; flow:established,from_client; content:"GET"; http_method; content:"/rf4aykp1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y7.quasarorchid.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697756/; classtype:trojan-activity;sid:84560856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.249.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697755/; classtype:trojan-activity;sid:84560855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697754)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697754/; classtype:trojan-activity;sid:84560854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697753)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697753/; classtype:trojan-activity;sid:84560853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697748)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697748/; classtype:trojan-activity;sid:84560848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697749)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697749/; classtype:trojan-activity;sid:84560849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697750)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/arc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697750/; classtype:trojan-activity;sid:84560850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697751)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697751/; classtype:trojan-activity;sid:84560851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697752)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697752/; classtype:trojan-activity;sid:84560852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697741)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697741/; classtype:trojan-activity;sid:84560841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697742)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697742/; classtype:trojan-activity;sid:84560842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697743)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/space.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697743/; classtype:trojan-activity;sid:84560843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697744)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697744/; classtype:trojan-activity;sid:84560844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697745)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697745/; classtype:trojan-activity;sid:84560845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697746)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697746/; classtype:trojan-activity;sid:84560846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697747)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697747/; classtype:trojan-activity;sid:84560847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697740/; classtype:trojan-activity;sid:84560840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.144.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697739/; classtype:trojan-activity;sid:84560839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.197.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697738/; classtype:trojan-activity;sid:84560838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.160.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697737/; classtype:trojan-activity;sid:84560837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697736)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=x8w6rosf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"x4m.quasarorchid.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697736/; classtype:trojan-activity;sid:84560836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697735)"; flow:established,from_client; content:"GET"; http_method; content:"/jhr6hxaq3t.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t6k9.kzg-w-4-y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697735/; classtype:trojan-activity;sid:84560835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697734)"; flow:established,from_client; content:"GET"; http_method; content:"/equurjk8u2.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"y9p.coralglanz.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697734/; classtype:trojan-activity;sid:84560834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697733)"; flow:established,from_client; content:"GET"; http_method; content:"/t41iy8di"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x4m.quasarorchid.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697733/; classtype:trojan-activity;sid:84560833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.193.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697732/; classtype:trojan-activity;sid:84560832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697730)"; flow:established,from_client; content:"GET"; http_method; content:"/0d4.google|3f|t=w4poynrw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bz.quasarorchid.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697730/; classtype:trojan-activity;sid:84560830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697731)"; flow:established,from_client; content:"GET"; http_method; content:"/t6o2bwjiu6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"4p1m.kzg-w-4-y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697731/; classtype:trojan-activity;sid:84560831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.203.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697729/; classtype:trojan-activity;sid:84560829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697727)"; flow:established,from_client; content:"GET"; http_method; content:"/g0b1jjj9bl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"4p1m.kzg-w-4-y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697727/; classtype:trojan-activity;sid:84560827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.232.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697728/; classtype:trojan-activity;sid:84560828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697726)"; flow:established,from_client; content:"GET"; http_method; content:"/1kz.check|3f|t=sy6icl95"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q1.quasarorchid.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697726/; classtype:trojan-activity;sid:84560826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.15.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697725/; classtype:trojan-activity;sid:84560825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697724)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/dsal9tv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697724/; classtype:trojan-activity;sid:84560824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.188.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697723/; classtype:trojan-activity;sid:84560823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.86.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697722/; classtype:trojan-activity;sid:84560822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.87.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697721/; classtype:trojan-activity;sid:84560821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.246.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697720/; classtype:trojan-activity;sid:84560820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.171.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697719/; classtype:trojan-activity;sid:84560819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.234.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697718/; classtype:trojan-activity;sid:84560818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.196.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697717/; classtype:trojan-activity;sid:84560817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697716)"; flow:established,from_client; content:"GET"; http_method; content:"/yb93csmzps.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s8rk2.085-x-89-c.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697716/; classtype:trojan-activity;sid:84560816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697715)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=vefi4rn2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p0x.opaldrift.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697715/; classtype:trojan-activity;sid:84560815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697713)"; flow:established,from_client; content:"GET"; http_method; content:"/4cs0fd8o"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"p0x.opaldrift.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697713/; classtype:trojan-activity;sid:84560813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697714)"; flow:established,from_client; content:"GET"; http_method; content:"/o76qycvozu.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"h5.coralglanz.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697714/; classtype:trojan-activity;sid:84560814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.86.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697712/; classtype:trojan-activity;sid:84560812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697711)"; flow:established,from_client; content:"GET"; http_method; content:"/wve9n1x4t9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x0la.085-x-89-c.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697711/; classtype:trojan-activity;sid:84560811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697710)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=ar0cepjr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oz.opaldrift.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697710/; classtype:trojan-activity;sid:84560810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.160.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697709/; classtype:trojan-activity;sid:84560809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.197.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697708/; classtype:trojan-activity;sid:84560808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697707)"; flow:established,from_client; content:"GET"; http_method; content:"/gfw1vlk90s.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x0la.085-x-89-c.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697707/; classtype:trojan-activity;sid:84560807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697706)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=38ljmbqk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3.opaldrift.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697706/; classtype:trojan-activity;sid:84560806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.196.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697705/; classtype:trojan-activity;sid:84560805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.112.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697704/; classtype:trojan-activity;sid:84560804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.114.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697703/; classtype:trojan-activity;sid:84560803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.79.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697702/; classtype:trojan-activity;sid:84560802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.96.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697701/; classtype:trojan-activity;sid:84560801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697700)"; flow:established,from_client; content:"GET"; http_method; content:"/9v3lm427"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"so.opaldrift.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697700/; classtype:trojan-activity;sid:84560800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697699)"; flow:established,from_client; content:"GET"; http_method; content:"/ds7371bgbu.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"t2w.coralglanz.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697699/; classtype:trojan-activity;sid:84560799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697698)"; flow:established,from_client; content:"GET"; http_method; content:"/yeqweahi8i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q2w5e.085-x-89-c.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697698/; classtype:trojan-activity;sid:84560798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697697)"; flow:established,from_client; content:"GET"; http_method; content:"/w2n.google|3f|t=smpluew7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sa3.cedarnova.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697697/; classtype:trojan-activity;sid:84560797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.140.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697696/; classtype:trojan-activity;sid:84560796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.153.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697694/; classtype:trojan-activity;sid:84560794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.4.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697695/; classtype:trojan-activity;sid:84560795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697693)"; flow:established,from_client; content:"GET"; http_method; content:"/dgn8io2x90.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"a7.prismquelle.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697693/; classtype:trojan-activity;sid:84560793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697692)"; flow:established,from_client; content:"GET"; http_method; content:"/wwa8bov3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sa3.cedarnova.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697692/; classtype:trojan-activity;sid:84560792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.70.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697691/; classtype:trojan-activity;sid:84560791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.112.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697690/; classtype:trojan-activity;sid:84560790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697689)"; flow:established,from_client; content:"GET"; http_method; content:"/xog8kin5oi.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"a7.prismquelle.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697689/; classtype:trojan-activity;sid:84560789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697688)"; flow:established,from_client; content:"GET"; http_method; content:"/wqeuh0us"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cm.cedarnova.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697688/; classtype:trojan-activity;sid:84560788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.114.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697687/; classtype:trojan-activity;sid:84560787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.108.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697686/; classtype:trojan-activity;sid:84560786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697685)"; flow:established,from_client; content:"GET"; http_method; content:"/f91.check|3f|t=b382uuec"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cm.cedarnova.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697685/; classtype:trojan-activity;sid:84560785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.165.26.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697684/; classtype:trojan-activity;sid:84560784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697683)"; flow:established,from_client; content:"GET"; http_method; content:"/l4vfyd6ura.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b3h7.085-x-89-c.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697683/; classtype:trojan-activity;sid:84560783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.208.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697682/; classtype:trojan-activity;sid:84560782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.230.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697681/; classtype:trojan-activity;sid:84560781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.140.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697680/; classtype:trojan-activity;sid:84560780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697679)"; flow:established,from_client; content:"GET"; http_method; content:"/3l24rozi56.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z9tqn.085-x-89-c.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697679/; classtype:trojan-activity;sid:84560779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697678)"; flow:established,from_client; content:"GET"; http_method; content:"/vd1.google|3f|t=ny9jiv3w"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"n7.cedarnova.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697678/; classtype:trojan-activity;sid:84560778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.3.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697677/; classtype:trojan-activity;sid:84560777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697676)"; flow:established,from_client; content:"GET"; http_method; content:"/r4dtpaq2dr.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"m0x.prismquelle.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697676/; classtype:trojan-activity;sid:84560776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697675)"; flow:established,from_client; content:"GET"; http_method; content:"/oxm0liyc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t1n.cedarnova.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697675/; classtype:trojan-activity;sid:84560775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.165.26.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697674/; classtype:trojan-activity;sid:84560774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697673)"; flow:established,from_client; content:"GET"; http_method; content:"/k24.check|3f|t=5l7qsqzr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t1n.cedarnova.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697673/; classtype:trojan-activity;sid:84560773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.59.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697672/; classtype:trojan-activity;sid:84560772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.239.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697671/; classtype:trojan-activity;sid:84560771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.208.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697670/; classtype:trojan-activity;sid:84560770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.230.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697669/; classtype:trojan-activity;sid:84560769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.233.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697668/; classtype:trojan-activity;sid:84560768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697667)"; flow:established,from_client; content:"GET"; http_method; content:"/a4iplrerai.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d6y1.085-x-89-c.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697667/; classtype:trojan-activity;sid:84560767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697666)"; flow:established,from_client; content:"GET"; http_method; content:"/1c.google|3f|t=hsrqb8vv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bqk.aspenatlas.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697666/; classtype:trojan-activity;sid:84560766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.3.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697665/; classtype:trojan-activity;sid:84560765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.178.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697664/; classtype:trojan-activity;sid:84560764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697663)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.116.57.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697663/; classtype:trojan-activity;sid:84560763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.144.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697662/; classtype:trojan-activity;sid:84560762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697660)"; flow:established,from_client; content:"GET"; http_method; content:"/ab3.check|3f|t=0ldyjhos"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x2.aspenatlas.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697660/; classtype:trojan-activity;sid:84560760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697661)"; flow:established,from_client; content:"GET"; http_method; content:"/7xrcv14pyx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d6y1.085-x-89-c.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697661/; classtype:trojan-activity;sid:84560761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.238.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697659/; classtype:trojan-activity;sid:84560759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697658)"; flow:established,from_client; content:"GET"; http_method; content:"/nr1e63lp65.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"z8q.prismquelle.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697658/; classtype:trojan-activity;sid:84560758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697657)"; flow:established,from_client; content:"GET"; http_method; content:"/kgg8g7kz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x2.aspenatlas.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697657/; classtype:trojan-activity;sid:84560757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.239.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697656/; classtype:trojan-activity;sid:84560756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.200.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697655/; classtype:trojan-activity;sid:84560755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697654/; classtype:trojan-activity;sid:84560754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.152.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697653/; classtype:trojan-activity;sid:84560753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.140.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697652/; classtype:trojan-activity;sid:84560752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.111.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697650/; classtype:trojan-activity;sid:84560750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.128.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697651/; classtype:trojan-activity;sid:84560751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697648)"; flow:established,from_client; content:"GET"; http_method; content:"/q3k.check|3f|t=kt4nxnmx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8q.aspenatlas.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697648/; classtype:trojan-activity;sid:84560748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697649)"; flow:established,from_client; content:"GET"; http_method; content:"/u1laxxm1go.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"d7q.a-8-xp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697649/; classtype:trojan-activity;sid:84560749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.190.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697647/; classtype:trojan-activity;sid:84560747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.124.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697646/; classtype:trojan-activity;sid:84560746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.41.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697645/; classtype:trojan-activity;sid:84560745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.200.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697644/; classtype:trojan-activity;sid:84560744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.93.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697643/; classtype:trojan-activity;sid:84560743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697641)"; flow:established,from_client; content:"GET"; http_method; content:"/m04.google|3f|t=ldivy0me"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xk.vortexgipfel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697641/; classtype:trojan-activity;sid:84560741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697642)"; flow:established,from_client; content:"GET"; http_method; content:"/itp1fxkp5h.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hpn4.a-8-xp.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697642/; classtype:trojan-activity;sid:84560742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.181.224.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697640/; classtype:trojan-activity;sid:84560740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697639)"; flow:established,from_client; content:"GET"; http_method; content:"/cfv5ztw5vg.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"k3.prismquelle.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697639/; classtype:trojan-activity;sid:84560739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697638)"; flow:established,from_client; content:"GET"; http_method; content:"/edmy6fji"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"p2.vortexgipfel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697638/; classtype:trojan-activity;sid:84560738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697637/; classtype:trojan-activity;sid:84560737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.124.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697636/; classtype:trojan-activity;sid:84560736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697635)"; flow:established,from_client; content:"GET"; http_method; content:"/g4sxhzya1e.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"k3.prismquelle.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697635/; classtype:trojan-activity;sid:84560735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697634)"; flow:established,from_client; content:"GET"; http_method; content:"/t81gnb12"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c3r.vortexgipfel.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697634/; classtype:trojan-activity;sid:84560734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.110.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697633/; classtype:trojan-activity;sid:84560733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.111.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697632/; classtype:trojan-activity;sid:84560732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697630)"; flow:established,from_client; content:"GET"; http_method; content:"/h7.google|3f|t=jqeorlyi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c3r.vortexgipfel.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697630/; classtype:trojan-activity;sid:84560730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697631)"; flow:established,from_client; content:"GET"; http_method; content:"/gfpjm0ygp8.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ty3.a-8-xp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697631/; classtype:trojan-activity;sid:84560731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.240.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697629/; classtype:trojan-activity;sid:84560729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.201.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697628/; classtype:trojan-activity;sid:84560728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.93.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697627/; classtype:trojan-activity;sid:84560727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697626)"; flow:established,from_client; content:"GET"; http_method; content:"/cpyrgboq7l.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z01.a-8-xp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697626/; classtype:trojan-activity;sid:84560726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697625)"; flow:established,from_client; content:"GET"; http_method; content:"/0xq.check|3f|t=k3h7titv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"w9.vortexgipfel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697625/; classtype:trojan-activity;sid:84560725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.152.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697624/; classtype:trojan-activity;sid:84560724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697623)"; flow:established,from_client; content:"GET"; http_method; content:"/uaf6c2opm0.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"w2t.ravenpfad.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697623/; classtype:trojan-activity;sid:84560723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697622)"; flow:established,from_client; content:"GET"; http_method; content:"/hbtnqnsq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"be.vortexgipfel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697622/; classtype:trojan-activity;sid:84560722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.232.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697621/; classtype:trojan-activity;sid:84560721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.174.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697620/; classtype:trojan-activity;sid:84560720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697618)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.google|3f|t=ubja9qag"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tqf.summitmond.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697618/; classtype:trojan-activity;sid:84560718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697619)"; flow:established,from_client; content:"GET"; http_method; content:"/x3en70txid.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v9r.a-8-xp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697619/; classtype:trojan-activity;sid:84560719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.225.1.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697617/; classtype:trojan-activity;sid:84560717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697616)"; flow:established,from_client; content:"GET"; http_method; content:"/i1y1jzfk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"z1.summitmond.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697616/; classtype:trojan-activity;sid:84560716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697615)"; flow:established,from_client; content:"GET"; http_method; content:"/aq73gr128p.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"a3.ravenpfad.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697615/; classtype:trojan-activity;sid:84560715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.185.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697614/; classtype:trojan-activity;sid:84560714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.203.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697613/; classtype:trojan-activity;sid:84560713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697612)"; flow:established,from_client; content:"GET"; http_method; content:"/yeeoly0dhn.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v9r.a-8-xp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697612/; classtype:trojan-activity;sid:84560712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697611)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.google|3f|t=9flggngq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bd2.summitmond.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697611/; classtype:trojan-activity;sid:84560711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697610)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697610/; classtype:trojan-activity;sid:84560710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697609)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697609/; classtype:trojan-activity;sid:84560709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697606)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697606/; classtype:trojan-activity;sid:84560706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697607)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697607/; classtype:trojan-activity;sid:84560707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697608)"; flow:established,from_client; content:"GET"; http_method; content:"/xmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697608/; classtype:trojan-activity;sid:84560708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697605)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697605/; classtype:trojan-activity;sid:84560705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697594)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697594/; classtype:trojan-activity;sid:84560694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697595)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697595/; classtype:trojan-activity;sid:84560695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697596)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697596/; classtype:trojan-activity;sid:84560696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697597)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697597/; classtype:trojan-activity;sid:84560697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697598)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697598/; classtype:trojan-activity;sid:84560698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697599)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697599/; classtype:trojan-activity;sid:84560699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697600)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697600/; classtype:trojan-activity;sid:84560700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697601)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697601/; classtype:trojan-activity;sid:84560701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697602)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697602/; classtype:trojan-activity;sid:84560702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697603)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697603/; classtype:trojan-activity;sid:84560703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697604)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697604/; classtype:trojan-activity;sid:84560704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697593)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697593/; classtype:trojan-activity;sid:84560693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.170.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697592/; classtype:trojan-activity;sid:84560692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697590)"; flow:established,from_client; content:"GET"; http_method; content:"/fy4wxgj2x4.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k2.a-8-xp.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697590/; classtype:trojan-activity;sid:84560690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697591)"; flow:established,from_client; content:"GET"; http_method; content:"/b56f6970725f4fdeaf08fda137f0a45c_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"62.60.226.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697591/; classtype:trojan-activity;sid:84560691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697589)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.check|3f|t=bixm7qx2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q7m.summitmond.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697589/; classtype:trojan-activity;sid:84560689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697588)"; flow:established,from_client; content:"GET"; http_method; content:"/fukfr0mt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"q7m.summitmond.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697588/; classtype:trojan-activity;sid:84560688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697587)"; flow:established,from_client; content:"GET"; http_method; content:"/fdo0ey1fo6.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"n7x.ravenpfad.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697587/; classtype:trojan-activity;sid:84560687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.52.166.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697586/; classtype:trojan-activity;sid:84560686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.118.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697585/; classtype:trojan-activity;sid:84560685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.161.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697584/; classtype:trojan-activity;sid:84560684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.240.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697581/; classtype:trojan-activity;sid:84560681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.175.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697582/; classtype:trojan-activity;sid:84560682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.178.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697583/; classtype:trojan-activity;sid:84560683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.155.2.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697576/; classtype:trojan-activity;sid:84560676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.239.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697577/; classtype:trojan-activity;sid:84560677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.171.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697578/; classtype:trojan-activity;sid:84560678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.75.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697579/; classtype:trojan-activity;sid:84560679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.52.166.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697580/; classtype:trojan-activity;sid:84560680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697575)"; flow:established,from_client; content:"GET"; http_method; content:"/l4oi6exns1.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k2.a-8-xp.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697575/; classtype:trojan-activity;sid:84560675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697574)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.google|3f|t=m9m228qk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gs.summitmond.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697574/; classtype:trojan-activity;sid:84560674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.18.66.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697573/; classtype:trojan-activity;sid:84560673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697571)"; flow:established,from_client; content:"GET"; http_method; content:"/k240.google|3f|t=lar3f5nm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"x4.ripplerover.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697571/; classtype:trojan-activity;sid:84560671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697572)"; flow:established,from_client; content:"GET"; http_method; content:"/ami6ms3rq6.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m0k.8-f-e8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697572/; classtype:trojan-activity;sid:84560672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.233.94.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697570/; classtype:trojan-activity;sid:84560670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.108.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697569/; classtype:trojan-activity;sid:84560669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.203.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697568/; classtype:trojan-activity;sid:84560668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.152.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697567/; classtype:trojan-activity;sid:84560667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697566)"; flow:established,from_client; content:"GET"; http_method; content:"/3cg5dathi8.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"q4.ravenpfad.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697566/; classtype:trojan-activity;sid:84560666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697565)"; flow:established,from_client; content:"GET"; http_method; content:"/d3ybose0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a2n.ripplerover.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697565/; classtype:trojan-activity;sid:84560665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697564)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5298241443/z8vai6z.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697564/; classtype:trojan-activity;sid:84560664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697562)"; flow:established,from_client; content:"GET"; http_method; content:"/rm7.check|3f|t=dek4aevv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a2n.ripplerover.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697562/; classtype:trojan-activity;sid:84560662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697563)"; flow:established,from_client; content:"GET"; http_method; content:"/gmytzeyrmm.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c1v.8-f-e8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697563/; classtype:trojan-activity;sid:84560663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.253.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697561/; classtype:trojan-activity;sid:84560661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697560)"; flow:established,from_client; content:"GET"; http_method; content:"/0q.google|3f|t=77gcv8g3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zt3.ripplerover.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697560/; classtype:trojan-activity;sid:84560660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697559)"; flow:established,from_client; content:"GET"; http_method; content:"/lla8wkpav0.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pr6q.8-f-e8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697559/; classtype:trojan-activity;sid:84560659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.233.94.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697558/; classtype:trojan-activity;sid:84560658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.248.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697557/; classtype:trojan-activity;sid:84560657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.240.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697556/; classtype:trojan-activity;sid:84560656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697555/; classtype:trojan-activity;sid:84560655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.152.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697554/; classtype:trojan-activity;sid:84560654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697552)"; flow:established,from_client; content:"GET"; http_method; content:"/f1.google|3f|t=5awx4sek"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kp.ripplerover.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697552/; classtype:trojan-activity;sid:84560652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697553)"; flow:established,from_client; content:"GET"; http_method; content:"/z8ihyj6583.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"9am.8-f-e8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697553/; classtype:trojan-activity;sid:84560653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.100.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697551/; classtype:trojan-activity;sid:84560651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697550)"; flow:established,from_client; content:"GET"; http_method; content:"/x0hb7hoavg.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d5.willowberg.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697550/; classtype:trojan-activity;sid:84560650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697549)"; flow:established,from_client; content:"GET"; http_method; content:"/g730krkh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kp.ripplerover.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697549/; classtype:trojan-activity;sid:84560649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.214.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697548/; classtype:trojan-activity;sid:84560648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697547/; classtype:trojan-activity;sid:84560647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697546)"; flow:established,from_client; content:"GET"; http_method; content:"/ytvqsjmdo6.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x4d.8-f-e8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697546/; classtype:trojan-activity;sid:84560646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697545)"; flow:established,from_client; content:"GET"; http_method; content:"/0a1.google|3f|t=n09z1ggt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"yxm.forgehafen.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697545/; classtype:trojan-activity;sid:84560645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.248.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697544/; classtype:trojan-activity;sid:84560644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697542)"; flow:established,from_client; content:"GET"; http_method; content:"/0dqdqw2790.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d5.willowberg.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697542/; classtype:trojan-activity;sid:84560642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697543)"; flow:established,from_client; content:"GET"; http_method; content:"/f2gpzyrt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c4n.forgehafen.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697543/; classtype:trojan-activity;sid:84560643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697541)"; flow:established,from_client; content:"GET"; http_method; content:"/8fj2j62d8z.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x4d.8-f-e8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697541/; classtype:trojan-activity;sid:84560641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697540)"; flow:established,from_client; content:"GET"; http_method; content:"/dp2.check|3f|t=8g8wxlhv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c4n.forgehafen.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697540/; classtype:trojan-activity;sid:84560640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697539)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8134610967/dzccmur.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697539/; classtype:trojan-activity;sid:84560639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.214.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697538/; classtype:trojan-activity;sid:84560638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697536)"; flow:established,from_client; content:"GET"; http_method; content:"/7q.check|3f|t=s0gagik8"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t3k.forgehafen.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697536/; classtype:trojan-activity;sid:84560636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697537)"; flow:established,from_client; content:"GET"; http_method; content:"/k66sn91exo.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t8.8-f-e8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697537/; classtype:trojan-activity;sid:84560637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.117.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697535/; classtype:trojan-activity;sid:84560635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697534)"; flow:established,from_client; content:"GET"; http_method; content:"/edqxn8wul5.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"b7k2.willowberg.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697534/; classtype:trojan-activity;sid:84560634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697533)"; flow:established,from_client; content:"GET"; http_method; content:"/8l4pqweo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t3k.forgehafen.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697533/; classtype:trojan-activity;sid:84560633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.68.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697532/; classtype:trojan-activity;sid:84560632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.168.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697531/; classtype:trojan-activity;sid:84560631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.92.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697530/; classtype:trojan-activity;sid:84560630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697529)"; flow:established,from_client; content:"GET"; http_method; content:"/ep.google|3f|t=2fni2zde"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rz.forgehafen.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697529/; classtype:trojan-activity;sid:84560629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697528)"; flow:established,from_client; content:"GET"; http_method; content:"/tkwxpdr0ub.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t8.8-f-e8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697528/; classtype:trojan-activity;sid:84560628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697526)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/kdgumlu.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697526/; classtype:trojan-activity;sid:84560626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697527)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7323453331/q4fjr4r.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697527/; classtype:trojan-activity;sid:84560627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.13.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697525/; classtype:trojan-activity;sid:84560625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697524)"; flow:established,from_client; content:"GET"; http_method; content:"/wa04.google|3f|t=bz0btxq6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"h9m.lunarlicht.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697524/; classtype:trojan-activity;sid:84560624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.68.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697523/; classtype:trojan-activity;sid:84560623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.168.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697522/; classtype:trojan-activity;sid:84560622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697521)"; flow:established,from_client; content:"GET"; http_method; content:"/u5k76ele5g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b7m2.7nf214.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697521/; classtype:trojan-activity;sid:84560621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697520)"; flow:established,from_client; content:"GET"; http_method; content:"/ty3.check|3f|t=j01nrg9k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x1.lunarlicht.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697520/; classtype:trojan-activity;sid:84560620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697519)"; flow:established,from_client; content:"GET"; http_method; content:"/efy1h2zd6w.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"x0p.willowberg.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697519/; classtype:trojan-activity;sid:84560619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697518)"; flow:established,from_client; content:"GET"; http_method; content:"/i43zgtws"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x1.lunarlicht.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697518/; classtype:trojan-activity;sid:84560618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.70.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697517/; classtype:trojan-activity;sid:84560617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.7.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697516/; classtype:trojan-activity;sid:84560616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697515)"; flow:established,from_client; content:"GET"; http_method; content:"/s65tw62am1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"3qd.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697515/; classtype:trojan-activity;sid:84560615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697514)"; flow:established,from_client; content:"GET"; http_method; content:"/rgwzwzjfi1.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"x0p.willowberg.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697514/; classtype:trojan-activity;sid:84560614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697512)"; flow:established,from_client; content:"GET"; http_method; content:"/u2tvck8x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"q2k.lunarlicht.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697512/; classtype:trojan-activity;sid:84560612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697513)"; flow:established,from_client; content:"GET"; http_method; content:"/v0.google|3f|t=hzmi0hzh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q2k.lunarlicht.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697513/; classtype:trojan-activity;sid:84560613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697511)"; flow:established,from_client; content:"GET"; http_method; content:"/1za.check|3f|t=lmouwhe2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m7x.lunarlicht.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697511/; classtype:trojan-activity;sid:84560611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697510)"; flow:established,from_client; content:"GET"; http_method; content:"/qzfeialq0e.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"3qd.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697510/; classtype:trojan-activity;sid:84560610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.17.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697509/; classtype:trojan-activity;sid:84560609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697507)"; flow:established,from_client; content:"GET"; http_method; content:"/qm.google|3f|t=qib6ozh9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ab.lunarlicht.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697507/; classtype:trojan-activity;sid:84560607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697508)"; flow:established,from_client; content:"GET"; http_method; content:"/irhqtahckm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n1k.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697508/; classtype:trojan-activity;sid:84560608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697506)"; flow:established,from_client; content:"GET"; http_method; content:"/qcae3a2xpu.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"t1w.cometwald.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697506/; classtype:trojan-activity;sid:84560606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697505)"; flow:established,from_client; content:"GET"; http_method; content:"/yc3x7ccp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ab.lunarlicht.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697505/; classtype:trojan-activity;sid:84560605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.150.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697504/; classtype:trojan-activity;sid:84560604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.75.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697503/; classtype:trojan-activity;sid:84560603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.13.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697502/; classtype:trojan-activity;sid:84560602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697501)"; flow:established,from_client; content:"GET"; http_method; content:"/cxauf1v1y3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n1k.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697501/; classtype:trojan-activity;sid:84560601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697500)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=rmb1si9u"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"x.onyxmorgen.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697500/; classtype:trojan-activity;sid:84560600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.158.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697499/; classtype:trojan-activity;sid:84560599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697498)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/otkujnn.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697498/; classtype:trojan-activity;sid:84560598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697497)"; flow:established,from_client; content:"GET"; http_method; content:"/vgoimfuga9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wz0.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697497/; classtype:trojan-activity;sid:84560597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.35.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697496/; classtype:trojan-activity;sid:84560596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697495)"; flow:established,from_client; content:"GET"; http_method; content:"/0d4.google|3f|t=m66gkc42"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bz.onyxmorgen.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697495/; classtype:trojan-activity;sid:84560595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697494)"; flow:established,from_client; content:"GET"; http_method; content:"/lh00eqcxsp.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"m.cometwald.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697494/; classtype:trojan-activity;sid:84560594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697493)"; flow:established,from_client; content:"GET"; http_method; content:"/9v5773xs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bz.onyxmorgen.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697493/; classtype:trojan-activity;sid:84560593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697492)"; flow:established,from_client; content:"GET"; http_method; content:"/1kz.check|3f|t=e84d1wdx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q1.onyxmorgen.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697492/; classtype:trojan-activity;sid:84560592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697491)"; flow:established,from_client; content:"GET"; http_method; content:"/jj6x39k4xq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wz0.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697491/; classtype:trojan-activity;sid:84560591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.128.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697490/; classtype:trojan-activity;sid:84560590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.160.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697489/; classtype:trojan-activity;sid:84560589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697488)"; flow:established,from_client; content:"GET"; http_method; content:"/kyx9jmhpba.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wz0.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697488/; classtype:trojan-activity;sid:84560588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697487)"; flow:established,from_client; content:"GET"; http_method; content:"/r8.google|3f|t=6f032e9y"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g5.onyxmorgen.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697487/; classtype:trojan-activity;sid:84560587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.193.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697486/; classtype:trojan-activity;sid:84560586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.54.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697485/; classtype:trojan-activity;sid:84560585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.158.212.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697484/; classtype:trojan-activity;sid:84560584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.64.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697483/; classtype:trojan-activity;sid:84560583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697482)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.google|3f|t=0jdngx74"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1m.paradeabend.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697482/; classtype:trojan-activity;sid:84560582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.160.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697481/; classtype:trojan-activity;sid:84560581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.113.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697480/; classtype:trojan-activity;sid:84560580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.128.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697479/; classtype:trojan-activity;sid:84560579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697477)"; flow:established,from_client; content:"GET"; http_method; content:"/v31d043mrc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2p.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697477/; classtype:trojan-activity;sid:84560577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.193.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697478/; classtype:trojan-activity;sid:84560578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697476)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=76175o7d"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.paradeabend.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697476/; classtype:trojan-activity;sid:84560576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.51.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697474/; classtype:trojan-activity;sid:84560574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.166.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697475/; classtype:trojan-activity;sid:84560575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.176.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697473/; classtype:trojan-activity;sid:84560573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697472)"; flow:established,from_client; content:"GET"; http_method; content:"/hwr1n9pnnw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2p.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697472/; classtype:trojan-activity;sid:84560572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697471)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=8tm2uxmu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p0.paradeabend.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697471/; classtype:trojan-activity;sid:84560571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697470)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=m4o3qz5n"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0z.sproutkraft.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697470/; classtype:trojan-activity;sid:84560570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697469)"; flow:established,from_client; content:"GET"; http_method; content:"/5sudcwvdve.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2p.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697469/; classtype:trojan-activity;sid:84560569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.23.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697468/; classtype:trojan-activity;sid:84560568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697467)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7838746815/km7tctd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697467/; classtype:trojan-activity;sid:84560567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.179.182.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697466/; classtype:trojan-activity;sid:84560566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.113.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697465/; classtype:trojan-activity;sid:84560565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697463)"; flow:established,from_client; content:"GET"; http_method; content:"/kxm7d8z45g.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"r7k2.sk-f0s.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697463/; classtype:trojan-activity;sid:84560563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697464)"; flow:established,from_client; content:"GET"; http_method; content:"/x3qak1d4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"v3.sproutkraft.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697464/; classtype:trojan-activity;sid:84560564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697462)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7336533485/bfsdtsc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697462/; classtype:trojan-activity;sid:84560562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697461)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=wtll7huf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3.sproutkraft.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697461/; classtype:trojan-activity;sid:84560561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697459)"; flow:established,from_client; content:"GET"; http_method; content:"/asqz33opea.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gh.7nf214.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697459/; classtype:trojan-activity;sid:84560559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697460)"; flow:established,from_client; content:"GET"; http_method; content:"/updater.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.137.241.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697460/; classtype:trojan-activity;sid:84560560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.92.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697458/; classtype:trojan-activity;sid:84560558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697457/; classtype:trojan-activity;sid:84560557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.149.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697456/; classtype:trojan-activity;sid:84560556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.4.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697455/; classtype:trojan-activity;sid:84560555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697454)"; flow:established,from_client; content:"GET"; http_method; content:"/4j8gd21pch.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"v1.sk-f0s.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697454/; classtype:trojan-activity;sid:84560554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697453)"; flow:established,from_client; content:"GET"; http_method; content:"/2h1slux2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"h1.sproutkraft.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697453/; classtype:trojan-activity;sid:84560553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697452)"; flow:established,from_client; content:"GET"; http_method; content:"/nd3ax3lz9b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gh.7nf214.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697452/; classtype:trojan-activity;sid:84560552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697451)"; flow:established,from_client; content:"GET"; http_method; content:"/9fa.check|3f|t=8b89hvy6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h1.sproutkraft.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697451/; classtype:trojan-activity;sid:84560551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.41.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697450/; classtype:trojan-activity;sid:84560550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.176.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697449/; classtype:trojan-activity;sid:84560549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.83.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697448/; classtype:trojan-activity;sid:84560548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.179.182.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697447/; classtype:trojan-activity;sid:84560547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697446)"; flow:established,from_client; content:"GET"; http_method; content:"/0uma8smqji.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gh.7nf214.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697446/; classtype:trojan-activity;sid:84560546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697445)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=moaynrw2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.sproutkraft.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697445/; classtype:trojan-activity;sid:84560545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697444)"; flow:established,from_client; content:"GET"; http_method; content:"/9gvsik4j9p.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"h9p3.566318z8.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697444/; classtype:trojan-activity;sid:84560544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697443)"; flow:established,from_client; content:"GET"; http_method; content:"/nxpy9ow3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s.sproutkraft.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697443/; classtype:trojan-activity;sid:84560543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697442)"; flow:established,from_client; content:"GET"; http_method; content:"/18z469i1y4.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"h9p3.566318z8.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697442/; classtype:trojan-activity;sid:84560542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697441)"; flow:established,from_client; content:"GET"; http_method; content:"/4dzgfg52"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"n7.cobaltwolke.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697441/; classtype:trojan-activity;sid:84560541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.215.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697440/; classtype:trojan-activity;sid:84560540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697438)"; flow:established,from_client; content:"GET"; http_method; content:"/r3m0m6eoox.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"h9p3.566318z8.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697438/; classtype:trojan-activity;sid:84560538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697439)"; flow:established,from_client; content:"GET"; http_method; content:"/pmywrquf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"n7.cobaltwolke.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697439/; classtype:trojan-activity;sid:84560539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.23.129"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697437/; classtype:trojan-activity;sid:84560537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.186.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697436/; classtype:trojan-activity;sid:84560536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.82.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697435/; classtype:trojan-activity;sid:84560535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697434)"; flow:established,from_client; content:"GET"; http_method; content:"/pkmn07j1ui.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"z.566318z8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697434/; classtype:trojan-activity;sid:84560534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697433)"; flow:established,from_client; content:"GET"; http_method; content:"/m4qoie83"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t1.cobaltwolke.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697433/; classtype:trojan-activity;sid:84560533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697432)"; flow:established,from_client; content:"GET"; http_method; content:"/6vwjt1qnqr.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"z.566318z8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697432/; classtype:trojan-activity;sid:84560532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697431)"; flow:established,from_client; content:"GET"; http_method; content:"/0d7gkvwe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r9.cobaltwolke.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697431/; classtype:trojan-activity;sid:84560531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.211.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697430/; classtype:trojan-activity;sid:84560530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.83.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697429/; classtype:trojan-activity;sid:84560529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.75.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697428/; classtype:trojan-activity;sid:84560528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697427)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697427/; classtype:trojan-activity;sid:84560527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697425)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697425/; classtype:trojan-activity;sid:84560525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697426)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697426/; classtype:trojan-activity;sid:84560526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697424)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697424/; classtype:trojan-activity;sid:84560524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697421)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697421/; classtype:trojan-activity;sid:84560521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697422)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697422/; classtype:trojan-activity;sid:84560522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697423)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697423/; classtype:trojan-activity;sid:84560523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.186.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697420/; classtype:trojan-activity;sid:84560520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697419)"; flow:established,from_client; content:"GET"; http_method; content:"/tw19an3p1q.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"m2x.566318z8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697419/; classtype:trojan-activity;sid:84560519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697418)"; flow:established,from_client; content:"GET"; http_method; content:"/cr2dtjqw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x2.velvetnebel.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697418/; classtype:trojan-activity;sid:84560518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697417)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697417/; classtype:trojan-activity;sid:84560517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.211.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697416/; classtype:trojan-activity;sid:84560516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.172.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697415/; classtype:trojan-activity;sid:84560515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697414)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6629342726/ocad0xd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697414/; classtype:trojan-activity;sid:84560514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697413)"; flow:established,from_client; content:"GET"; http_method; content:"/5l5okjot5v.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"q7.566318z8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697413/; classtype:trojan-activity;sid:84560513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697412)"; flow:established,from_client; content:"GET"; http_method; content:"/0xtizo3k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pc.velvetnebel.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697412/; classtype:trojan-activity;sid:84560512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.158.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697411/; classtype:trojan-activity;sid:84560511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.186.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697410/; classtype:trojan-activity;sid:84560510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697409/; classtype:trojan-activity;sid:84560509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.28.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697408/; classtype:trojan-activity;sid:84560508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697407)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697407/; classtype:trojan-activity;sid:84560507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697406)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697406/; classtype:trojan-activity;sid:84560506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697404)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697404/; classtype:trojan-activity;sid:84560504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.23.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697405/; classtype:trojan-activity;sid:84560505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697403/; classtype:trojan-activity;sid:84560503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697400)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697400/; classtype:trojan-activity;sid:84560500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697401)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697401/; classtype:trojan-activity;sid:84560501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.71.203.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697402/; classtype:trojan-activity;sid:84560502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697392)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697392/; classtype:trojan-activity;sid:84560492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697393)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697393/; classtype:trojan-activity;sid:84560493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.26.195.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697394/; classtype:trojan-activity;sid:84560494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697395)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697395/; classtype:trojan-activity;sid:84560495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697396)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697396/; classtype:trojan-activity;sid:84560496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.195.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697397/; classtype:trojan-activity;sid:84560497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697398)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697398/; classtype:trojan-activity;sid:84560498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.44.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697399/; classtype:trojan-activity;sid:84560499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697391)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697391/; classtype:trojan-activity;sid:84560491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.37.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697388/; classtype:trojan-activity;sid:84560488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.179.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697389/; classtype:trojan-activity;sid:84560489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.245.138.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697390/; classtype:trojan-activity;sid:84560490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697385)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697385/; classtype:trojan-activity;sid:84560485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.162.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697386/; classtype:trojan-activity;sid:84560486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.84.134.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697387/; classtype:trojan-activity;sid:84560487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.10.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697384/; classtype:trojan-activity;sid:84560484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697383/; classtype:trojan-activity;sid:84560483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.190.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697382/; classtype:trojan-activity;sid:84560482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697380)"; flow:established,from_client; content:"GET"; http_method; content:"/h9vy5jrs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cm.pixelstern.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697380/; classtype:trojan-activity;sid:84560480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697381)"; flow:established,from_client; content:"GET"; http_method; content:"/0ng3qji90w.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"b7k2.q3v8p.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697381/; classtype:trojan-activity;sid:84560481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697379)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.240.9.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697379/; classtype:trojan-activity;sid:84560479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697378)"; flow:established,from_client; content:"GET"; http_method; content:"/0zu5qh2jw4.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"b7k2.q3v8p.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697378/; classtype:trojan-activity;sid:84560478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697377)"; flow:established,from_client; content:"GET"; http_method; content:"/ov0tilga"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y7.pixelstern.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697377/; classtype:trojan-activity;sid:84560477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697376/; classtype:trojan-activity;sid:84560476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.28.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697375/; classtype:trojan-activity;sid:84560475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697374)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ugldlgs8.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"x0p.q3v8p.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697374/; classtype:trojan-activity;sid:84560474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697373)"; flow:established,from_client; content:"GET"; http_method; content:"/4ms1lod8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y7.pixelstern.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697373/; classtype:trojan-activity;sid:84560473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.23.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697372/; classtype:trojan-activity;sid:84560472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.162.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697371/; classtype:trojan-activity;sid:84560471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.171.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697370/; classtype:trojan-activity;sid:84560470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697369)"; flow:established,from_client; content:"GET"; http_method; content:"/r4t2ty4q22.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"29q.n-61-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697369/; classtype:trojan-activity;sid:84560469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697368)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.google|3f|t=po1a4ane"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.pixelstern.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697368/; classtype:trojan-activity;sid:84560468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697366)"; flow:established,from_client; content:"GET"; http_method; content:"/pk2.check|3f|t=2hdk454e"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z1.falconhimmel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697366/; classtype:trojan-activity;sid:84560466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697367)"; flow:established,from_client; content:"GET"; http_method; content:"/jk8nvqpya5.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h1p.n-61-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697367/; classtype:trojan-activity;sid:84560467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697365)"; flow:established,from_client; content:"GET"; http_method; content:"/k2ztchbhd9.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h1p.n-61-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697365/; classtype:trojan-activity;sid:84560465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697364)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.google|3f|t=7codnn2j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bd.falconhimmel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697364/; classtype:trojan-activity;sid:84560464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697363)"; flow:established,from_client; content:"GET"; http_method; content:"/j0g0u2o4on.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"v1.q3v8p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697363/; classtype:trojan-activity;sid:84560463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697362)"; flow:established,from_client; content:"GET"; http_method; content:"/n5cvnudn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bd.falconhimmel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697362/; classtype:trojan-activity;sid:84560462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.195.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697361/; classtype:trojan-activity;sid:84560461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697360)"; flow:established,from_client; content:"GET"; http_method; content:"/50jdn37gt8.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wz0.n-61-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697360/; classtype:trojan-activity;sid:84560460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697359)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.check|3f|t=5fv5cqdo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q4.falconhimmel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697359/; classtype:trojan-activity;sid:84560459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.37.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697358/; classtype:trojan-activity;sid:84560458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697357)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.google|3f|t=e0r19e3n"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.falconhimmel.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697357/; classtype:trojan-activity;sid:84560457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697356)"; flow:established,from_client; content:"GET"; http_method; content:"/i4q6mvha45.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"op.2218pb.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697356/; classtype:trojan-activity;sid:84560456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697355)"; flow:established,from_client; content:"GET"; http_method; content:"/aw9vr5mz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"g.falconhimmel.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697355/; classtype:trojan-activity;sid:84560455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.61.51.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697354/; classtype:trojan-activity;sid:84560454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.15.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697353/; classtype:trojan-activity;sid:84560453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697352)"; flow:established,from_client; content:"GET"; http_method; content:"/gqv2ey79q1.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k4r2.n-61-5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697352/; classtype:trojan-activity;sid:84560452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697351)"; flow:established,from_client; content:"GET"; http_method; content:"/am1.check|3f|t=puboe5ko"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kz.harborfreund.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697351/; classtype:trojan-activity;sid:84560451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.37.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697350/; classtype:trojan-activity;sid:84560450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697348)"; flow:established,from_client; content:"GET"; http_method; content:"/0r2.google|3f|t=1nh8qplk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"1m.harborfreund.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697348/; classtype:trojan-activity;sid:84560448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697349)"; flow:established,from_client; content:"GET"; http_method; content:"/1w3lc3jerh.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vj3.n-61-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697349/; classtype:trojan-activity;sid:84560449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697347)"; flow:established,from_client; content:"GET"; http_method; content:"/at6qxsazma.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vj3.n-61-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697347/; classtype:trojan-activity;sid:84560447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697346)"; flow:established,from_client; content:"GET"; http_method; content:"/q7p.check|3f|t=0tl2zui5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.harborfreund.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697346/; classtype:trojan-activity;sid:84560446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.182.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697345/; classtype:trojan-activity;sid:84560445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697344)"; flow:established,from_client; content:"GET"; http_method; content:"/u8.google|3f|t=si837qxl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.harborfreund.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697344/; classtype:trojan-activity;sid:84560444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697343)"; flow:established,from_client; content:"GET"; http_method; content:"/wl60ce3dfg.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g8.n-61-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697343/; classtype:trojan-activity;sid:84560443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.202.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697342/; classtype:trojan-activity;sid:84560442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697341)"; flow:established,from_client; content:"GET"; http_method; content:"/2kfg0dnji1.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t2k8.d-k-6j.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697341/; classtype:trojan-activity;sid:84560441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697340)"; flow:established,from_client; content:"GET"; http_method; content:"/tb9.check|3f|t=1fpim1yt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0z.cloverschnee.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697340/; classtype:trojan-activity;sid:84560440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.171.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697339/; classtype:trojan-activity;sid:84560439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.43.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697338/; classtype:trojan-activity;sid:84560438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.21.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697337/; classtype:trojan-activity;sid:84560437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.135.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697336/; classtype:trojan-activity;sid:84560436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.202.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697335/; classtype:trojan-activity;sid:84560435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.153.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697334/; classtype:trojan-activity;sid:84560434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.140.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697333/; classtype:trojan-activity;sid:84560433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697332)"; flow:established,from_client; content:"GET"; http_method; content:"/a8wyjg2ypi.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cmv.d-k-6j.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697332/; classtype:trojan-activity;sid:84560432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697331)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=23emaxfm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h2.cloverschnee.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697331/; classtype:trojan-activity;sid:84560431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697330)"; flow:established,from_client; content:"GET"; http_method; content:"/pvbkqp7yif.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zk8.384v2271.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697330/; classtype:trojan-activity;sid:84560430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697329)"; flow:established,from_client; content:"GET"; http_method; content:"/uhl5trhw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s.cloverschnee.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697329/; classtype:trojan-activity;sid:84560429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.171.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697328/; classtype:trojan-activity;sid:84560428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697327)"; flow:established,from_client; content:"GET"; http_method; content:"/gjs723xr2l.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r01.d-k-6j.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697327/; classtype:trojan-activity;sid:84560427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697326)"; flow:established,from_client; content:"GET"; http_method; content:"/d73.check|3f|t=t6xhotmk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x1.embergarten.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697326/; classtype:trojan-activity;sid:84560426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697325)"; flow:established,from_client; content:"GET"; http_method; content:"/ppalrhne5p.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1x.384v2271.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697325/; classtype:trojan-activity;sid:84560425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697324)"; flow:established,from_client; content:"GET"; http_method; content:"/jzy8h9ih"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x1.embergarten.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697324/; classtype:trojan-activity;sid:84560424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.135.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697323/; classtype:trojan-activity;sid:84560423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697322)"; flow:established,from_client; content:"GET"; http_method; content:"/l2w.google|3f|t=zg61woqc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q2.embergarten.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697322/; classtype:trojan-activity;sid:84560422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697321)"; flow:established,from_client; content:"GET"; http_method; content:"/nu2143eeds.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b7n.d-k-6j.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697321/; classtype:trojan-activity;sid:84560421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.153.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697320/; classtype:trojan-activity;sid:84560420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.253.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697319/; classtype:trojan-activity;sid:84560419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.244.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697317/; classtype:trojan-activity;sid:84560417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.133.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697318/; classtype:trojan-activity;sid:84560418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697316)"; flow:established,from_client; content:"GET"; http_method; content:"/docmon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"planner5dl.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697316/; classtype:trojan-activity;sid:84560416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.129.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697315/; classtype:trojan-activity;sid:84560415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.34.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697314/; classtype:trojan-activity;sid:84560414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697313)"; flow:established,from_client; content:"GET"; http_method; content:"/uuscd03dzd.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"xq9.d-k-6j.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697313/; classtype:trojan-activity;sid:84560413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697312)"; flow:established,from_client; content:"GET"; http_method; content:"/9f2.check|3f|t=h680289y"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m7.embergarten.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697312/; classtype:trojan-activity;sid:84560412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.10.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697311/; classtype:trojan-activity;sid:84560411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697309)"; flow:established,from_client; content:"GET"; http_method; content:"/tgw7b2aboy.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a4.d-k-6j.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697309/; classtype:trojan-activity;sid:84560409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697310)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=7jdzwlo6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.embergarten.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697310/; classtype:trojan-activity;sid:84560410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697308)"; flow:established,from_client; content:"GET"; http_method; content:"/qvr.google|3f|t=izvrfch6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bpu.v4-z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697308/; classtype:trojan-activity;sid:84560408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697307)"; flow:established,from_client; content:"GET"; http_method; content:"/a20pwd5pt0.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a4.d-k-6j.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697307/; classtype:trojan-activity;sid:84560407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.244.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697306/; classtype:trojan-activity;sid:84560406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.133.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697305/; classtype:trojan-activity;sid:84560405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.10.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697304/; classtype:trojan-activity;sid:84560404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697303)"; flow:established,from_client; content:"GET"; http_method; content:"/hwtb0aryj4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dv6.kgto6b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697303/; classtype:trojan-activity;sid:84560403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.92.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697301/; classtype:trojan-activity;sid:84560401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697302)"; flow:established,from_client; content:"GET"; http_method; content:"/5lu.google|3f|t=oe6fsz1t"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mlo.j-7m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697302/; classtype:trojan-activity;sid:84560402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.190.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697300/; classtype:trojan-activity;sid:84560400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.34.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697299/; classtype:trojan-activity;sid:84560399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.209.76.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697298/; classtype:trojan-activity;sid:84560398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697296)"; flow:established,from_client; content:"GET"; http_method; content:"/6l.google|3f|t=0uusrdam"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"9yi.j935.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697296/; classtype:trojan-activity;sid:84560396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697297)"; flow:established,from_client; content:"GET"; http_method; content:"/h9eru4uzuk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p0x.kgto6b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697297/; classtype:trojan-activity;sid:84560397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.31.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697295/; classtype:trojan-activity;sid:84560395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697294)"; flow:established,from_client; content:"GET"; http_method; content:"/6u.google|3f|t=0pca2pn5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e7f.oqtx.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697294/; classtype:trojan-activity;sid:84560394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697293)"; flow:established,from_client; content:"GET"; http_method; content:"/u8w6bxrxiv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p0x.kgto6b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697293/; classtype:trojan-activity;sid:84560393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697292)"; flow:established,from_client; content:"GET"; http_method; content:"/53bgdq5c"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e7f.oqtx.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697292/; classtype:trojan-activity;sid:84560392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697291)"; flow:established,from_client; content:"GET"; http_method; content:"/e4gaku5b31.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"xa2.027-7i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697291/; classtype:trojan-activity;sid:84560391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.45.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697290/; classtype:trojan-activity;sid:84560390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697289)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7044575709/vgjr2lm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697289/; classtype:trojan-activity;sid:84560389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.254.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697288/; classtype:trojan-activity;sid:84560388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.31.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697287/; classtype:trojan-activity;sid:84560387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.55.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697286/; classtype:trojan-activity;sid:84560386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697284)"; flow:established,from_client; content:"GET"; http_method; content:"/0n.google|3f|t=trao23c7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5wf.yw9a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697284/; classtype:trojan-activity;sid:84560384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697285)"; flow:established,from_client; content:"GET"; http_method; content:"/1pr280il8n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t9h3.kgto6b.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697285/; classtype:trojan-activity;sid:84560385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.209.76.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697283/; classtype:trojan-activity;sid:84560383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697282)"; flow:established,from_client; content:"GET"; http_method; content:"/l6pgtbetzt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t9h3.kgto6b.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697282/; classtype:trojan-activity;sid:84560382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697281)"; flow:established,from_client; content:"GET"; http_method; content:"/s50.google|3f|t=pi6ul32a"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hp.5g-t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697281/; classtype:trojan-activity;sid:84560381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.37.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697280/; classtype:trojan-activity;sid:84560380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.45.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697279/; classtype:trojan-activity;sid:84560379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697278)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7323453331/o7zrzsu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697278/; classtype:trojan-activity;sid:84560378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.189.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697276/; classtype:trojan-activity;sid:84560376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.123.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697277/; classtype:trojan-activity;sid:84560377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697275)"; flow:established,from_client; content:"GET"; http_method; content:"/3l.google|3f|t=qeunlong"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"uq.v4-z.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697275/; classtype:trojan-activity;sid:84560375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697274)"; flow:established,from_client; content:"GET"; http_method; content:"/kwvfeu09qf.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r6.027-7i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697274/; classtype:trojan-activity;sid:84560374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697273)"; flow:established,from_client; content:"GET"; http_method; content:"/vblyi49f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uq.v4-z.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697273/; classtype:trojan-activity;sid:84560373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697272)"; flow:established,from_client; content:"GET"; http_method; content:"/q4p85yetom.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"za1.kgto6b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697272/; classtype:trojan-activity;sid:84560372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697271)"; flow:established,from_client; content:"GET"; http_method; content:"/er.check|3f|t=mn1bq2jf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"uh.67tf.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697271/; classtype:trojan-activity;sid:84560371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697270)"; flow:established,from_client; content:"GET"; http_method; content:"/h/upd.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fashion121fashion.top"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697270/; classtype:trojan-activity;sid:84560370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.55.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697269/; classtype:trojan-activity;sid:84560369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.2.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697268/; classtype:trojan-activity;sid:84560368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697267)"; flow:established,from_client; content:"GET"; http_method; content:"/ge9lu1efrt.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y7m4.lweaq9b.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697267/; classtype:trojan-activity;sid:84560367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697266)"; flow:established,from_client; content:"GET"; http_method; content:"/0n6ldj4z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x74.j-7m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697266/; classtype:trojan-activity;sid:84560366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.123.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697265/; classtype:trojan-activity;sid:84560365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697264)"; flow:established,from_client; content:"GET"; http_method; content:"/480/sjdhf00vcb98sd0wjhjcmvnmsdfkjk0fs90c88b0d00s0cv89sdjjhj98vx0c0xc0v0cx08xcv0xcv.txt"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697264/; classtype:trojan-activity;sid:84560364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697263)"; flow:established,from_client; content:"GET"; http_method; content:"/469/0e0fd0g0we00we0r3990dfg0dfg0g9df09xcvxcv90s900sg0g0sxcv00s9f0s9sd0f90.hta"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697263/; classtype:trojan-activity;sid:84560363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697262)"; flow:established,from_client; content:"GET"; http_method; content:"/nueva%20carpeta/vmdocumentos.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"hostphpwindowsdriversappsos.duckdns.org"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697262/; classtype:trojan-activity;sid:84560362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.135.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697261/; classtype:trojan-activity;sid:84560361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.85.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697260/; classtype:trojan-activity;sid:84560360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.148.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697259/; classtype:trojan-activity;sid:84560359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.2.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697258/; classtype:trojan-activity;sid:84560358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697257)"; flow:established,from_client; content:"GET"; http_method; content:"/1oba7zb4uj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2v.kgto6b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697257/; classtype:trojan-activity;sid:84560357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697256)"; flow:established,from_client; content:"GET"; http_method; content:"/4c1.check|3f|t=9a6zgc63"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x74.j-7m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697256/; classtype:trojan-activity;sid:84560356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.243.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697254/; classtype:trojan-activity;sid:84560354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.236.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697253/; classtype:trojan-activity;sid:84560353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.223.210.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697252/; classtype:trojan-activity;sid:84560352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.203.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697251/; classtype:trojan-activity;sid:84560351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697249)"; flow:established,from_client; content:"GET"; http_method; content:"/z0y.google|3f|t=kjxdd7q9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"my.znx7.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697249/; classtype:trojan-activity;sid:84560349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697250)"; flow:established,from_client; content:"GET"; http_method; content:"/zw6x3b7067.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7.kgto6b.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697250/; classtype:trojan-activity;sid:84560350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.189.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697248/; classtype:trojan-activity;sid:84560348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697247)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yqglnlkq4nszab9d-isffrczfgwt3p1z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697247/; classtype:trojan-activity;sid:84560347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697246)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gw3ymr1icj9kb65qgulvgqo5lw2edehs"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697246/; classtype:trojan-activity;sid:84560346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697245)"; flow:established,from_client; content:"GET"; http_method; content:"/a0euyu1n6a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7.kgto6b.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697245/; classtype:trojan-activity;sid:84560345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697244)"; flow:established,from_client; content:"GET"; http_method; content:"/nb.check|3f|t=totlzp4d"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"vhi.j935.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697244/; classtype:trojan-activity;sid:84560344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.74.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697243/; classtype:trojan-activity;sid:84560343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.135.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697242/; classtype:trojan-activity;sid:84560342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697241)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/d.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697241/; classtype:trojan-activity;sid:84560341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697240)"; flow:established,from_client; content:"GET"; http_method; content:"/9t0ltv.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697240/; classtype:trojan-activity;sid:84560340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697239/; classtype:trojan-activity;sid:84560339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.21.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697238/; classtype:trojan-activity;sid:84560338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697237)"; flow:established,from_client; content:"GET"; http_method; content:"/c6d17zced2.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n8z.lweaq9b.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697237/; classtype:trojan-activity;sid:84560337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.94.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697236/; classtype:trojan-activity;sid:84560336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697235)"; flow:established,from_client; content:"GET"; http_method; content:"/675d47bl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2cr.4qo8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697235/; classtype:trojan-activity;sid:84560335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.208.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697234/; classtype:trojan-activity;sid:84560334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.213.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697233/; classtype:trojan-activity;sid:84560333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.18.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697232/; classtype:trojan-activity;sid:84560332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.91.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697231/; classtype:trojan-activity;sid:84560331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.149.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697230/; classtype:trojan-activity;sid:84560330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697229)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5638395652/knjhfvy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697229/; classtype:trojan-activity;sid:84560329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697228)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5638395652/in6c6sb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697228/; classtype:trojan-activity;sid:84560328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.21.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697225/; classtype:trojan-activity;sid:84560325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.176.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697226/; classtype:trojan-activity;sid:84560326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697227/; classtype:trojan-activity;sid:84560327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697224/; classtype:trojan-activity;sid:84560324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.218.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697223/; classtype:trojan-activity;sid:84560323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.208.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697222/; classtype:trojan-activity;sid:84560322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697221)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5638395652/2zvewwv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697221/; classtype:trojan-activity;sid:84560321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.213.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697220/; classtype:trojan-activity;sid:84560320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.91.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697219/; classtype:trojan-activity;sid:84560319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697218)"; flow:established,from_client; content:"GET"; http_method; content:"/myj0opxfrz.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t8cz.y2u-72.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697218/; classtype:trojan-activity;sid:84560318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697217)"; flow:established,from_client; content:"GET"; http_method; content:"/yysuxosq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7yf.67tf.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697217/; classtype:trojan-activity;sid:84560317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.0.136.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697216/; classtype:trojan-activity;sid:84560316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697214)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8079234796/olhos16.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697214/; classtype:trojan-activity;sid:84560314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.163.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697215/; classtype:trojan-activity;sid:84560315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.218.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697213/; classtype:trojan-activity;sid:84560313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.224.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697212/; classtype:trojan-activity;sid:84560312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697211/; classtype:trojan-activity;sid:84560311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.94.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697210/; classtype:trojan-activity;sid:84560310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697209)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"controllerjs.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697209/; classtype:trojan-activity;sid:84560309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697208)"; flow:established,from_client; content:"GET"; http_method; content:"/scan-doc794559.pdf.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"securefiledepot.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697208/; classtype:trojan-activity;sid:84560308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.15.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697207/; classtype:trojan-activity;sid:84560307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.149.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697203/; classtype:trojan-activity;sid:84560303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.36.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697204/; classtype:trojan-activity;sid:84560304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.163.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697205/; classtype:trojan-activity;sid:84560305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.122.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697206/; classtype:trojan-activity;sid:84560306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697198)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"kislonij.pro"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697198/; classtype:trojan-activity;sid:84560298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.244.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697199/; classtype:trojan-activity;sid:84560299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.82.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697200/; classtype:trojan-activity;sid:84560300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.67.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697201/; classtype:trojan-activity;sid:84560301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.101.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697202/; classtype:trojan-activity;sid:84560302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.49.211.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697197/; classtype:trojan-activity;sid:84560297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697196)"; flow:established,from_client; content:"GET"; http_method; content:"/xmr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.46.158.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697196/; classtype:trojan-activity;sid:84560296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697195)"; flow:established,from_client; content:"GET"; http_method; content:"/d.js"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cpajoliette.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697195/; classtype:trojan-activity;sid:84560295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697194)"; flow:established,from_client; content:"GET"; http_method; content:"/8hqiffi0nv.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g7ya.y2u-72.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697194/; classtype:trojan-activity;sid:84560294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697193)"; flow:established,from_client; content:"GET"; http_method; content:"/01istl74"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lr.znx7.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697193/; classtype:trojan-activity;sid:84560293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697192)"; flow:established,from_client; content:"GET"; http_method; content:"/1a1euw9foo.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g7ya.y2u-72.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697192/; classtype:trojan-activity;sid:84560292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697191)"; flow:established,from_client; content:"GET"; http_method; content:"/r3jxmj54"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"d1o.j935.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697191/; classtype:trojan-activity;sid:84560291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.254.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697190/; classtype:trojan-activity;sid:84560290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697189/; classtype:trojan-activity;sid:84560289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.0.136.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697188/; classtype:trojan-activity;sid:84560288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.157.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697186/; classtype:trojan-activity;sid:84560286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.224.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697187/; classtype:trojan-activity;sid:84560287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.198.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697185/; classtype:trojan-activity;sid:84560285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697184)"; flow:established,from_client; content:"GET"; http_method; content:"/y4ad3w3j"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"io8.oqtx.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697184/; classtype:trojan-activity;sid:84560284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697183)"; flow:established,from_client; content:"GET"; http_method; content:"/ntwne3svc6.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"s2lmx.y2u-72.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697183/; classtype:trojan-activity;sid:84560283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.179.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697182/; classtype:trojan-activity;sid:84560282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.18.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697181/; classtype:trojan-activity;sid:84560281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.162.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697180/; classtype:trojan-activity;sid:84560280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.226.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697178/; classtype:trojan-activity;sid:84560278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.58.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697179/; classtype:trojan-activity;sid:84560279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697177/; classtype:trojan-activity;sid:84560277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.148.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697176/; classtype:trojan-activity;sid:84560276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.254.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697175/; classtype:trojan-activity;sid:84560275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697174/; classtype:trojan-activity;sid:84560274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697173)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/49evsjr.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697173/; classtype:trojan-activity;sid:84560273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697172)"; flow:established,from_client; content:"GET"; http_method; content:"/6oj.check|3f|t=f8kytcpy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lga.5g-t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697172/; classtype:trojan-activity;sid:84560272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697171)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/qq64ifl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697171/; classtype:trojan-activity;sid:84560271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697170)"; flow:established,from_client; content:"GET"; http_method; content:"/files/smm_traff/random.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697170/; classtype:trojan-activity;sid:84560270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.232.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697169/; classtype:trojan-activity;sid:84560269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.58.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697168/; classtype:trojan-activity;sid:84560268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697167)"; flow:established,from_client; content:"GET"; http_method; content:"/u9k.google|3f|t=duybbel4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"k7.v4-z.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697167/; classtype:trojan-activity;sid:84560267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697166)"; flow:established,from_client; content:"GET"; http_method; content:"/stasik.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"exofoods.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697166/; classtype:trojan-activity;sid:84560266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.197.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697165/; classtype:trojan-activity;sid:84560265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697164)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6357156118/v9aq0oo.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697164/; classtype:trojan-activity;sid:84560264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697162)"; flow:established,from_client; content:"GET"; http_method; content:"/files/502259649/valpntr.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697162/; classtype:trojan-activity;sid:84560262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697163)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7323453331/glc6psq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697163/; classtype:trojan-activity;sid:84560263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.210.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697161/; classtype:trojan-activity;sid:84560261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.149.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697160/; classtype:trojan-activity;sid:84560260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.232.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697159/; classtype:trojan-activity;sid:84560259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.93.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697158/; classtype:trojan-activity;sid:84560258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.197.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697157/; classtype:trojan-activity;sid:84560257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.165.13.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697156/; classtype:trojan-activity;sid:84560256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.71.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697155/; classtype:trojan-activity;sid:84560255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697154)"; flow:established,from_client; content:"GET"; http_method; content:"/xf.check|3f|t=nghzi127"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zon.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697154/; classtype:trojan-activity;sid:84560254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697153)"; flow:established,from_client; content:"GET"; http_method; content:"/i87c18c626.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g7c5.kzg-w-4y.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697153/; classtype:trojan-activity;sid:84560253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.210.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697152/; classtype:trojan-activity;sid:84560252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697151)"; flow:established,from_client; content:"GET"; http_method; content:"/mods26t29b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2q9a.kzg-w-4y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697151/; classtype:trojan-activity;sid:84560251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697150)"; flow:established,from_client; content:"GET"; http_method; content:"/hd1.check|3f|t=p2sjp6df"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"9xz.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697150/; classtype:trojan-activity;sid:84560250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697149)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/fgptmxd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697149/; classtype:trojan-activity;sid:84560249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697148)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/gl0ygtd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697148/; classtype:trojan-activity;sid:84560248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697147)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/2o7gwsz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697147/; classtype:trojan-activity;sid:84560247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697146)"; flow:established,from_client; content:"GET"; http_method; content:"/files/503008312/c8c1bbe.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697146/; classtype:trojan-activity;sid:84560246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.75.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697145/; classtype:trojan-activity;sid:84560245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697144/; classtype:trojan-activity;sid:84560244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697143)"; flow:established,from_client; content:"GET"; http_method; content:"/bolwkw7i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9xz.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697143/; classtype:trojan-activity;sid:84560243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697142)"; flow:established,from_client; content:"GET"; http_method; content:"/pj0ehp316v.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e9rn.y2u-72.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697142/; classtype:trojan-activity;sid:84560242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697141)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7559408112/8rsl970.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697141/; classtype:trojan-activity;sid:84560241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697139)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/1yb0enm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697139/; classtype:trojan-activity;sid:84560239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697140)"; flow:established,from_client; content:"GET"; http_method; content:"/files/mr/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697140/; classtype:trojan-activity;sid:84560240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697138)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5851730241/fzcgcte.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697138/; classtype:trojan-activity;sid:84560238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697137)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8434554557/06bk6nu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697137/; classtype:trojan-activity;sid:84560237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697136)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6331503294/dpzcory.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697136/; classtype:trojan-activity;sid:84560236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697135)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7120586914/awt7wkb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697135/; classtype:trojan-activity;sid:84560235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697134)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/ki6doqb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697134/; classtype:trojan-activity;sid:84560234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697132)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5561582465/fz0oky4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697132/; classtype:trojan-activity;sid:84560232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697133)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/hcbsxxl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697133/; classtype:trojan-activity;sid:84560233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.242.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697131/; classtype:trojan-activity;sid:84560231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697130/; classtype:trojan-activity;sid:84560230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697129)"; flow:established,from_client; content:"GET"; http_method; content:"/kbd8lv5bnv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2q9a.kzg-w-4y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697129/; classtype:trojan-activity;sid:84560229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697128)"; flow:established,from_client; content:"GET"; http_method; content:"/jg.check|3f|t=oort30h5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"qak.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697128/; classtype:trojan-activity;sid:84560228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.32.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697127/; classtype:trojan-activity;sid:84560227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697126)"; flow:established,from_client; content:"GET"; http_method; content:"/pja1uy9e"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ljh.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697126/; classtype:trojan-activity;sid:84560226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697125)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique3/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697125/; classtype:trojan-activity;sid:84560225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697124)"; flow:established,from_client; content:"GET"; http_method; content:"/jpbjzt71m5.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u5q8.y2u-72.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697124/; classtype:trojan-activity;sid:84560224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697123)"; flow:established,from_client; content:"GET"; http_method; content:"/gfhf4xzlml.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0bn4.kzg-w-4y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697123/; classtype:trojan-activity;sid:84560223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697122)"; flow:established,from_client; content:"GET"; http_method; content:"/3h.check|3f|t=ey7ujayw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ljh.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697122/; classtype:trojan-activity;sid:84560222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697120)"; flow:established,from_client; content:"GET"; http_method; content:"/zt.check|3f|t=0f6fg9t9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"frt.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697120/; classtype:trojan-activity;sid:84560220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697121)"; flow:established,from_client; content:"GET"; http_method; content:"/8zw1n1gzna.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0bn4.kzg-w-4y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697121/; classtype:trojan-activity;sid:84560221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.127.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697119/; classtype:trojan-activity;sid:84560219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.195.7.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697118/; classtype:trojan-activity;sid:84560218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.242.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697117/; classtype:trojan-activity;sid:84560217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697115)"; flow:established,from_client; content:"GET"; http_method; content:"/gvpvovbu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2pq.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697115/; classtype:trojan-activity;sid:84560215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697116)"; flow:established,from_client; content:"GET"; http_method; content:"/bit587tev1.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n6q.i1msth.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697116/; classtype:trojan-activity;sid:84560216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.190.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697114/; classtype:trojan-activity;sid:84560214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.156.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697113/; classtype:trojan-activity;sid:84560213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697112)"; flow:established,from_client; content:"GET"; http_method; content:"/9duzumrd1d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p8t3k.kzg-w-4y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697112/; classtype:trojan-activity;sid:84560212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697111)"; flow:established,from_client; content:"GET"; http_method; content:"/jq0.google|3f|t=wlb9oh1s"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"00x.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697111/; classtype:trojan-activity;sid:84560211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.32.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697110/; classtype:trojan-activity;sid:84560210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.105.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697109/; classtype:trojan-activity;sid:84560209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697108)"; flow:established,from_client; content:"GET"; http_method; content:"/f7.google|3f|t=uml0m3mn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x9.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697108/; classtype:trojan-activity;sid:84560208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697107)"; flow:established,from_client; content:"GET"; http_method; content:"/n2iefqzyvk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p8t3k.kzg-w-4y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697107/; classtype:trojan-activity;sid:84560207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697106)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cup7.billingfox.digital"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697106/; classtype:trojan-activity;sid:84560206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697105)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"go4it.tarotbag.digital"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697105/; classtype:trojan-activity;sid:84560205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697104)"; flow:established,from_client; content:"GET"; http_method; content:"/qp2eo5facl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1r6.kzg-w-4y.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697104/; classtype:trojan-activity;sid:84560204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697103)"; flow:established,from_client; content:"GET"; http_method; content:"/ybk.google|3f|t=eox242ll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5x.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697103/; classtype:trojan-activity;sid:84560203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697102)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"antifs.site"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697102/; classtype:trojan-activity;sid:84560202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697101)"; flow:established,from_client; content:"GET"; http_method; content:"/signalaway.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"signalaway.world"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697101/; classtype:trojan-activity;sid:84560201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697100)"; flow:established,from_client; content:"GET"; http_method; content:"/dlq/180_25e5_2586_25b0_25e9_259b_25aa_25e6_2598_259f_25e7_258e_258b_25e5_2590_2588_25e5_2587_25bb.rar"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"pk256.xin"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697100/; classtype:trojan-activity;sid:84560200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697099)"; flow:established,from_client; content:"GET"; http_method; content:"/bezprobok.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bezprobok.pro"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697099/; classtype:trojan-activity;sid:84560199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697098)"; flow:established,from_client; content:"GET"; http_method; content:"/stb/retev.php|3f|bl=tgpebjtxdrfj2u5fjtpre008.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"i-slept-with-ur.mom"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697098/; classtype:trojan-activity;sid:84560198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697097)"; flow:established,from_client; content:"GET"; http_method; content:"/stb/retev.php|3f|bl=qtuvl0pcseglafunszpre008.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"vcc-library.uk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697097/; classtype:trojan-activity;sid:84560197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697096)"; flow:established,from_client; content:"GET"; http_method; content:"/dva.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"62.60.226.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697096/; classtype:trojan-activity;sid:84560196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697094)"; flow:established,from_client; content:"GET"; http_method; content:"/cz.check|3f|t=zf9lib24"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"04.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697094/; classtype:trojan-activity;sid:84560194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697095)"; flow:established,from_client; content:"GET"; http_method; content:"/tvrzkwy0xb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1r6.kzg-w-4y.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697095/; classtype:trojan-activity;sid:84560195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.74.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697093/; classtype:trojan-activity;sid:84560193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.213.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697092/; classtype:trojan-activity;sid:84560192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.105.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697091/; classtype:trojan-activity;sid:84560191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697090)"; flow:established,from_client; content:"GET"; http_method; content:"/hkmqka65"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"04.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697090/; classtype:trojan-activity;sid:84560190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697089)"; flow:established,from_client; content:"GET"; http_method; content:"/zonfm995lo.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u5bd1.i1msth.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697089/; classtype:trojan-activity;sid:84560189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.207.52.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697088/; classtype:trojan-activity;sid:84560188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.150.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697087/; classtype:trojan-activity;sid:84560187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.233.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697086/; classtype:trojan-activity;sid:84560186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.140.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697085/; classtype:trojan-activity;sid:84560185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.135.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697084/; classtype:trojan-activity;sid:84560184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.9.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697083/; classtype:trojan-activity;sid:84560183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.233.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697082/; classtype:trojan-activity;sid:84560182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.207.52.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697081/; classtype:trojan-activity;sid:84560181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697079/; classtype:trojan-activity;sid:84560179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.140.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697080/; classtype:trojan-activity;sid:84560180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697078)"; flow:established,from_client; content:"GET"; http_method; content:"/a6xrbn5uka.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n3w7a.gfk-8120.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697078/; classtype:trojan-activity;sid:84560178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697077)"; flow:established,from_client; content:"GET"; http_method; content:"/spi.google|3f|t=v3o7udlf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"d9.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697077/; classtype:trojan-activity;sid:84560177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.76.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697076/; classtype:trojan-activity;sid:84560176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697074)"; flow:established,from_client; content:"GET"; http_method; content:"/co0nk6ihzn.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k0sj.i1msth.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697074/; classtype:trojan-activity;sid:84560174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697075)"; flow:established,from_client; content:"GET"; http_method; content:"/40f2xh01"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"d9.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697075/; classtype:trojan-activity;sid:84560175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.95.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697073/; classtype:trojan-activity;sid:84560173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.135.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697072/; classtype:trojan-activity;sid:84560172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697071)"; flow:established,from_client; content:"GET"; http_method; content:"/le9opakhea.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k0sj.i1msth.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697071/; classtype:trojan-activity;sid:84560171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697070)"; flow:established,from_client; content:"GET"; http_method; content:"/b5q7ppe5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m7.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697070/; classtype:trojan-activity;sid:84560170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.76.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697069/; classtype:trojan-activity;sid:84560169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697068/; classtype:trojan-activity;sid:84560168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697067)"; flow:established,from_client; content:"GET"; http_method; content:"/u0409oqb3y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n3w7a.gfk-8120.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697067/; classtype:trojan-activity;sid:84560167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697066)"; flow:established,from_client; content:"GET"; http_method; content:"/8h.google|3f|t=7jotivni"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m7.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697066/; classtype:trojan-activity;sid:84560166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.74.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697065/; classtype:trojan-activity;sid:84560165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697064/; classtype:trojan-activity;sid:84560164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.121.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697063/; classtype:trojan-activity;sid:84560163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697062)"; flow:established,from_client; content:"GET"; http_method; content:"/ka345qg5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20q.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697062/; classtype:trojan-activity;sid:84560162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697061)"; flow:established,from_client; content:"GET"; http_method; content:"/z4vis9187u.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r8y.i1msth.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697061/; classtype:trojan-activity;sid:84560161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697059)"; flow:established,from_client; content:"GET"; http_method; content:"/gl3jn2mkbr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r5z0t.gfk-8120.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697059/; classtype:trojan-activity;sid:84560159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697060)"; flow:established,from_client; content:"GET"; http_method; content:"/s2.google|3f|t=giu16s8f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"20q.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697060/; classtype:trojan-activity;sid:84560160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.79.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697058/; classtype:trojan-activity;sid:84560158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697057/; classtype:trojan-activity;sid:84560157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.23.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697056/; classtype:trojan-activity;sid:84560156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.247.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697055/; classtype:trojan-activity;sid:84560155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.168.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697054/; classtype:trojan-activity;sid:84560154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697053)"; flow:established,from_client; content:"GET"; http_method; content:"/q0eq3r8e"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"h93.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697053/; classtype:trojan-activity;sid:84560153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697052)"; flow:established,from_client; content:"GET"; http_method; content:"/bonavroop8.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r8y.i1msth.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697052/; classtype:trojan-activity;sid:84560152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697051)"; flow:established,from_client; content:"GET"; http_method; content:"/47d.google|3f|t=qxz19a6r"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h93.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697051/; classtype:trojan-activity;sid:84560151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.157.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697050/; classtype:trojan-activity;sid:84560150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697049)"; flow:established,from_client; content:"GET"; http_method; content:"/bguthxgq2q.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c2x8.gfk-8120.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697049/; classtype:trojan-activity;sid:84560149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697048)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7323453331/glc6psq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697048/; classtype:trojan-activity;sid:84560148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697047/; classtype:trojan-activity;sid:84560147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.32.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697046/; classtype:trojan-activity;sid:84560146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697045/; classtype:trojan-activity;sid:84560145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697043)"; flow:established,from_client; content:"GET"; http_method; content:"/0rqvup0545.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c2x8.gfk-8120.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697043/; classtype:trojan-activity;sid:84560143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697044)"; flow:established,from_client; content:"GET"; http_method; content:"/qv1.check|3f|t=wq2fbjsj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ke0.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697044/; classtype:trojan-activity;sid:84560144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697042)"; flow:established,from_client; content:"GET"; http_method; content:"/b6oxmcxp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"z6l.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697042/; classtype:trojan-activity;sid:84560142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697041)"; flow:established,from_client; content:"GET"; http_method; content:"/vnrtj9xzmw.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p3nkd.i1msth.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697041/; classtype:trojan-activity;sid:84560141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.184.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697040/; classtype:trojan-activity;sid:84560140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.149.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697039/; classtype:trojan-activity;sid:84560139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697038)"; flow:established,from_client; content:"GET"; http_method; content:"/0s.check|3f|t=4u4qpggx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z6l.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697038/; classtype:trojan-activity;sid:84560138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697037)"; flow:established,from_client; content:"GET"; http_method; content:"/demm5uh9yj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a7m1v.gfk-8120.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697037/; classtype:trojan-activity;sid:84560137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.210.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697036/; classtype:trojan-activity;sid:84560136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.148.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697035/; classtype:trojan-activity;sid:84560135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.32.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697034/; classtype:trojan-activity;sid:84560134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697033)"; flow:established,from_client; content:"GET"; http_method; content:"/0kobrejl2y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h4p9q.gfk-8120.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697033/; classtype:trojan-activity;sid:84560133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697032)"; flow:established,from_client; content:"GET"; http_method; content:"/e0.check|3f|t=4a1yxhgm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"els.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697032/; classtype:trojan-activity;sid:84560132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.125.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697031/; classtype:trojan-activity;sid:84560131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697030)"; flow:established,from_client; content:"GET"; http_method; content:"/hcwchr514x.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t9w4.i1msth.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697030/; classtype:trojan-activity;sid:84560130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697028)"; flow:established,from_client; content:"GET"; http_method; content:"/87.google|3f|t=w1fhiy5f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n5i.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697028/; classtype:trojan-activity;sid:84560128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697029)"; flow:established,from_client; content:"GET"; http_method; content:"/408wt23p"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wdr.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697029/; classtype:trojan-activity;sid:84560129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.184.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697027/; classtype:trojan-activity;sid:84560127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697026/; classtype:trojan-activity;sid:84560126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.140.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697025/; classtype:trojan-activity;sid:84560125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.148.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697024/; classtype:trojan-activity;sid:84560124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.22.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697023/; classtype:trojan-activity;sid:84560123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697022)"; flow:established,from_client; content:"GET"; http_method; content:"/qk79ofhx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0x0.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697022/; classtype:trojan-activity;sid:84560122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.74.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697021/; classtype:trojan-activity;sid:84560121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.221.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697020/; classtype:trojan-activity;sid:84560120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697018)"; flow:established,from_client; content:"GET"; http_method; content:"/z09iweqk93.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u0x9a.3-f72v.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697018/; classtype:trojan-activity;sid:84560118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697019)"; flow:established,from_client; content:"GET"; http_method; content:"/kq.check|3f|t=t7i2u9wb"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2e.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697019/; classtype:trojan-activity;sid:84560119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.8.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697017/; classtype:trojan-activity;sid:84560117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.236.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697015/; classtype:trojan-activity;sid:84560115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.152.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697016/; classtype:trojan-activity;sid:84560116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697013)"; flow:established,from_client; content:"GET"; http_method; content:"/0q.check|3f|t=f7fuqx5x"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"aj.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697013/; classtype:trojan-activity;sid:84560113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697014)"; flow:established,from_client; content:"GET"; http_method; content:"/wie4js1mje.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c8r5q.3-f72v.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697014/; classtype:trojan-activity;sid:84560114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.22.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697012/; classtype:trojan-activity;sid:84560112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.85.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697011/; classtype:trojan-activity;sid:84560111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.60.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697008/; classtype:trojan-activity;sid:84560108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.249.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697009/; classtype:trojan-activity;sid:84560109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.87.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697010/; classtype:trojan-activity;sid:84560110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.28.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697006/; classtype:trojan-activity;sid:84560106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.124.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697007/; classtype:trojan-activity;sid:84560107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697005)"; flow:established,from_client; content:"GET"; http_method; content:"/oxxp3vva20.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y1t4.3-f72v.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697005/; classtype:trojan-activity;sid:84560105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.174.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697004/; classtype:trojan-activity;sid:84560104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.117.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697001/; classtype:trojan-activity;sid:84560101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.15.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697002/; classtype:trojan-activity;sid:84560102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.115.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697003/; classtype:trojan-activity;sid:84560103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697000)"; flow:established,from_client; content:"GET"; http_method; content:"/30.google|3f|t=hfojfize"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pv.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697000/; classtype:trojan-activity;sid:84560100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696999)"; flow:established,from_client; content:"GET"; http_method; content:"/z8hqvfs68r.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2v.i1msth.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696999/; classtype:trojan-activity;sid:84560099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696998)"; flow:established,from_client; content:"GET"; http_method; content:"/zned9bye"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pv.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696998/; classtype:trojan-activity;sid:84560098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.121.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696997/; classtype:trojan-activity;sid:84560097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.221.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696996/; classtype:trojan-activity;sid:84560096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.117.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696995/; classtype:trojan-activity;sid:84560095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696994)"; flow:established,from_client; content:"GET"; http_method; content:"/auk9h5epuf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k3d8n.3-f72v.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696994/; classtype:trojan-activity;sid:84560094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696993)"; flow:established,from_client; content:"GET"; http_method; content:"/f8m.google|3f|t=y3c0v94a"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bh.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696993/; classtype:trojan-activity;sid:84560093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696992)"; flow:established,from_client; content:"GET"; http_method; content:"/a1l4m/2e771fb306028fabfc8e098427181f78/raw/37f3db6b29d64f1045fb60967d6297f525ddf443/iamthedanger.txt"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696992/; classtype:trojan-activity;sid:84560092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696991)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/refs/heads/main/server_upload.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696991/; classtype:trojan-activity;sid:84560091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696990)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/refs/heads/main/serverupload.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696990/; classtype:trojan-activity;sid:84560090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696989)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/refs/heads/main/host_fileupload.txt"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696989/; classtype:trojan-activity;sid:84560089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696986)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/refs/heads/main/_serverupload.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696986/; classtype:trojan-activity;sid:84560086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696987)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/refs/heads/main/_server_upload.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696987/; classtype:trojan-activity;sid:84560087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696988)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/refs/heads/main/hostupload.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696988/; classtype:trojan-activity;sid:84560088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696985)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/raw/refs/heads/main/image.rar"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696985/; classtype:trojan-activity;sid:84560085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.29.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696984/; classtype:trojan-activity;sid:84560084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696982)"; flow:established,from_client; content:"GET"; http_method; content:"/ks.google|3f|t=l2hza5y6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tz.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696982/; classtype:trojan-activity;sid:84560082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696983)"; flow:established,from_client; content:"GET"; http_method; content:"/f6drxigi05.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a9p7m.3-f72v.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696983/; classtype:trojan-activity;sid:84560083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696981)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/housewkk/clientphonupload.txt"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"vqfdkhdzsgauegpvqiem.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696981/; classtype:trojan-activity;sid:84560081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696980)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/housewkk/clientrjupload(1).txt"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"vqfdkhdzsgauegpvqiem.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696980/; classtype:trojan-activity;sid:84560080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696979)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/refs/heads/main/image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696979/; classtype:trojan-activity;sid:84560079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.51.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696978/; classtype:trojan-activity;sid:84560078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696977)"; flow:established,from_client; content:"GET"; http_method; content:"/4hxan3ssxm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l6q2.3-f72v.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696977/; classtype:trojan-activity;sid:84560077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696976)"; flow:established,from_client; content:"GET"; http_method; content:"/te.google|3f|t=c31i8any"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t0.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696976/; classtype:trojan-activity;sid:84560076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696975)"; flow:established,from_client; content:"GET"; http_method; content:"/p5jb49jz78.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c5jqq.s64lr5ok.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696975/; classtype:trojan-activity;sid:84560075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696974)"; flow:established,from_client; content:"GET"; http_method; content:"/4yhhghmi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696974/; classtype:trojan-activity;sid:84560074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696973/; classtype:trojan-activity;sid:84560073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696972)"; flow:established,from_client; content:"GET"; http_method; content:"/ou.google|3f|t=cols2d8u"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tc.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696972/; classtype:trojan-activity;sid:84560072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.51.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696971/; classtype:trojan-activity;sid:84560071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696970)"; flow:established,from_client; content:"GET"; http_method; content:"/l1i1cag1og.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j4z8m.x625v7.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696970/; classtype:trojan-activity;sid:84560070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696969)"; flow:established,from_client; content:"GET"; http_method; content:"/zk1egbbj7p.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yx0n.s64lr5ok.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696969/; classtype:trojan-activity;sid:84560069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696968)"; flow:established,from_client; content:"GET"; http_method; content:"/noqfhps8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tc.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696968/; classtype:trojan-activity;sid:84560068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.28.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696967/; classtype:trojan-activity;sid:84560067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696966)"; flow:established,from_client; content:"GET"; http_method; content:"/q2vx4rqa82.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j4z8m.x625v7.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696966/; classtype:trojan-activity;sid:84560066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696965)"; flow:established,from_client; content:"GET"; http_method; content:"/wku.google|3f|t=ew6qba1c"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"7r.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696965/; classtype:trojan-activity;sid:84560065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.13.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696964/; classtype:trojan-activity;sid:84560064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.73.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696963/; classtype:trojan-activity;sid:84560063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.152.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696962/; classtype:trojan-activity;sid:84560062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.14.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696961/; classtype:trojan-activity;sid:84560061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.9.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696960/; classtype:trojan-activity;sid:84560060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696959)"; flow:established,from_client; content:"GET"; http_method; content:"/host/obfuscated%20(30).7z"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"147.124.222.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696959/; classtype:trojan-activity;sid:84560059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.248.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696958/; classtype:trojan-activity;sid:84560058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.28.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696956/; classtype:trojan-activity;sid:84560056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696957)"; flow:established,from_client; content:"GET"; http_method; content:"/view/drive-qxsq0z8v1hmi/screen|3f|fileid=60041034"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"sites.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696957/; classtype:trojan-activity;sid:84560057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.95.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696955/; classtype:trojan-activity;sid:84560055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696934)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696934/; classtype:trojan-activity;sid:84560034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696935)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696935/; classtype:trojan-activity;sid:84560035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696936)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696936/; classtype:trojan-activity;sid:84560036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696937)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696937/; classtype:trojan-activity;sid:84560037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696938)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696938/; classtype:trojan-activity;sid:84560038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696939)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696939/; classtype:trojan-activity;sid:84560039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696940)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696940/; classtype:trojan-activity;sid:84560040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696941)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696941/; classtype:trojan-activity;sid:84560041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696942)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696942/; classtype:trojan-activity;sid:84560042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696943)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696943/; classtype:trojan-activity;sid:84560043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696944)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696944/; classtype:trojan-activity;sid:84560044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696945)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696945/; classtype:trojan-activity;sid:84560045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696946)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696946/; classtype:trojan-activity;sid:84560046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696947)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696947/; classtype:trojan-activity;sid:84560047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696948)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696948/; classtype:trojan-activity;sid:84560048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696949)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696949/; classtype:trojan-activity;sid:84560049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696950)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696950/; classtype:trojan-activity;sid:84560050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696951)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696951/; classtype:trojan-activity;sid:84560051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696952)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696952/; classtype:trojan-activity;sid:84560052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696953)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696953/; classtype:trojan-activity;sid:84560053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696954)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696954/; classtype:trojan-activity;sid:84560054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696933)"; flow:established,from_client; content:"GET"; http_method; content:"/zdnqvtw8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mx.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696933/; classtype:trojan-activity;sid:84560033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696932)"; flow:established,from_client; content:"GET"; http_method; content:"/pipa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bilkaso.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696932/; classtype:trojan-activity;sid:84560032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696930)"; flow:established,from_client; content:"GET"; http_method; content:"/2bby1buglr.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zf42.s64lr5ok.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696930/; classtype:trojan-activity;sid:84560030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696931)"; flow:established,from_client; content:"GET"; http_method; content:"/rbcheat/taga/raw/refs/heads/main/um.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696931/; classtype:trojan-activity;sid:84560031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696929)"; flow:established,from_client; content:"GET"; http_method; content:"/host/sirrrrdeee.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"147.124.222.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696929/; classtype:trojan-activity;sid:84560029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696928)"; flow:established,from_client; content:"GET"; http_method; content:"/host/resoconto%20insoluti%20al%2031102025%20-%20attenzione%20iban.7z"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"147.124.222.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696928/; classtype:trojan-activity;sid:84560028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696927)"; flow:established,from_client; content:"GET"; http_method; content:"/xmuiibxmaw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s0h5.x625v7.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696927/; classtype:trojan-activity;sid:84560027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696926)"; flow:established,from_client; content:"GET"; http_method; content:"/4ab.check|3f|t=te1bepnr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"2iz.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696926/; classtype:trojan-activity;sid:84560026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696925)"; flow:established,from_client; content:"GET"; http_method; content:"/rbcheat/xxxx/raw/refs/heads/main/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696925/; classtype:trojan-activity;sid:84560025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696924)"; flow:established,from_client; content:"GET"; http_method; content:"/rbcheat/kiljo/raw/refs/heads/main/umbral.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696924/; classtype:trojan-activity;sid:84560024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.115.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696923/; classtype:trojan-activity;sid:84560023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696919)"; flow:established,from_client; content:"GET"; http_method; content:"/rbcheat/svchost/raw/refs/heads/main/svchost.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696919/; classtype:trojan-activity;sid:84560019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696920)"; flow:established,from_client; content:"GET"; http_method; content:"/rbcheat/xeno/raw/refs/heads/main/xenoui.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696920/; classtype:trojan-activity;sid:84560020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696921)"; flow:established,from_client; content:"GET"; http_method; content:"/rbcheat/injector/raw/refs/heads/main/delta_executor_private.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696921/; classtype:trojan-activity;sid:84560021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696922)"; flow:established,from_client; content:"GET"; http_method; content:"/rbcheat/xdwd/raw/refs/heads/main/client.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696922/; classtype:trojan-activity;sid:84560022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696918)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5298241443/zulhcuh.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696918/; classtype:trojan-activity;sid:84560018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.203.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696917/; classtype:trojan-activity;sid:84560017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.152.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696916/; classtype:trojan-activity;sid:84560016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696915/; classtype:trojan-activity;sid:84560015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.73.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696914/; classtype:trojan-activity;sid:84560014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696913/; classtype:trojan-activity;sid:84560013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.13.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696912/; classtype:trojan-activity;sid:84560012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.248.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696911/; classtype:trojan-activity;sid:84560011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.6.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696910/; classtype:trojan-activity;sid:84560010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696909)"; flow:established,from_client; content:"GET"; http_method; content:"/he2.check|3f|t=tqqqt255"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vyc.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696909/; classtype:trojan-activity;sid:84560009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696908)"; flow:established,from_client; content:"GET"; http_method; content:"/hkxkjppvhv.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a7r.s64lr5ok.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696908/; classtype:trojan-activity;sid:84560008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696906)"; flow:established,from_client; content:"GET"; http_method; content:"/cdyyi9tt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vyc.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696906/; classtype:trojan-activity;sid:84560006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696907)"; flow:established,from_client; content:"GET"; http_method; content:"/u1hh2bs3zp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e7v1n.x625v7.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696907/; classtype:trojan-activity;sid:84560007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.89.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696904/; classtype:trojan-activity;sid:84560004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.48.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696905/; classtype:trojan-activity;sid:84560005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696902)"; flow:established,from_client; content:"GET"; http_method; content:"/dsj.check|3f|t=8jdlg4m7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5ha.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696902/; classtype:trojan-activity;sid:84560002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696903)"; flow:established,from_client; content:"GET"; http_method; content:"/dl7rzsp87n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e7v1n.x625v7.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696903/; classtype:trojan-activity;sid:84560003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.122.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696901/; classtype:trojan-activity;sid:84560001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.10.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696900/; classtype:trojan-activity;sid:84560000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696899/; classtype:trojan-activity;sid:84559999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.248.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696898/; classtype:trojan-activity;sid:84559998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696897)"; flow:established,from_client; content:"GET"; http_method; content:"/ran5gxgqwr.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m3t8p.s64lr5ok.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696897/; classtype:trojan-activity;sid:84559997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696896)"; flow:established,from_client; content:"GET"; http_method; content:"/p9r9bl9p"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"chu.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696896/; classtype:trojan-activity;sid:84559996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.195.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696895/; classtype:trojan-activity;sid:84559995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696894)"; flow:established,from_client; content:"GET"; http_method; content:"/mz8q073erd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p6m4q.x625v7.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696894/; classtype:trojan-activity;sid:84559994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696893)"; flow:established,from_client; content:"GET"; http_method; content:"/n7l.google|3f|t=gfkk4nn5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"chu.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696893/; classtype:trojan-activity;sid:84559993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.21.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696892/; classtype:trojan-activity;sid:84559992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.122.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696891/; classtype:trojan-activity;sid:84559991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696890/; classtype:trojan-activity;sid:84559990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696889/; classtype:trojan-activity;sid:84559989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696888)"; flow:established,from_client; content:"GET"; http_method; content:"/cu6.check|3f|t=wl7wqmmh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xqs.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696888/; classtype:trojan-activity;sid:84559988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696887)"; flow:established,from_client; content:"GET"; http_method; content:"/22tx6w3812.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t2k8.x625v7.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696887/; classtype:trojan-activity;sid:84559987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.2.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696886/; classtype:trojan-activity;sid:84559986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696885/; classtype:trojan-activity;sid:84559985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.182.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696884/; classtype:trojan-activity;sid:84559984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.10.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696883/; classtype:trojan-activity;sid:84559983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.103.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696881/; classtype:trojan-activity;sid:84559981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.187.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696882/; classtype:trojan-activity;sid:84559982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.29.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696880/; classtype:trojan-activity;sid:84559980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696879/; classtype:trojan-activity;sid:84559979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696878)"; flow:established,from_client; content:"GET"; http_method; content:"/0qa.check|3f|t=7ci9x0tp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"2zs.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696878/; classtype:trojan-activity;sid:84559978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696877)"; flow:established,from_client; content:"GET"; http_method; content:"/4apcd7a5ld.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w9c3a.x625v7.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696877/; classtype:trojan-activity;sid:84559977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696876)"; flow:established,from_client; content:"GET"; http_method; content:"/vm1j0cv9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2zs.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696876/; classtype:trojan-activity;sid:84559976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696875)"; flow:established,from_client; content:"GET"; http_method; content:"/youxhl3w16.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q1zd.s64lr5ok.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696875/; classtype:trojan-activity;sid:84559975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696874)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.7.129.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696874/; classtype:trojan-activity;sid:84559974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696873)"; flow:established,from_client; content:"GET"; http_method; content:"/j1zvk7df1v.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q1zd.s64lr5ok.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696873/; classtype:trojan-activity;sid:84559973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696872)"; flow:established,from_client; content:"GET"; http_method; content:"/2j257aij"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2z.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696872/; classtype:trojan-activity;sid:84559972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.2.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696871/; classtype:trojan-activity;sid:84559971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696870/; classtype:trojan-activity;sid:84559970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696869/; classtype:trojan-activity;sid:84559969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.187.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696867/; classtype:trojan-activity;sid:84559967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.182.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696868/; classtype:trojan-activity;sid:84559968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696866/; classtype:trojan-activity;sid:84559966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.17.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696865/; classtype:trojan-activity;sid:84559965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696863)"; flow:established,from_client; content:"GET"; http_method; content:"/lqvgrhgz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4q.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696863/; classtype:trojan-activity;sid:84559963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696864)"; flow:established,from_client; content:"GET"; http_method; content:"/qor11ohklo.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v9k.s64lr5ok.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696864/; classtype:trojan-activity;sid:84559964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696862/; classtype:trojan-activity;sid:84559962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.53.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696861/; classtype:trojan-activity;sid:84559961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.236.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696860/; classtype:trojan-activity;sid:84559960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.103.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696859/; classtype:trojan-activity;sid:84559959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.113.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696858/; classtype:trojan-activity;sid:84559958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.69.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696857/; classtype:trojan-activity;sid:84559957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.182.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696856/; classtype:trojan-activity;sid:84559956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696855)"; flow:established,from_client; content:"GET"; http_method; content:"/51zy4trnc5.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z3.aaty4qdy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696855/; classtype:trojan-activity;sid:84559955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696854)"; flow:established,from_client; content:"GET"; http_method; content:"/2ajg0c5i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"88.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696854/; classtype:trojan-activity;sid:84559954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.16.212"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696853/; classtype:trojan-activity;sid:84559953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696852)"; flow:established,from_client; content:"GET"; http_method; content:"/09icbk8v"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"40.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696852/; classtype:trojan-activity;sid:84559952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696851)"; flow:established,from_client; content:"GET"; http_method; content:"/k2dro8pgkg.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z3.aaty4qdy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696851/; classtype:trojan-activity;sid:84559951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.121.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696850/; classtype:trojan-activity;sid:84559950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.17.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696849/; classtype:trojan-activity;sid:84559949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696848/; classtype:trojan-activity;sid:84559948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.53.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696847/; classtype:trojan-activity;sid:84559947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696846/; classtype:trojan-activity;sid:84559946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696843/; classtype:trojan-activity;sid:84559943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696844)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696844/; classtype:trojan-activity;sid:84559944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696845)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696845/; classtype:trojan-activity;sid:84559945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696832)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696832/; classtype:trojan-activity;sid:84559932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696833/; classtype:trojan-activity;sid:84559933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696834/; classtype:trojan-activity;sid:84559934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696835)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696835/; classtype:trojan-activity;sid:84559935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696836)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696836/; classtype:trojan-activity;sid:84559936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696837/; classtype:trojan-activity;sid:84559937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696838/; classtype:trojan-activity;sid:84559938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696839/; classtype:trojan-activity;sid:84559939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696840/; classtype:trojan-activity;sid:84559940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696841/; classtype:trojan-activity;sid:84559941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696842)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696842/; classtype:trojan-activity;sid:84559942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.149.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696831/; classtype:trojan-activity;sid:84559931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.184.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696830/; classtype:trojan-activity;sid:84559930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696829)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696829/; classtype:trojan-activity;sid:84559929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696828)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696828/; classtype:trojan-activity;sid:84559928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696825)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696825/; classtype:trojan-activity;sid:84559925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696826)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696826/; classtype:trojan-activity;sid:84559926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696827)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696827/; classtype:trojan-activity;sid:84559927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696818)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696818/; classtype:trojan-activity;sid:84559918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696819)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696819/; classtype:trojan-activity;sid:84559919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696820)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696820/; classtype:trojan-activity;sid:84559920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696821)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696821/; classtype:trojan-activity;sid:84559921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696822)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696822/; classtype:trojan-activity;sid:84559922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696823)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696823/; classtype:trojan-activity;sid:84559923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696824)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696824/; classtype:trojan-activity;sid:84559924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696808)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696808/; classtype:trojan-activity;sid:84559908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696809)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696809/; classtype:trojan-activity;sid:84559909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696810)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696810/; classtype:trojan-activity;sid:84559910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696811)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696811/; classtype:trojan-activity;sid:84559911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696812)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696812/; classtype:trojan-activity;sid:84559912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696813/; classtype:trojan-activity;sid:84559913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696814/; classtype:trojan-activity;sid:84559914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696815)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696815/; classtype:trojan-activity;sid:84559915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696816)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696816/; classtype:trojan-activity;sid:84559916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696817)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696817/; classtype:trojan-activity;sid:84559917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696807)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696807/; classtype:trojan-activity;sid:84559907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696797)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696797/; classtype:trojan-activity;sid:84559897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696798)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696798/; classtype:trojan-activity;sid:84559898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696799/; classtype:trojan-activity;sid:84559899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696800)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696800/; classtype:trojan-activity;sid:84559900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696801)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696801/; classtype:trojan-activity;sid:84559901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696802)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696802/; classtype:trojan-activity;sid:84559902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696803)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696803/; classtype:trojan-activity;sid:84559903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696804/; classtype:trojan-activity;sid:84559904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696805)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696805/; classtype:trojan-activity;sid:84559905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696806)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696806/; classtype:trojan-activity;sid:84559906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696796)"; flow:established,from_client; content:"GET"; http_method; content:"/j31wpxpmpd.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qm8.aaty4qdy.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696796/; classtype:trojan-activity;sid:84559896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.198.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696786/; classtype:trojan-activity;sid:84559886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696787)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696787/; classtype:trojan-activity;sid:84559887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696788)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696788/; classtype:trojan-activity;sid:84559888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696789)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696789/; classtype:trojan-activity;sid:84559889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696790)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696790/; classtype:trojan-activity;sid:84559890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696791)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696791/; classtype:trojan-activity;sid:84559891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696792)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696792/; classtype:trojan-activity;sid:84559892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696793)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696793/; classtype:trojan-activity;sid:84559893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696794)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696794/; classtype:trojan-activity;sid:84559894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696795)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696795/; classtype:trojan-activity;sid:84559895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696776/; classtype:trojan-activity;sid:84559876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696777/; classtype:trojan-activity;sid:84559877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696778/; classtype:trojan-activity;sid:84559878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696779/; classtype:trojan-activity;sid:84559879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696780/; classtype:trojan-activity;sid:84559880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696781/; classtype:trojan-activity;sid:84559881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696782/; classtype:trojan-activity;sid:84559882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696783/; classtype:trojan-activity;sid:84559883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696784)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696784/; classtype:trojan-activity;sid:84559884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.116.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696785/; classtype:trojan-activity;sid:84559885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696775)"; flow:established,from_client; content:"GET"; http_method; content:"/yqn57u1g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5j.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696775/; classtype:trojan-activity;sid:84559875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696774)"; flow:established,from_client; content:"GET"; http_method; content:"/i6x84l7lwv.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1x.aaty4qdy.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696774/; classtype:trojan-activity;sid:84559874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696773)"; flow:established,from_client; content:"GET"; http_method; content:"/a21qyava"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3d.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696773/; classtype:trojan-activity;sid:84559873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696770)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696770/; classtype:trojan-activity;sid:84559870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696771)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696771/; classtype:trojan-activity;sid:84559871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696772)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696772/; classtype:trojan-activity;sid:84559872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696768/; classtype:trojan-activity;sid:84559868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696769)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696769/; classtype:trojan-activity;sid:84559869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696766/; classtype:trojan-activity;sid:84559866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696767)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696767/; classtype:trojan-activity;sid:84559867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696755)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696755/; classtype:trojan-activity;sid:84559855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696756/; classtype:trojan-activity;sid:84559856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696757)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696757/; classtype:trojan-activity;sid:84559857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696758)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696758/; classtype:trojan-activity;sid:84559858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696759)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696759/; classtype:trojan-activity;sid:84559859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696760)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696760/; classtype:trojan-activity;sid:84559860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696761)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696761/; classtype:trojan-activity;sid:84559861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696762)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696762/; classtype:trojan-activity;sid:84559862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696763/; classtype:trojan-activity;sid:84559863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696764)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696764/; classtype:trojan-activity;sid:84559864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696765/; classtype:trojan-activity;sid:84559865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696750)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696750/; classtype:trojan-activity;sid:84559850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.56.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696751/; classtype:trojan-activity;sid:84559851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696752/; classtype:trojan-activity;sid:84559852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696753)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696753/; classtype:trojan-activity;sid:84559853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696754)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696754/; classtype:trojan-activity;sid:84559854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696749)"; flow:established,from_client; content:"GET"; http_method; content:"/0krhsmjnxy.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1x.aaty4qdy.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696749/; classtype:trojan-activity;sid:84559849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696748)"; flow:established,from_client; content:"GET"; http_method; content:"/ipggaa2c"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dp.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696748/; classtype:trojan-activity;sid:84559848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696747/; classtype:trojan-activity;sid:84559847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.80.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696746/; classtype:trojan-activity;sid:84559846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.29.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696745/; classtype:trojan-activity;sid:84559845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696742/; classtype:trojan-activity;sid:84559842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696743)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.armv7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696743/; classtype:trojan-activity;sid:84559843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696744)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.arm64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696744/; classtype:trojan-activity;sid:84559844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696741/; classtype:trojan-activity;sid:84559841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696736)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696736/; classtype:trojan-activity;sid:84559836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696737/; classtype:trojan-activity;sid:84559837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696738)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696738/; classtype:trojan-activity;sid:84559838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696739)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.arm64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696739/; classtype:trojan-activity;sid:84559839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696740)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696740/; classtype:trojan-activity;sid:84559840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.184.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696734/; classtype:trojan-activity;sid:84559834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696735)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696735/; classtype:trojan-activity;sid:84559835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696733)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.arm64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696733/; classtype:trojan-activity;sid:84559833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696731)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696731/; classtype:trojan-activity;sid:84559831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696732)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.armv7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696732/; classtype:trojan-activity;sid:84559832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696725)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696725/; classtype:trojan-activity;sid:84559825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696726)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.arm64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696726/; classtype:trojan-activity;sid:84559826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696727)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696727/; classtype:trojan-activity;sid:84559827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696728)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696728/; classtype:trojan-activity;sid:84559828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696729)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696729/; classtype:trojan-activity;sid:84559829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696730)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696730/; classtype:trojan-activity;sid:84559830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696724)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696724/; classtype:trojan-activity;sid:84559824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696723)"; flow:established,from_client; content:"GET"; http_method; content:"/g5e1vmv4tb.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h4.aaty4qdy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696723/; classtype:trojan-activity;sid:84559823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696722)"; flow:established,from_client; content:"GET"; http_method; content:"/houzqdxm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"oos.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696722/; classtype:trojan-activity;sid:84559822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.34.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696721/; classtype:trojan-activity;sid:84559821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696720)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696720/; classtype:trojan-activity;sid:84559820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696719)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696719/; classtype:trojan-activity;sid:84559819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696717)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696717/; classtype:trojan-activity;sid:84559817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696718)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696718/; classtype:trojan-activity;sid:84559818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696715)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696715/; classtype:trojan-activity;sid:84559815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696716)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696716/; classtype:trojan-activity;sid:84559816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696714)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696714/; classtype:trojan-activity;sid:84559814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696711)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696711/; classtype:trojan-activity;sid:84559811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696712)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696712/; classtype:trojan-activity;sid:84559812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696713)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696713/; classtype:trojan-activity;sid:84559813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696702/; classtype:trojan-activity;sid:84559802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696703)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.gnueabihf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696703/; classtype:trojan-activity;sid:84559803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696704)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.armv7a"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696704/; classtype:trojan-activity;sid:84559804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.armv7a"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696705/; classtype:trojan-activity;sid:84559805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696706)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696706/; classtype:trojan-activity;sid:84559806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696707)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696707/; classtype:trojan-activity;sid:84559807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696708)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696708/; classtype:trojan-activity;sid:84559808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696709)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696709/; classtype:trojan-activity;sid:84559809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696710)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696710/; classtype:trojan-activity;sid:84559810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696699)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm5n"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696699/; classtype:trojan-activity;sid:84559799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696700)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm5n"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696700/; classtype:trojan-activity;sid:84559800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696701)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696701/; classtype:trojan-activity;sid:84559801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696694/; classtype:trojan-activity;sid:84559794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696695/; classtype:trojan-activity;sid:84559795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696696/; classtype:trojan-activity;sid:84559796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696697/; classtype:trojan-activity;sid:84559797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696698/; classtype:trojan-activity;sid:84559798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696691/; classtype:trojan-activity;sid:84559791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696692/; classtype:trojan-activity;sid:84559792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696693/; classtype:trojan-activity;sid:84559793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696690/; classtype:trojan-activity;sid:84559790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696689/; classtype:trojan-activity;sid:84559789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696670/; classtype:trojan-activity;sid:84559770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696671/; classtype:trojan-activity;sid:84559771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696672/; classtype:trojan-activity;sid:84559772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696673/; classtype:trojan-activity;sid:84559773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696674/; classtype:trojan-activity;sid:84559774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm5n"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696675/; classtype:trojan-activity;sid:84559775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696676/; classtype:trojan-activity;sid:84559776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696677/; classtype:trojan-activity;sid:84559777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696678)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.armv7a"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696678/; classtype:trojan-activity;sid:84559778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.armv7a"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696679/; classtype:trojan-activity;sid:84559779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696680)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696680/; classtype:trojan-activity;sid:84559780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696681)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696681/; classtype:trojan-activity;sid:84559781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696682/; classtype:trojan-activity;sid:84559782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm5n"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696683/; classtype:trojan-activity;sid:84559783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696684/; classtype:trojan-activity;sid:84559784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696685/; classtype:trojan-activity;sid:84559785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696686/; classtype:trojan-activity;sid:84559786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.gnueabihf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696687/; classtype:trojan-activity;sid:84559787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696688/; classtype:trojan-activity;sid:84559788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.208.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696669/; classtype:trojan-activity;sid:84559769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696668)"; flow:established,from_client; content:"GET"; http_method; content:"/uawjfujz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rg7.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696668/; classtype:trojan-activity;sid:84559768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696667)"; flow:established,from_client; content:"GET"; http_method; content:"/8wapx9cf8s.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aa9.o4-lq-8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696667/; classtype:trojan-activity;sid:84559767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.56.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696666/; classtype:trojan-activity;sid:84559766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696665)"; flow:established,from_client; content:"GET"; http_method; content:"/allz6khg9y.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aa9.o4-lq-8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696665/; classtype:trojan-activity;sid:84559765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696664)"; flow:established,from_client; content:"GET"; http_method; content:"/2hs9xiqk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"415.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696664/; classtype:trojan-activity;sid:84559764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.51.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696663/; classtype:trojan-activity;sid:84559763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.65.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696662/; classtype:trojan-activity;sid:84559762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696661)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.227.152.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696661/; classtype:trojan-activity;sid:84559761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696660)"; flow:established,from_client; content:"GET"; http_method; content:"/415xkwje"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5fw.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696660/; classtype:trojan-activity;sid:84559760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696659)"; flow:established,from_client; content:"GET"; http_method; content:"/6abqcf17jo.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wq0.o4-lq-8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696659/; classtype:trojan-activity;sid:84559759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696658/; classtype:trojan-activity;sid:84559758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696652)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696652/; classtype:trojan-activity;sid:84559752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696653)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696653/; classtype:trojan-activity;sid:84559753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696654/; classtype:trojan-activity;sid:84559754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696655)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696655/; classtype:trojan-activity;sid:84559755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696656/; classtype:trojan-activity;sid:84559756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696657)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696657/; classtype:trojan-activity;sid:84559757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696651)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696651/; classtype:trojan-activity;sid:84559751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696650)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696650/; classtype:trojan-activity;sid:84559750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696646)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696646/; classtype:trojan-activity;sid:84559746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696647)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696647/; classtype:trojan-activity;sid:84559747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696648)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696648/; classtype:trojan-activity;sid:84559748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696649)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696649/; classtype:trojan-activity;sid:84559749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696645)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696645/; classtype:trojan-activity;sid:84559745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696644)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5298241443/zulhcuh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696644/; classtype:trojan-activity;sid:84559744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696643)"; flow:established,from_client; content:"GET"; http_method; content:"/ci9fms4mvo.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2p1.k5gc56.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696643/; classtype:trojan-activity;sid:84559743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696642)"; flow:established,from_client; content:"GET"; http_method; content:"/lmn.check|3f|t=noh55rcw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3dw.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696642/; classtype:trojan-activity;sid:84559742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696641)"; flow:established,from_client; content:"GET"; http_method; content:"/files/smm_traff/random.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696641/; classtype:trojan-activity;sid:84559741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.34.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696640/; classtype:trojan-activity;sid:84559740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696639)"; flow:established,from_client; content:"GET"; http_method; content:"/x.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"172.245.27.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696639/; classtype:trojan-activity;sid:84559739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696638)"; flow:established,from_client; content:"GET"; http_method; content:"/xtest.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.245.27.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696638/; classtype:trojan-activity;sid:84559738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696637)"; flow:established,from_client; content:"GET"; http_method; content:"/xeno.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"172.245.27.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696637/; classtype:trojan-activity;sid:84559737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696636)"; flow:established,from_client; content:"GET"; http_method; content:"/0iwra2eck4.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2p1.k5gc56.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696636/; classtype:trojan-activity;sid:84559736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696635)"; flow:established,from_client; content:"GET"; http_method; content:"/lko.google|3f|t=a56w95vm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"npl.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696635/; classtype:trojan-activity;sid:84559735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.198.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696634/; classtype:trojan-activity;sid:84559734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.146.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696633/; classtype:trojan-activity;sid:84559733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696632)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68546543.tarotbag.digital"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696632/; classtype:trojan-activity;sid:84559732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696631)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.142.159.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696631/; classtype:trojan-activity;sid:84559731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696630)"; flow:established,from_client; content:"GET"; http_method; content:"/hfvrc2vovd.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c7z.o4-lq-8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696630/; classtype:trojan-activity;sid:84559730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696629)"; flow:established,from_client; content:"GET"; http_method; content:"/3guv1po9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c8n.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696629/; classtype:trojan-activity;sid:84559729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696627)"; flow:established,from_client; content:"GET"; http_method; content:"/3m.check|3f|t=mzi19f1a"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"c8n.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696627/; classtype:trojan-activity;sid:84559727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696628)"; flow:established,from_client; content:"GET"; http_method; content:"/j9yaa93ugd.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"3xk.k5gc56.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696628/; classtype:trojan-activity;sid:84559728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696626)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31agostomax3.dynuddns.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696626/; classtype:trojan-activity;sid:84559726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696625)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31agostomax3.dynuddns.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696625/; classtype:trojan-activity;sid:84559725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696624)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31agostomax3.dynuddns.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696624/; classtype:trojan-activity;sid:84559724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696623)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31agostomax3.dynuddns.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696623/; classtype:trojan-activity;sid:84559723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696622)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31agostomax3.dynuddns.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696622/; classtype:trojan-activity;sid:84559722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696621)"; flow:established,from_client; content:"GET"; http_method; content:"/sc.check|3f|t=fqqs4uiw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"v1i.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696621/; classtype:trojan-activity;sid:84559721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696620)"; flow:established,from_client; content:"GET"; http_method; content:"/iu5yfvovof.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qa9.k5gc56.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696620/; classtype:trojan-activity;sid:84559720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.220.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696619/; classtype:trojan-activity;sid:84559719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696618)"; flow:established,from_client; content:"GET"; http_method; content:"/l/msteams.msi"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cwwgg-p5wdxtar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696618/; classtype:trojan-activity;sid:84559718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696617)"; flow:established,from_client; content:"GET"; http_method; content:"/l/msteams.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cwwgg-p5wdxtar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696617/; classtype:trojan-activity;sid:84559717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696616)"; flow:established,from_client; content:"GET"; http_method; content:"/pyank/pyan.wsf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"significant-adopted-bearing-own.trycloudflare.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696616/; classtype:trojan-activity;sid:84559716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696614)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/tyma.wsf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696614/; classtype:trojan-activity;sid:84559714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696615)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb2wsf/4/5/6/kola.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696615/; classtype:trojan-activity;sid:84559715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696613)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/1/2/3/tyma.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696613/; classtype:trojan-activity;sid:84559713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696612)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb3wsf/7/8/9/uju.wsf"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696612/; classtype:trojan-activity;sid:84559712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696611)"; flow:established,from_client; content:"GET"; http_method; content:"/w1pp/r503749j637r01.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696611/; classtype:trojan-activity;sid:84559711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696610)"; flow:established,from_client; content:"GET"; http_method; content:"/rup/re-5704937421.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696610/; classtype:trojan-activity;sid:84559710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696609)"; flow:established,from_client; content:"GET"; http_method; content:"/wya/r537js829031.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696609/; classtype:trojan-activity;sid:84559709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.37.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696608/; classtype:trojan-activity;sid:84559708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696607)"; flow:established,from_client; content:"GET"; http_method; content:"/pbg2vayc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"b9w.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696607/; classtype:trojan-activity;sid:84559707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.216.227.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696606/; classtype:trojan-activity;sid:84559706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.226.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696605/; classtype:trojan-activity;sid:84559705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696604)"; flow:established,from_client; content:"GET"; http_method; content:"/0c.google|3f|t=c7c1j2ma"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b9w.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696604/; classtype:trojan-activity;sid:84559704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696603)"; flow:established,from_client; content:"GET"; http_method; content:"/oi876khsli.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qa9.k5gc56.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696603/; classtype:trojan-activity;sid:84559703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.146.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696602/; classtype:trojan-activity;sid:84559702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696601)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/hcbsxxl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696601/; classtype:trojan-activity;sid:84559701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696600)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696600/; classtype:trojan-activity;sid:84559700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.182.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696599/; classtype:trojan-activity;sid:84559699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696597)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696597/; classtype:trojan-activity;sid:84559697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696598)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696598/; classtype:trojan-activity;sid:84559698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696596)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696596/; classtype:trojan-activity;sid:84559696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696595)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696595/; classtype:trojan-activity;sid:84559695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696594)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696594/; classtype:trojan-activity;sid:84559694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696590)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696590/; classtype:trojan-activity;sid:84559690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696591)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696591/; classtype:trojan-activity;sid:84559691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696592)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696592/; classtype:trojan-activity;sid:84559692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696593)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696593/; classtype:trojan-activity;sid:84559693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696588)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696588/; classtype:trojan-activity;sid:84559688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696589)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696589/; classtype:trojan-activity;sid:84559689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.22.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696587/; classtype:trojan-activity;sid:84559687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696586)"; flow:established,from_client; content:"GET"; http_method; content:"/z53ai62ysq.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zv04.k5gc56.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696586/; classtype:trojan-activity;sid:84559686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696585)"; flow:established,from_client; content:"GET"; http_method; content:"/7x.google|3f|t=vf47ylic"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z7.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696585/; classtype:trojan-activity;sid:84559685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696584)"; flow:established,from_client; content:"GET"; http_method; content:"/ozpzgdq31s.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n2.o4-lq-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696584/; classtype:trojan-activity;sid:84559684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696583)"; flow:established,from_client; content:"GET"; http_method; content:"/gqheao0y"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"z7.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696583/; classtype:trojan-activity;sid:84559683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.104.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696582/; classtype:trojan-activity;sid:84559682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.93.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696580/; classtype:trojan-activity;sid:84559680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.50.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696581/; classtype:trojan-activity;sid:84559681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.153.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696574/; classtype:trojan-activity;sid:84559674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.180.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696575/; classtype:trojan-activity;sid:84559675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.13.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696576/; classtype:trojan-activity;sid:84559676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.43.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696577/; classtype:trojan-activity;sid:84559677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.205.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696578/; classtype:trojan-activity;sid:84559678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.113.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696579/; classtype:trojan-activity;sid:84559679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.220.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696573/; classtype:trojan-activity;sid:84559673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.69.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696572/; classtype:trojan-activity;sid:84559672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696570)"; flow:established,from_client; content:"GET"; http_method; content:"/chromeupdate.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"38.38.251.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696570/; classtype:trojan-activity;sid:84559670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696569)"; flow:established,from_client; content:"GET"; http_method; content:"/rabtxaayt5.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zv04.k5gc56.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696569/; classtype:trojan-activity;sid:84559669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696568)"; flow:established,from_client; content:"GET"; http_method; content:"/tma.google|3f|t=see83ioy"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"w9.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696568/; classtype:trojan-activity;sid:84559668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.216.227.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696567/; classtype:trojan-activity;sid:84559667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.142.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696566/; classtype:trojan-activity;sid:84559666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.12.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696565/; classtype:trojan-activity;sid:84559665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.90.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696564/; classtype:trojan-activity;sid:84559664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696563)"; flow:established,from_client; content:"GET"; http_method; content:"/rcybrkep5w.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t1m.k5gc56.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696563/; classtype:trojan-activity;sid:84559663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696562)"; flow:established,from_client; content:"GET"; http_method; content:"/y7.check|3f|t=mox00hpb"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"8q.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696562/; classtype:trojan-activity;sid:84559662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.152.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696560/; classtype:trojan-activity;sid:84559660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.182.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696561/; classtype:trojan-activity;sid:84559661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696559)"; flow:established,from_client; content:"GET"; http_method; content:"/81bbx7xgo8.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t1m.k5gc56.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696559/; classtype:trojan-activity;sid:84559659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696558)"; flow:established,from_client; content:"GET"; http_method; content:"/9jw.google|3f|t=omolbqv3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2j.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696558/; classtype:trojan-activity;sid:84559658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696557)"; flow:established,from_client; content:"GET"; http_method; content:"/ot02kl0zck.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t1w.p-72h.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696557/; classtype:trojan-activity;sid:84559657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696556)"; flow:established,from_client; content:"GET"; http_method; content:"/ud51y88n"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2j.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696556/; classtype:trojan-activity;sid:84559656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.104.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696555/; classtype:trojan-activity;sid:84559655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.22.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696554/; classtype:trojan-activity;sid:84559654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.12.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696553/; classtype:trojan-activity;sid:84559653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696552)"; flow:established,from_client; content:"GET"; http_method; content:"/unbv41hupd.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g8.k5gc56.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696552/; classtype:trojan-activity;sid:84559652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696550)"; flow:established,from_client; content:"GET"; http_method; content:"/zouwe66v"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hc.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696550/; classtype:trojan-activity;sid:84559650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696551)"; flow:established,from_client; content:"GET"; http_method; content:"/838hs5pqcf.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m.p-72h.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696551/; classtype:trojan-activity;sid:84559651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696549)"; flow:established,from_client; content:"GET"; http_method; content:"/aqw.check|3f|t=dx2zfath"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hc.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696549/; classtype:trojan-activity;sid:84559649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.42.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696548/; classtype:trojan-activity;sid:84559648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696547)"; flow:established,from_client; content:"GET"; http_method; content:"/e575ydadwq.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m.p-72h.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696547/; classtype:trojan-activity;sid:84559647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696546)"; flow:established,from_client; content:"GET"; http_method; content:"/wwa8u1xl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fo.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696546/; classtype:trojan-activity;sid:84559646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696545/; classtype:trojan-activity;sid:84559645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696544/; classtype:trojan-activity;sid:84559644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696543)"; flow:established,from_client; content:"GET"; http_method; content:"/lh.check|3f|t=vugr5idy"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"7b.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696543/; classtype:trojan-activity;sid:84559643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696542)"; flow:established,from_client; content:"GET"; http_method; content:"/e71dbugj68.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zq9.p-72h.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696542/; classtype:trojan-activity;sid:84559642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696541)"; flow:established,from_client; content:"GET"; http_method; content:"/odvghvv8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7b.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696541/; classtype:trojan-activity;sid:84559641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696540)"; flow:established,from_client; content:"GET"; http_method; content:"/imcuming.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696540/; classtype:trojan-activity;sid:84559640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696539)"; flow:established,from_client; content:"GET"; http_method; content:"/rg841jyz22.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w6.dae017f.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696539/; classtype:trojan-activity;sid:84559639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696538)"; flow:established,from_client; content:"GET"; http_method; content:"/9to.check|3f|t=bjih5dh5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s9.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696538/; classtype:trojan-activity;sid:84559638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696537)"; flow:established,from_client; content:"GET"; http_method; content:"/nvd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.27.140.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696537/; classtype:trojan-activity;sid:84559637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696536)"; flow:established,from_client; content:"GET"; http_method; content:"/urrnj8af44.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k3.p-72h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696536/; classtype:trojan-activity;sid:84559636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696535)"; flow:established,from_client; content:"GET"; http_method; content:"/7sg2is7j"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s9.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696535/; classtype:trojan-activity;sid:84559635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696534)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696534/; classtype:trojan-activity;sid:84559634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696533)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696533/; classtype:trojan-activity;sid:84559633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696531)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696531/; classtype:trojan-activity;sid:84559631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696532)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696532/; classtype:trojan-activity;sid:84559632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696529)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696529/; classtype:trojan-activity;sid:84559629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696530)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696530/; classtype:trojan-activity;sid:84559630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696528)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696528/; classtype:trojan-activity;sid:84559628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696526)"; flow:established,from_client; content:"GET"; http_method; content:"/oyc.google|3f|t=8386bce6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"p3.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696526/; classtype:trojan-activity;sid:84559626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696527)"; flow:established,from_client; content:"GET"; http_method; content:"/pu6s4iql0q.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r0t2.dae017f.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696527/; classtype:trojan-activity;sid:84559627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696525/; classtype:trojan-activity;sid:84559625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696523)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696523/; classtype:trojan-activity;sid:84559623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696524)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696524/; classtype:trojan-activity;sid:84559624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696522)"; flow:established,from_client; content:"GET"; http_method; content:"/ootkbw100t.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r0t2.dae017f.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696522/; classtype:trojan-activity;sid:84559622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696521)"; flow:established,from_client; content:"GET"; http_method; content:"/f5.check|3f|t=ro976srf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"i8.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696521/; classtype:trojan-activity;sid:84559621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696520)"; flow:established,from_client; content:"GET"; http_method; content:"/d0ucyv5s"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"i8.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696520/; classtype:trojan-activity;sid:84559620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.172.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696519/; classtype:trojan-activity;sid:84559619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.88.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696518/; classtype:trojan-activity;sid:84559618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.196.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696517/; classtype:trojan-activity;sid:84559617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696516)"; flow:established,from_client; content:"GET"; http_method; content:"/ciu73x327w.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"d5.a-4n66k4.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696516/; classtype:trojan-activity;sid:84559616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696515)"; flow:established,from_client; content:"GET"; http_method; content:"/09p2gswx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dnb.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696515/; classtype:trojan-activity;sid:84559615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.37.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696514/; classtype:trojan-activity;sid:84559614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696512)"; flow:established,from_client; content:"GET"; http_method; content:"/45n.check|3f|t=t7nin0qs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"dnb.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696512/; classtype:trojan-activity;sid:84559612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696513)"; flow:established,from_client; content:"GET"; http_method; content:"/vm1p8we3ar.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"7nb.dae017f.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696513/; classtype:trojan-activity;sid:84559613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.65.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696511/; classtype:trojan-activity;sid:84559611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696510)"; flow:established,from_client; content:"GET"; http_method; content:"/lc4tpcvc3b.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b7k2.a-4n66k4.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696510/; classtype:trojan-activity;sid:84559610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696509)"; flow:established,from_client; content:"GET"; http_method; content:"/eev375e1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2xe.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696509/; classtype:trojan-activity;sid:84559609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.21.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696508/; classtype:trojan-activity;sid:84559608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.176.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696507/; classtype:trojan-activity;sid:84559607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.134.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696506/; classtype:trojan-activity;sid:84559606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696500)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.190.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696500/; classtype:trojan-activity;sid:84559600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696501)"; flow:established,from_client; content:"GET"; http_method; content:"/gomips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.190.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696501/; classtype:trojan-activity;sid:84559601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696502)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.190.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696502/; classtype:trojan-activity;sid:84559602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696503)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"146.190.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696503/; classtype:trojan-activity;sid:84559603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696504)"; flow:established,from_client; content:"GET"; http_method; content:"/gompsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.190.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696504/; classtype:trojan-activity;sid:84559604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696505)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.190.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696505/; classtype:trojan-activity;sid:84559605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696499)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.190.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696499/; classtype:trojan-activity;sid:84559599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696497)"; flow:established,from_client; content:"GET"; http_method; content:"/94f.google|3f|t=8niwaslz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"oka.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696497/; classtype:trojan-activity;sid:84559597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696498)"; flow:established,from_client; content:"GET"; http_method; content:"/t650s6r49n.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"7nb.dae017f.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696498/; classtype:trojan-activity;sid:84559598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.67.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696496/; classtype:trojan-activity;sid:84559596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.21.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696495/; classtype:trojan-activity;sid:84559595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696494)"; flow:established,from_client; content:"GET"; http_method; content:"/etxi0hua0c.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x0p.a-4n66k4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696494/; classtype:trojan-activity;sid:84559594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696493)"; flow:established,from_client; content:"GET"; http_method; content:"/c5anv2oq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"el4.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696493/; classtype:trojan-activity;sid:84559593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.88.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696492/; classtype:trojan-activity;sid:84559592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.26.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696491/; classtype:trojan-activity;sid:84559591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.196.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696490/; classtype:trojan-activity;sid:84559590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696489)"; flow:established,from_client; content:"GET"; http_method; content:"/jzr7i56fvy.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pj1.dae017f.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696489/; classtype:trojan-activity;sid:84559589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696488)"; flow:established,from_client; content:"GET"; http_method; content:"/au.check|3f|t=kd2f5o8l"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"el4.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696488/; classtype:trojan-activity;sid:84559588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.75.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696486/; classtype:trojan-activity;sid:84559586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.221.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696487/; classtype:trojan-activity;sid:84559587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696485)"; flow:established,from_client; content:"GET"; http_method; content:"/ujn.check|3f|t=ociouffd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"iaz.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696485/; classtype:trojan-activity;sid:84559585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.249.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696484/; classtype:trojan-activity;sid:84559584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696483)"; flow:established,from_client; content:"GET"; http_method; content:"/x2h2vs2vx3.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"xq9.dae017f.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696483/; classtype:trojan-activity;sid:84559583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.176.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696482/; classtype:trojan-activity;sid:84559582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.72.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696481/; classtype:trojan-activity;sid:84559581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696480)"; flow:established,from_client; content:"GET"; http_method; content:"/z2h1xo792r.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c4.dae017f.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696480/; classtype:trojan-activity;sid:84559580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696479)"; flow:established,from_client; content:"GET"; http_method; content:"/ze.google|3f|t=2mjelzqq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"uqy.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696479/; classtype:trojan-activity;sid:84559579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696478)"; flow:established,from_client; content:"GET"; http_method; content:"/isb03hje4q.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m.2u-gd2ml.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696478/; classtype:trojan-activity;sid:84559578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696477)"; flow:established,from_client; content:"GET"; http_method; content:"/83cgj4jo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uqy.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696477/; classtype:trojan-activity;sid:84559577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.26.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696476/; classtype:trojan-activity;sid:84559576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696475)"; flow:established,from_client; content:"GET"; http_method; content:"/j4vwo7v5o7.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c4.dae017f.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696475/; classtype:trojan-activity;sid:84559575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696474)"; flow:established,from_client; content:"GET"; http_method; content:"/82.google|3f|t=2sr8vqra"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ua7.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696474/; classtype:trojan-activity;sid:84559574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.221.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696473/; classtype:trojan-activity;sid:84559573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.116.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696471/; classtype:trojan-activity;sid:84559571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.249.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696472/; classtype:trojan-activity;sid:84559572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696470/; classtype:trojan-activity;sid:84559570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696469)"; flow:established,from_client; content:"GET"; http_method; content:"/gn4t3ouiiv.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p9y1.j6e-0g-7.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696469/; classtype:trojan-activity;sid:84559569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.170.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696468/; classtype:trojan-activity;sid:84559568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696467)"; flow:established,from_client; content:"GET"; http_method; content:"/8iu600pp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3vo.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696467/; classtype:trojan-activity;sid:84559567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696465)"; flow:established,from_client; content:"GET"; http_method; content:"/nqm.google|3f|t=bfdkrz2x"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"3vo.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696465/; classtype:trojan-activity;sid:84559565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696466)"; flow:established,from_client; content:"GET"; http_method; content:"/yr80ckbxsx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ty.2bj82sg.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696466/; classtype:trojan-activity;sid:84559566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696464)"; flow:established,from_client; content:"GET"; http_method; content:"/cxb2hpfl99.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a0p2.2bj82sg.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696464/; classtype:trojan-activity;sid:84559564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696463)"; flow:established,from_client; content:"GET"; http_method; content:"/z9v.google|3f|t=2wxh1249"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"0m.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696463/; classtype:trojan-activity;sid:84559563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696462)"; flow:established,from_client; content:"GET"; http_method; content:"/qcsemgja9j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a0p2.2bj82sg.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696462/; classtype:trojan-activity;sid:84559562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696461)"; flow:established,from_client; content:"GET"; http_method; content:"/om6.google|3f|t=89xxzu03"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"t5.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696461/; classtype:trojan-activity;sid:84559561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.150.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696459/; classtype:trojan-activity;sid:84559559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.40.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696460/; classtype:trojan-activity;sid:84559560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696458)"; flow:established,from_client; content:"GET"; http_method; content:"/03e6mp4aw9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mzr.2bj82sg.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696458/; classtype:trojan-activity;sid:84559558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696457)"; flow:established,from_client; content:"GET"; http_method; content:"/g7.check|3f|t=6961e9hy"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"b3.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696457/; classtype:trojan-activity;sid:84559557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696456)"; flow:established,from_client; content:"GET"; http_method; content:"/0m5fwb17tt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v93.2bj82sg.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696456/; classtype:trojan-activity;sid:84559556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696455)"; flow:established,from_client; content:"GET"; http_method; content:"/kimfqqqzsn.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m.q8-v-4of.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696455/; classtype:trojan-activity;sid:84559555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696453)"; flow:established,from_client; content:"GET"; http_method; content:"/n38w844m"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hk.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696453/; classtype:trojan-activity;sid:84559553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696454)"; flow:established,from_client; content:"GET"; http_method; content:"/iog.google|3f|t=l7ctbc8w"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hk.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696454/; classtype:trojan-activity;sid:84559554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.246.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696452/; classtype:trojan-activity;sid:84559552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.10.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696451/; classtype:trojan-activity;sid:84559551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696449/; classtype:trojan-activity;sid:84559549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.103.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696450/; classtype:trojan-activity;sid:84559550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696447)"; flow:established,from_client; content:"GET"; http_method; content:"/0h.check|3f|t=kgnx2clu"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"oc.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696447/; classtype:trojan-activity;sid:84559547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696448)"; flow:established,from_client; content:"GET"; http_method; content:"/vnx34z3ktv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v93.2bj82sg.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696448/; classtype:trojan-activity;sid:84559548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.254.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696446/; classtype:trojan-activity;sid:84559546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.40.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696445/; classtype:trojan-activity;sid:84559545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.225.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696444/; classtype:trojan-activity;sid:84559544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.64.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696443/; classtype:trojan-activity;sid:84559543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696442/; classtype:trojan-activity;sid:84559542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696441)"; flow:established,from_client; content:"GET"; http_method; content:"/pppoeb"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.255.110.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696441/; classtype:trojan-activity;sid:84559541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696440)"; flow:established,from_client; content:"GET"; http_method; content:"/mwah"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.255.110.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696440/; classtype:trojan-activity;sid:84559540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696439)"; flow:established,from_client; content:"GET"; http_method; content:"/n24r8y0j0q.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1k.2bj82sg.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696439/; classtype:trojan-activity;sid:84559539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696438)"; flow:established,from_client; content:"GET"; http_method; content:"/5l.google|3f|t=y3niq54g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7x.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696438/; classtype:trojan-activity;sid:84559538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696437)"; flow:established,from_client; content:"GET"; http_method; content:"/szbcq67h5t.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z9q.q8-v-4of.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696437/; classtype:trojan-activity;sid:84559537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696436)"; flow:established,from_client; content:"GET"; http_method; content:"/wdogsm19"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7x.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696436/; classtype:trojan-activity;sid:84559536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696435/; classtype:trojan-activity;sid:84559535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.103.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696434/; classtype:trojan-activity;sid:84559534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696433)"; flow:established,from_client; content:"GET"; http_method; content:"/uewmswontc.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z9q.q8-v-4of.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696433/; classtype:trojan-activity;sid:84559533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696432)"; flow:established,from_client; content:"GET"; http_method; content:"/odlu86ro"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9q.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696432/; classtype:trojan-activity;sid:84559532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696430)"; flow:established,from_client; content:"GET"; http_method; content:"/ufwozfzbrx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1k.2bj82sg.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696430/; classtype:trojan-activity;sid:84559530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696431)"; flow:established,from_client; content:"GET"; http_method; content:"/qv.check|3f|t=0v6n8438"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"9q.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696431/; classtype:trojan-activity;sid:84559531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.64.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696429/; classtype:trojan-activity;sid:84559529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.254.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696428/; classtype:trojan-activity;sid:84559528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.88.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696427/; classtype:trojan-activity;sid:84559527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696426)"; flow:established,from_client; content:"GET"; http_method; content:"/30ae2ms7g8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7.2bj82sg.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696426/; classtype:trojan-activity;sid:84559526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696425)"; flow:established,from_client; content:"GET"; http_method; content:"/dj.google|3f|t=ee3hqldb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"4jb.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696425/; classtype:trojan-activity;sid:84559525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.65.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696424/; classtype:trojan-activity;sid:84559524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696422)"; flow:established,from_client; content:"GET"; http_method; content:"/nppcdpxa"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4jb.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696422/; classtype:trojan-activity;sid:84559522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696423)"; flow:established,from_client; content:"GET"; http_method; content:"/i85jf5g4wt.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k2.q8-v-4of.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696423/; classtype:trojan-activity;sid:84559523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696421)"; flow:established,from_client; content:"GET"; http_method; content:"/ao0ufoud1j.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k0fj3.k9-2g8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696421/; classtype:trojan-activity;sid:84559521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696419)"; flow:established,from_client; content:"GET"; http_method; content:"/828xtejf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"it4.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696419/; classtype:trojan-activity;sid:84559519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696420)"; flow:established,from_client; content:"GET"; http_method; content:"/zpg6tnygne.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7.2bj82sg.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696420/; classtype:trojan-activity;sid:84559520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696418)"; flow:established,from_client; content:"GET"; http_method; content:"/nsd.check|3f|t=tshz28jc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"it4.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696418/; classtype:trojan-activity;sid:84559518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.93.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696417/; classtype:trojan-activity;sid:84559517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696416)"; flow:established,from_client; content:"GET"; http_method; content:"/q6a13xi27h.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f3n7k.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696416/; classtype:trojan-activity;sid:84559516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696415)"; flow:established,from_client; content:"GET"; http_method; content:"/d8.check|3f|t=ox0w43ov"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cmk.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696415/; classtype:trojan-activity;sid:84559515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696414)"; flow:established,from_client; content:"GET"; http_method; content:"/9m32e79zt9.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r6tva.k9-2g8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696414/; classtype:trojan-activity;sid:84559514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696413)"; flow:established,from_client; content:"GET"; http_method; content:"/cyo4e9f5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cmk.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696413/; classtype:trojan-activity;sid:84559513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696412)"; flow:established,from_client; content:"GET"; http_method; content:"/4z.google|3f|t=t1vb0ql0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rea.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696412/; classtype:trojan-activity;sid:84559512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.182.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696411/; classtype:trojan-activity;sid:84559511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696410)"; flow:established,from_client; content:"GET"; http_method; content:"/nuei83h8rg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f3n7k.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696410/; classtype:trojan-activity;sid:84559510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.65.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696409/; classtype:trojan-activity;sid:84559509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696408)"; flow:established,from_client; content:"GET"; http_method; content:"/zispb9ibrc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b5y2q.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696408/; classtype:trojan-activity;sid:84559508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696407)"; flow:established,from_client; content:"GET"; http_method; content:"/77t5ssg4tg.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w1hb.k9-2g8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696407/; classtype:trojan-activity;sid:84559507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696405)"; flow:established,from_client; content:"GET"; http_method; content:"/8uo.google|3f|t=dgay77jv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2dx.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696405/; classtype:trojan-activity;sid:84559505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696406)"; flow:established,from_client; content:"GET"; http_method; content:"/7rawll8i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2dx.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696406/; classtype:trojan-activity;sid:84559506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.83.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696404/; classtype:trojan-activity;sid:84559504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696403)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/ki6doqb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696403/; classtype:trojan-activity;sid:84559503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696402)"; flow:established,from_client; content:"GET"; http_method; content:"/rxanl3nj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"umv.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696402/; classtype:trojan-activity;sid:84559502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696401)"; flow:established,from_client; content:"GET"; http_method; content:"/5whpg99ufe.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w1hb.k9-2g8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696401/; classtype:trojan-activity;sid:84559501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696400)"; flow:established,from_client; content:"GET"; http_method; content:"/o0x.google|3f|t=0m2nys12"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"umv.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696400/; classtype:trojan-activity;sid:84559500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696399)"; flow:established,from_client; content:"GET"; http_method; content:"/vas7u9jgk5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b5y2q.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696399/; classtype:trojan-activity;sid:84559499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.220.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696397/; classtype:trojan-activity;sid:84559497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.186.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696398/; classtype:trojan-activity;sid:84559498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.186.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696396/; classtype:trojan-activity;sid:84559496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696395)"; flow:established,from_client; content:"GET"; http_method; content:"/sdtsncryje.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z0t8n.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696395/; classtype:trojan-activity;sid:84559495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696394)"; flow:established,from_client; content:"GET"; http_method; content:"/u1.google|3f|t=twbe6vcl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"6vy.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696394/; classtype:trojan-activity;sid:84559494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.240.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696393/; classtype:trojan-activity;sid:84559493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.35.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696392/; classtype:trojan-activity;sid:84559492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.217.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696391/; classtype:trojan-activity;sid:84559491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696390)"; flow:established,from_client; content:"GET"; http_method; content:"/tgzrqlonpb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z0t8n.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696390/; classtype:trojan-activity;sid:84559490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696389)"; flow:established,from_client; content:"GET"; http_method; content:"/1lm7t55g2w.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"d3zq9.k9-2g8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696389/; classtype:trojan-activity;sid:84559489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696387)"; flow:established,from_client; content:"GET"; http_method; content:"/gzs.check|3f|t=abmezjyl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ti1.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696387/; classtype:trojan-activity;sid:84559487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696388)"; flow:established,from_client; content:"GET"; http_method; content:"/n9sjj70y"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ti1.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696388/; classtype:trojan-activity;sid:84559488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.141.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696386/; classtype:trojan-activity;sid:84559486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.167.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696385/; classtype:trojan-activity;sid:84559485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696384)"; flow:established,from_client; content:"GET"; http_method; content:"/edfss9rgmx.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y7m2.k9-2g8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696384/; classtype:trojan-activity;sid:84559484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696383)"; flow:established,from_client; content:"GET"; http_method; content:"/iz6zttfs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9xy.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696383/; classtype:trojan-activity;sid:84559483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.40.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696382/; classtype:trojan-activity;sid:84559482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696381)"; flow:established,from_client; content:"GET"; http_method; content:"/ugkvb0a3u3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7l3a.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696381/; classtype:trojan-activity;sid:84559481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696380)"; flow:established,from_client; content:"GET"; http_method; content:"/2o.check|3f|t=z871t52o"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"9xy.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696380/; classtype:trojan-activity;sid:84559480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.35.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696379/; classtype:trojan-activity;sid:84559479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.75.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696378/; classtype:trojan-activity;sid:84559478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696377)"; flow:established,from_client; content:"GET"; http_method; content:"/settings"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"settingss.pages.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696377/; classtype:trojan-activity;sid:84559477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.6.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696376/; classtype:trojan-activity;sid:84559476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696375)"; flow:established,from_client; content:"GET"; http_method; content:"/content/plugins/fr3.lim"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelees.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696375/; classtype:trojan-activity;sid:84559475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696374)"; flow:established,from_client; content:"GET"; http_method; content:"/win64/file/update.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"vickitmorrison.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696374/; classtype:trojan-activity;sid:84559474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.112.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696373/; classtype:trojan-activity;sid:84559473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.23.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696372/; classtype:trojan-activity;sid:84559472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696371)"; flow:established,from_client; content:"GET"; http_method; content:"/7h5f.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"graffetti.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696371/; classtype:trojan-activity;sid:84559471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696370)"; flow:established,from_client; content:"GET"; http_method; content:"/settings"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"settings-4av.pages.dev"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696370/; classtype:trojan-activity;sid:84559470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.165.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696369/; classtype:trojan-activity;sid:84559469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.17.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696368/; classtype:trojan-activity;sid:84559468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.181.82.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696364/; classtype:trojan-activity;sid:84559464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.22.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696365/; classtype:trojan-activity;sid:84559465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.15.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696366/; classtype:trojan-activity;sid:84559466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.40.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696367/; classtype:trojan-activity;sid:84559467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.42.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696362/; classtype:trojan-activity;sid:84559462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696363/; classtype:trojan-activity;sid:84559463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.197.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696361/; classtype:trojan-activity;sid:84559461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696359)"; flow:established,from_client; content:"GET"; http_method; content:"/1c.google|3f|t=7wp3twy0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jo.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696359/; classtype:trojan-activity;sid:84559459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696360)"; flow:established,from_client; content:"GET"; http_method; content:"/x6u6vutmj8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x1r9.798u-g.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696360/; classtype:trojan-activity;sid:84559460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.145.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696358/; classtype:trojan-activity;sid:84559458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696357/; classtype:trojan-activity;sid:84559457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696356)"; flow:established,from_client; content:"GET"; http_method; content:"/44hwucf9x2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2p6m.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696356/; classtype:trojan-activity;sid:84559456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696355)"; flow:established,from_client; content:"GET"; http_method; content:"/8b.google|3f|t=zy9cm99g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xt.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696355/; classtype:trojan-activity;sid:84559455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696354/; classtype:trojan-activity;sid:84559454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.116.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696353/; classtype:trojan-activity;sid:84559453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.89.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696352/; classtype:trojan-activity;sid:84559452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.75.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696351/; classtype:trojan-activity;sid:84559451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.83.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696350/; classtype:trojan-activity;sid:84559450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696349)"; flow:established,from_client; content:"GET"; http_method; content:"/q0n2cxflpe.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2p6m.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696349/; classtype:trojan-activity;sid:84559449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696348)"; flow:established,from_client; content:"GET"; http_method; content:"/lm5.check|3f|t=i9st8jms"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0y.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696348/; classtype:trojan-activity;sid:84559448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696347)"; flow:established,from_client; content:"GET"; http_method; content:"/v54e3ll9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0y.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696347/; classtype:trojan-activity;sid:84559447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.217.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696345/; classtype:trojan-activity;sid:84559445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696346/; classtype:trojan-activity;sid:84559446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.228.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696344/; classtype:trojan-activity;sid:84559444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696342)"; flow:established,from_client; content:"GET"; http_method; content:"/6s.google|3f|t=fntv5m41"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wm.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696342/; classtype:trojan-activity;sid:84559442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696343)"; flow:established,from_client; content:"GET"; http_method; content:"/zl5p20chnf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d8k3a.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696343/; classtype:trojan-activity;sid:84559443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696341/; classtype:trojan-activity;sid:84559441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.104.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696340/; classtype:trojan-activity;sid:84559440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.197.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696339/; classtype:trojan-activity;sid:84559439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696338)"; flow:established,from_client; content:"GET"; http_method; content:"/y2r.google|3f|t=ts3euawj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"9e.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696338/; classtype:trojan-activity;sid:84559438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696337)"; flow:established,from_client; content:"GET"; http_method; content:"/127o40f2w5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d8k3a.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696337/; classtype:trojan-activity;sid:84559437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696336)"; flow:established,from_client; content:"GET"; http_method; content:"/y4nojvwjfo.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c8r1n.9-s-7g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696336/; classtype:trojan-activity;sid:84559436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696335)"; flow:established,from_client; content:"GET"; http_method; content:"/b20oc6n8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9e.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696335/; classtype:trojan-activity;sid:84559435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696334)"; flow:established,from_client; content:"GET"; http_method; content:"/uvgstr465n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m4qwe.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696334/; classtype:trojan-activity;sid:84559434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696333)"; flow:established,from_client; content:"GET"; http_method; content:"/rq.check|3f|t=zprflxkd"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"y9.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696333/; classtype:trojan-activity;sid:84559433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696332)"; flow:established,from_client; content:"GET"; http_method; content:"/8ellv3mqzp.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z5tq.9-s-7g.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696332/; classtype:trojan-activity;sid:84559432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696331)"; flow:established,from_client; content:"GET"; http_method; content:"/g5b3ttli"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y9.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696331/; classtype:trojan-activity;sid:84559431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.206.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696330/; classtype:trojan-activity;sid:84559430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.29.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696329/; classtype:trojan-activity;sid:84559429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696328)"; flow:established,from_client; content:"GET"; http_method; content:"/files/503008312/c8c1bbe.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696328/; classtype:trojan-activity;sid:84559428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696326)"; flow:established,from_client; content:"GET"; http_method; content:"/io.google|3f|t=8i5pfipt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7h.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696326/; classtype:trojan-activity;sid:84559426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696327)"; flow:established,from_client; content:"GET"; http_method; content:"/lhsypnkion.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m4qwe.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696327/; classtype:trojan-activity;sid:84559427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.15.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696325/; classtype:trojan-activity;sid:84559425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696323)"; flow:established,from_client; content:"GET"; http_method; content:"/20u.google|3f|t=1kdwkvtw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"74.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696323/; classtype:trojan-activity;sid:84559423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696324)"; flow:established,from_client; content:"GET"; http_method; content:"/39zwodd7p8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g5z9.j0-e-t.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696324/; classtype:trojan-activity;sid:84559424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.249.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696322/; classtype:trojan-activity;sid:84559422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.176.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696321/; classtype:trojan-activity;sid:84559421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696320)"; flow:established,from_client; content:"GET"; http_method; content:"/905wm80mz3.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x2w7.9-s-7g.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696320/; classtype:trojan-activity;sid:84559420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696319)"; flow:established,from_client; content:"GET"; http_method; content:"/leqjhavd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696319/; classtype:trojan-activity;sid:84559419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.73.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696318/; classtype:trojan-activity;sid:84559418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.205.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696317/; classtype:trojan-activity;sid:84559417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696316)"; flow:established,from_client; content:"GET"; http_method; content:"/1vrw5at6lf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g5z9.j0-e-t.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696316/; classtype:trojan-activity;sid:84559416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696315)"; flow:established,from_client; content:"GET"; http_method; content:"/ca2.google|3f|t=xm2rys83"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fp.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696315/; classtype:trojan-activity;sid:84559415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.220.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696314/; classtype:trojan-activity;sid:84559414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.158.212.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696313/; classtype:trojan-activity;sid:84559413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696312)"; flow:established,from_client; content:"GET"; http_method; content:"/ixd.check|3f|t=frsmlh0a"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"648.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696312/; classtype:trojan-activity;sid:84559412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.211.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696311/; classtype:trojan-activity;sid:84559411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696310)"; flow:established,from_client; content:"GET"; http_method; content:"/aon5cvksxi.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p9akm.9-s-7g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696310/; classtype:trojan-activity;sid:84559410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696309)"; flow:established,from_client; content:"GET"; http_method; content:"/zw76t303"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"648.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696309/; classtype:trojan-activity;sid:84559409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.104.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696308/; classtype:trojan-activity;sid:84559408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.211.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696307/; classtype:trojan-activity;sid:84559407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696306)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5638395652/zyx5fqy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696306/; classtype:trojan-activity;sid:84559406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696305)"; flow:established,from_client; content:"GET"; http_method; content:"/ijs.check|3f|t=s5f3h69x"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tr8.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696305/; classtype:trojan-activity;sid:84559405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696304)"; flow:established,from_client; content:"GET"; http_method; content:"/76h549i27j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r6t1x.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696304/; classtype:trojan-activity;sid:84559404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696303)"; flow:established,from_client; content:"GET"; http_method; content:"/atd2u6nidk.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h3v2.9-s-7g.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696303/; classtype:trojan-activity;sid:84559403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696302)"; flow:established,from_client; content:"GET"; http_method; content:"/svx5hul2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3wa.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696302/; classtype:trojan-activity;sid:84559402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696301)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696301/; classtype:trojan-activity;sid:84559401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696298)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696298/; classtype:trojan-activity;sid:84559398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696299)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696299/; classtype:trojan-activity;sid:84559399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696300)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696300/; classtype:trojan-activity;sid:84559400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696297)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696297/; classtype:trojan-activity;sid:84559397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.16.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696296/; classtype:trojan-activity;sid:84559396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696295)"; flow:established,from_client; content:"GET"; http_method; content:"/939g6przxg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0b7n.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696295/; classtype:trojan-activity;sid:84559395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696294)"; flow:established,from_client; content:"GET"; http_method; content:"/bh.google|3f|t=zsbuvmmy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3wa.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696294/; classtype:trojan-activity;sid:84559394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696293)"; flow:established,from_client; content:"GET"; http_method; content:"/7wpghtm6z4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0b7n.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696293/; classtype:trojan-activity;sid:84559393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696292)"; flow:established,from_client; content:"GET"; http_method; content:"/hgp.check|3f|t=2ynemzci"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5qi.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696292/; classtype:trojan-activity;sid:84559392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696290)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.188.127.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696290/; classtype:trojan-activity;sid:84559390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.157.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696291/; classtype:trojan-activity;sid:84559391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.183.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696289/; classtype:trojan-activity;sid:84559389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.97.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696288/; classtype:trojan-activity;sid:84559388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696286)"; flow:established,from_client; content:"GET"; http_method; content:"/uo.google|3f|t=8svk00z3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7xk.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696286/; classtype:trojan-activity;sid:84559386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696287)"; flow:established,from_client; content:"GET"; http_method; content:"/80ib03zp9l.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c2m8q.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696287/; classtype:trojan-activity;sid:84559387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696285)"; flow:established,from_client; content:"GET"; http_method; content:"/xucon3ebam.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w3q0.7mdmu7og.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696285/; classtype:trojan-activity;sid:84559385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696284)"; flow:established,from_client; content:"GET"; http_method; content:"/lbtqh02l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7xk.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696284/; classtype:trojan-activity;sid:84559384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.149.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696283/; classtype:trojan-activity;sid:84559383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696282)"; flow:established,from_client; content:"GET"; http_method; content:"/dub0yv1q9w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n7w3a.t-7-1u.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696282/; classtype:trojan-activity;sid:84559382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696281)"; flow:established,from_client; content:"GET"; http_method; content:"/dq.google|3f|t=2g9wlg22"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"4es.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696281/; classtype:trojan-activity;sid:84559381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696280)"; flow:established,from_client; content:"GET"; http_method; content:"/jj08whvmsu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n7w3a.t-7-1u.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696280/; classtype:trojan-activity;sid:84559380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696279)"; flow:established,from_client; content:"GET"; http_method; content:"/xne.google|3f|t=fl3yl8v0"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fcq.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696279/; classtype:trojan-activity;sid:84559379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.97.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696278/; classtype:trojan-activity;sid:84559378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.183.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696277/; classtype:trojan-activity;sid:84559377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696276)"; flow:established,from_client; content:"GET"; http_method; content:"/lf04aob4h4.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a9.7mdmu7og.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696276/; classtype:trojan-activity;sid:84559376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696275)"; flow:established,from_client; content:"GET"; http_method; content:"/jek7zpsu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fcq.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696275/; classtype:trojan-activity;sid:84559375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.23.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696274/; classtype:trojan-activity;sid:84559374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.32.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696273/; classtype:trojan-activity;sid:84559373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.29.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696272/; classtype:trojan-activity;sid:84559372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696271)"; flow:established,from_client; content:"GET"; http_method; content:"/8e2pruo6m0.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n4.7mdmu7og.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696271/; classtype:trojan-activity;sid:84559371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696270)"; flow:established,from_client; content:"GET"; http_method; content:"/nh4sjfg0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zl.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696270/; classtype:trojan-activity;sid:84559370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.192.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696269/; classtype:trojan-activity;sid:84559369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696268)"; flow:established,from_client; content:"GET"; http_method; content:"/76s.check|3f|t=d1t8yw5p"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zl.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696268/; classtype:trojan-activity;sid:84559368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696267)"; flow:established,from_client; content:"GET"; http_method; content:"/xd9toor75a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u4r8c.t-7-1u.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696267/; classtype:trojan-activity;sid:84559367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696265)"; flow:established,from_client; content:"GET"; http_method; content:"/uj.check|3f|t=g9f5gfna"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ng.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696265/; classtype:trojan-activity;sid:84559365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696266)"; flow:established,from_client; content:"GET"; http_method; content:"/ywjnsk0bvf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u4r8c.t-7-1u.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696266/; classtype:trojan-activity;sid:84559366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696264)"; flow:established,from_client; content:"GET"; http_method; content:"/oe5ndynsy2.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"d5.1-b03-1q.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696264/; classtype:trojan-activity;sid:84559364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696263)"; flow:established,from_client; content:"GET"; http_method; content:"/v5rx1zlj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ng.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696263/; classtype:trojan-activity;sid:84559363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.205.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696262/; classtype:trojan-activity;sid:84559362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.96.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696261/; classtype:trojan-activity;sid:84559361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696260)"; flow:established,from_client; content:"GET"; http_method; content:"/p6cum1y9xk.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y0a3.1-b03-1q.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696260/; classtype:trojan-activity;sid:84559360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696259)"; flow:established,from_client; content:"GET"; http_method; content:"/pjt5x6zk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"or.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696259/; classtype:trojan-activity;sid:84559359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696258)"; flow:established,from_client; content:"GET"; http_method; content:"/gwt.google|3f|t=0jhi379t"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"or.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696258/; classtype:trojan-activity;sid:84559358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696257)"; flow:established,from_client; content:"GET"; http_method; content:"/8rmczxghf5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9z2.t-7-1u.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696257/; classtype:trojan-activity;sid:84559357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.199.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696256/; classtype:trojan-activity;sid:84559356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696255)"; flow:established,from_client; content:"GET"; http_method; content:"/sygodti46v.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p5x0d.t-7-1u.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696255/; classtype:trojan-activity;sid:84559355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696254)"; flow:established,from_client; content:"GET"; http_method; content:"/5v.google|3f|t=b7v4htp5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gy.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696254/; classtype:trojan-activity;sid:84559354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696253)"; flow:established,from_client; content:"GET"; http_method; content:"/emznxz8ay6.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q7m.1-b03-1q.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696253/; classtype:trojan-activity;sid:84559353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696252)"; flow:established,from_client; content:"GET"; http_method; content:"/cqtqglhi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gy.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696252/; classtype:trojan-activity;sid:84559352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.10.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696251/; classtype:trojan-activity;sid:84559351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.96.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696250/; classtype:trojan-activity;sid:84559350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696248)"; flow:established,from_client; content:"GET"; http_method; content:"/n200xwacsi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a1t7m.t-7-1u.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696248/; classtype:trojan-activity;sid:84559348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696249)"; flow:established,from_client; content:"GET"; http_method; content:"/69z.google|3f|t=rqiqp26d"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"21.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696249/; classtype:trojan-activity;sid:84559349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.115.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696247/; classtype:trojan-activity;sid:84559347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696246)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7948739500/5cwjjt0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696246/; classtype:trojan-activity;sid:84559346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696245)"; flow:established,from_client; content:"GET"; http_method; content:"/z4pfesnp5g.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v1.1-b03-1q.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696245/; classtype:trojan-activity;sid:84559345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696244)"; flow:established,from_client; content:"GET"; http_method; content:"/qbuz0i5x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bl.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696244/; classtype:trojan-activity;sid:84559344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696242)"; flow:established,from_client; content:"GET"; http_method; content:"/cu8.check|3f|t=7l18dxs2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bl.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696242/; classtype:trojan-activity;sid:84559342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696243)"; flow:established,from_client; content:"GET"; http_method; content:"/xv4i4ubrzf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h3v9q.t-7-1u.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696243/; classtype:trojan-activity;sid:84559343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.196.29.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696241/; classtype:trojan-activity;sid:84559341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.10.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696240/; classtype:trojan-activity;sid:84559340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696239/; classtype:trojan-activity;sid:84559339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696238)"; flow:established,from_client; content:"GET"; http_method; content:"/70xnklused.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a4m2.r0en3ap.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696238/; classtype:trojan-activity;sid:84559338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696237)"; flow:established,from_client; content:"GET"; http_method; content:"/7v2.google|3f|t=sibw4fbu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"1t.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696237/; classtype:trojan-activity;sid:84559337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.199.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696236/; classtype:trojan-activity;sid:84559336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696235)"; flow:established,from_client; content:"GET"; http_method; content:"/p5slb720pe.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r2t3.0-xv-3i5.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696235/; classtype:trojan-activity;sid:84559335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696234)"; flow:established,from_client; content:"GET"; http_method; content:"/ottin15z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1t.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696234/; classtype:trojan-activity;sid:84559334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.115.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696233/; classtype:trojan-activity;sid:84559333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696232)"; flow:established,from_client; content:"GET"; http_method; content:"/lq0xy1g3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"qfl.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696232/; classtype:trojan-activity;sid:84559332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696231)"; flow:established,from_client; content:"GET"; http_method; content:"/aqjk9xx3eh.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r2t3.0-xv-3i5.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696231/; classtype:trojan-activity;sid:84559331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696229)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.46.158.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696229/; classtype:trojan-activity;sid:84559329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696230)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.46.158.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696230/; classtype:trojan-activity;sid:84559330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696228)"; flow:established,from_client; content:"GET"; http_method; content:"/plop"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.46.158.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696228/; classtype:trojan-activity;sid:84559328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696227)"; flow:established,from_client; content:"GET"; http_method; content:"/ycd.check|3f|t=jtog2riy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qfl.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696227/; classtype:trojan-activity;sid:84559327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696226/; classtype:trojan-activity;sid:84559326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696225)"; flow:established,from_client; content:"GET"; http_method; content:"/ko17anvr6f.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tt7.r0en3ap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696225/; classtype:trojan-activity;sid:84559325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696224)"; flow:established,from_client; content:"GET"; http_method; content:"/pcw.check|3f|t=iliku3xd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jss.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696224/; classtype:trojan-activity;sid:84559324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696223)"; flow:established,from_client; content:"GET"; http_method; content:"/op1cviqib3.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v5q.r0en3ap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696223/; classtype:trojan-activity;sid:84559323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696222)"; flow:established,from_client; content:"GET"; http_method; content:"/molop"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696222/; classtype:trojan-activity;sid:84559322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.81.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696221/; classtype:trojan-activity;sid:84559321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.248.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696220/; classtype:trojan-activity;sid:84559320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696219)"; flow:established,from_client; content:"GET"; http_method; content:"/4j7sdznbh9.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p6.0-xv-3i5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696219/; classtype:trojan-activity;sid:84559319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696218)"; flow:established,from_client; content:"GET"; http_method; content:"/ebu8wlpo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"iru.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696218/; classtype:trojan-activity;sid:84559318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696217/; classtype:trojan-activity;sid:84559317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696216)"; flow:established,from_client; content:"GET"; http_method; content:"/ib.check|3f|t=1ow3khqc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"iru.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696216/; classtype:trojan-activity;sid:84559316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696215/; classtype:trojan-activity;sid:84559315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696214)"; flow:established,from_client; content:"GET"; http_method; content:"/aoxcf08j7d.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n0z.r0en3ap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696214/; classtype:trojan-activity;sid:84559314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696213)"; flow:established,from_client; content:"GET"; http_method; content:"/w4.google|3f|t=3hcmlyw2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vyt.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696213/; classtype:trojan-activity;sid:84559313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696212)"; flow:established,from_client; content:"GET"; http_method; content:"/zyfyxsmbxq.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m.366a4362.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696212/; classtype:trojan-activity;sid:84559312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696211)"; flow:established,from_client; content:"GET"; http_method; content:"/4lvq9xka"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vyt.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696211/; classtype:trojan-activity;sid:84559311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.225.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696210/; classtype:trojan-activity;sid:84559310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.104.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696209/; classtype:trojan-activity;sid:84559309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.144.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696208/; classtype:trojan-activity;sid:84559308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696206)"; flow:established,from_client; content:"GET"; http_method; content:"/gvheltkk.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.164.53.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696206/; classtype:trojan-activity;sid:84559306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696207)"; flow:established,from_client; content:"GET"; http_method; content:"/mames33.wav"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.126.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696207/; classtype:trojan-activity;sid:84559307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696205)"; flow:established,from_client; content:"GET"; http_method; content:"/rs.vbs"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.164.53.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696205/; classtype:trojan-activity;sid:84559305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696204)"; flow:established,from_client; content:"GET"; http_method; content:"/content/plugins/verification/cloudflare_challenge/not_a_robot/id6362572"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"summerandsilver.co.uk"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696204/; classtype:trojan-activity;sid:84559304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.118.37.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696200/; classtype:trojan-activity;sid:84559300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.132.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696201/; classtype:trojan-activity;sid:84559301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.112.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696202/; classtype:trojan-activity;sid:84559302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.177.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696203/; classtype:trojan-activity;sid:84559303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.128.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696198/; classtype:trojan-activity;sid:84559298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.245.37.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696199/; classtype:trojan-activity;sid:84559299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696197)"; flow:established,from_client; content:"GET"; http_method; content:"/0/items/nisibmrl-3997/toumaf.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"dn710107.ca.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696197/; classtype:trojan-activity;sid:84559297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696196/; classtype:trojan-activity;sid:84559296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696195)"; flow:established,from_client; content:"GET"; http_method; content:"/27/items/toumaf/toumaf.html"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"ia601301.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696195/; classtype:trojan-activity;sid:84559295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696194)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/fgptmxd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696194/; classtype:trojan-activity;sid:84559294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696193)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/aqpijp4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696193/; classtype:trojan-activity;sid:84559293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.32.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696192/; classtype:trojan-activity;sid:84559292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696191)"; flow:established,from_client; content:"GET"; http_method; content:"/rv8k54ecwr.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zq8.366a4362.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696191/; classtype:trojan-activity;sid:84559291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696190)"; flow:established,from_client; content:"GET"; http_method; content:"/qb23cchl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gsj.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696190/; classtype:trojan-activity;sid:84559290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696189)"; flow:established,from_client; content:"GET"; http_method; content:"/wb6.google|3f|t=5hm1yo49"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"gsj.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696189/; classtype:trojan-activity;sid:84559289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696188)"; flow:established,from_client; content:"GET"; http_method; content:"/9zgvs5s8xx.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"3rj.r0en3ap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696188/; classtype:trojan-activity;sid:84559288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.192.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696187/; classtype:trojan-activity;sid:84559287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696186)"; flow:established,from_client; content:"GET"; http_method; content:"/42jdhc7xja.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"3rj.r0en3ap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696186/; classtype:trojan-activity;sid:84559286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696185)"; flow:established,from_client; content:"GET"; http_method; content:"/mib7q1i20n.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k3.366a4362.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696185/; classtype:trojan-activity;sid:84559285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696184)"; flow:established,from_client; content:"GET"; http_method; content:"/x85d34hs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ojt.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696184/; classtype:trojan-activity;sid:84559284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696183)"; flow:established,from_client; content:"GET"; http_method; content:"/v5.google|3f|t=i9k06qux"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ojt.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696183/; classtype:trojan-activity;sid:84559283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696182)"; flow:established,from_client; content:"GET"; http_method; content:"/9g6cp69w15.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"j1c5p.7d0re6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696182/; classtype:trojan-activity;sid:84559282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696181)"; flow:established,from_client; content:"GET"; http_method; content:"/24ldlyeo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"h3u.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696181/; classtype:trojan-activity;sid:84559281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696180)"; flow:established,from_client; content:"GET"; http_method; content:"/mj.google|3f|t=bgh42qkx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h3u.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696180/; classtype:trojan-activity;sid:84559280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696179)"; flow:established,from_client; content:"GET"; http_method; content:"/ec812jva47.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"3rj.r0en3ap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696179/; classtype:trojan-activity;sid:84559279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.86.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696178/; classtype:trojan-activity;sid:84559278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.29.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696177/; classtype:trojan-activity;sid:84559277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696176)"; flow:established,from_client; content:"GET"; http_method; content:"/r7eekhtb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m3p.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696176/; classtype:trojan-activity;sid:84559276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696175)"; flow:established,from_client; content:"GET"; http_method; content:"/rh06m6yspu.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t4x1.7d0re6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696175/; classtype:trojan-activity;sid:84559275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696174/; classtype:trojan-activity;sid:84559274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.89.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696173/; classtype:trojan-activity;sid:84559273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.255.177.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696172/; classtype:trojan-activity;sid:84559272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.81.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696171/; classtype:trojan-activity;sid:84559271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696170)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/1yb0enm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696170/; classtype:trojan-activity;sid:84559270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.132.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696169/; classtype:trojan-activity;sid:84559269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.2.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696168/; classtype:trojan-activity;sid:84559268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.255.177.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696167/; classtype:trojan-activity;sid:84559267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.89.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696166/; classtype:trojan-activity;sid:84559266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.81.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696165/; classtype:trojan-activity;sid:84559265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696164)"; flow:established,from_client; content:"GET"; http_method; content:"/t9faakb64w.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k8.r0en3ap.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696164/; classtype:trojan-activity;sid:84559264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696163)"; flow:established,from_client; content:"GET"; http_method; content:"/8a.check|3f|t=n61d6qr6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m3p.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696163/; classtype:trojan-activity;sid:84559263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.29.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696162/; classtype:trojan-activity;sid:84559262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.23.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696161/; classtype:trojan-activity;sid:84559261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.19.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696160/; classtype:trojan-activity;sid:84559260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696159)"; flow:established,from_client; content:"GET"; http_method; content:"/d4nzk6heer.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k8.r0en3ap.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696159/; classtype:trojan-activity;sid:84559259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696158)"; flow:established,from_client; content:"GET"; http_method; content:"/ou5.check|3f|t=ke1298is"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cy6.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696158/; classtype:trojan-activity;sid:84559258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696157)"; flow:established,from_client; content:"GET"; http_method; content:"/3bgn25go"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cy6.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696157/; classtype:trojan-activity;sid:84559257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696147)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696147/; classtype:trojan-activity;sid:84559247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696148)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696148/; classtype:trojan-activity;sid:84559248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696149)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696149/; classtype:trojan-activity;sid:84559249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696150)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696150/; classtype:trojan-activity;sid:84559250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696151)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696151/; classtype:trojan-activity;sid:84559251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696152)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696152/; classtype:trojan-activity;sid:84559252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696153)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696153/; classtype:trojan-activity;sid:84559253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696154)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696154/; classtype:trojan-activity;sid:84559254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696155)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696155/; classtype:trojan-activity;sid:84559255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696156)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696156/; classtype:trojan-activity;sid:84559256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.46.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696146/; classtype:trojan-activity;sid:84559246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.254.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696143/; classtype:trojan-activity;sid:84559243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.218.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696144/; classtype:trojan-activity;sid:84559244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.46.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696145/; classtype:trojan-activity;sid:84559245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696141)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.79.96.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696141/; classtype:trojan-activity;sid:84559241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696142)"; flow:established,from_client; content:"GET"; http_method; content:"/nze3svz0zz.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a7k.7d0re6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696142/; classtype:trojan-activity;sid:84559242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696137)"; flow:established,from_client; content:"GET"; http_method; content:"/fa.google|3f|t=avu9pm3g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0v.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696137/; classtype:trojan-activity;sid:84559237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696138)"; flow:established,from_client; content:"GET"; http_method; content:"/wnpm2xol"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0v.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696138/; classtype:trojan-activity;sid:84559238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696139)"; flow:established,from_client; content:"GET"; http_method; content:"/3v5gxa2pez.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z3w4.1051lt6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696139/; classtype:trojan-activity;sid:84559239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696140)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.201.211.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696140/; classtype:trojan-activity;sid:84559240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696136)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.103.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696136/; classtype:trojan-activity;sid:84559236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696135)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.110.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696135/; classtype:trojan-activity;sid:84559235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696134)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.184.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696134/; classtype:trojan-activity;sid:84559234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696132)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696132/; classtype:trojan-activity;sid:84559232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696133)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696133/; classtype:trojan-activity;sid:84559233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696131)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.254.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696131/; classtype:trojan-activity;sid:84559231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696130)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.254.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696130/; classtype:trojan-activity;sid:84559230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696129/; classtype:trojan-activity;sid:84559229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696128)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696128/; classtype:trojan-activity;sid:84559228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696127)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.213.84.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696127/; classtype:trojan-activity;sid:84559227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696126)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.162.32.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696126/; classtype:trojan-activity;sid:84559226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696125)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.66.117.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696125/; classtype:trojan-activity;sid:84559225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696124)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.154.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696124/; classtype:trojan-activity;sid:84559224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696123)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.114.138.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696123/; classtype:trojan-activity;sid:84559223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696122)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.79.96.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696122/; classtype:trojan-activity;sid:84559222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696118)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.159.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696118/; classtype:trojan-activity;sid:84559218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696119)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.184.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696119/; classtype:trojan-activity;sid:84559219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696120)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.42.75.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696120/; classtype:trojan-activity;sid:84559220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696121)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.79.96.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696121/; classtype:trojan-activity;sid:84559221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696117)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.163.97.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696117/; classtype:trojan-activity;sid:84559217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696115)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696115/; classtype:trojan-activity;sid:84559215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696116)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.154.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696116/; classtype:trojan-activity;sid:84559216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696114)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696114/; classtype:trojan-activity;sid:84559214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696113)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.33.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696113/; classtype:trojan-activity;sid:84559213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696112)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.231.241.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696112/; classtype:trojan-activity;sid:84559212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696108)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.68.210.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696108/; classtype:trojan-activity;sid:84559208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696109)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.114.138.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696109/; classtype:trojan-activity;sid:84559209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696110)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.162.32.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696110/; classtype:trojan-activity;sid:84559210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696111)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696111/; classtype:trojan-activity;sid:84559211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696106)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.18.210.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696106/; classtype:trojan-activity;sid:84559206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696107)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"125.80.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696107/; classtype:trojan-activity;sid:84559207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696100)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.201.211.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696100/; classtype:trojan-activity;sid:84559200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696101)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.218.212.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696101/; classtype:trojan-activity;sid:84559201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696102)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.66.117.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696102/; classtype:trojan-activity;sid:84559202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696103)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.201.211.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696103/; classtype:trojan-activity;sid:84559203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696104)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.148.6.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696104/; classtype:trojan-activity;sid:84559204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696105)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.194.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696105/; classtype:trojan-activity;sid:84559205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696095)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.75.107.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696095/; classtype:trojan-activity;sid:84559195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696096)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696096/; classtype:trojan-activity;sid:84559196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696097)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.70.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696097/; classtype:trojan-activity;sid:84559197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696098)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696098/; classtype:trojan-activity;sid:84559198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696099)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.24.154.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696099/; classtype:trojan-activity;sid:84559199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696094)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.110.187.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696094/; classtype:trojan-activity;sid:84559194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696093)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"189.159.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696093/; classtype:trojan-activity;sid:84559193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696092)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"59.7.236.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696092/; classtype:trojan-activity;sid:84559192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696090)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.162.32.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696090/; classtype:trojan-activity;sid:84559190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696091)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.231.241.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696091/; classtype:trojan-activity;sid:84559191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696089)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.231.241.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696089/; classtype:trojan-activity;sid:84559189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696087)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.103.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696087/; classtype:trojan-activity;sid:84559187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696088)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696088/; classtype:trojan-activity;sid:84559188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696086)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696086/; classtype:trojan-activity;sid:84559186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696082)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696082/; classtype:trojan-activity;sid:84559182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696083)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.188.34.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696083/; classtype:trojan-activity;sid:84559183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696084)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.167.31.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696084/; classtype:trojan-activity;sid:84559184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696085)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696085/; classtype:trojan-activity;sid:84559185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696081)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.103.71.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696081/; classtype:trojan-activity;sid:84559181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696076)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.30.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696076/; classtype:trojan-activity;sid:84559176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696077)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696077/; classtype:trojan-activity;sid:84559177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696078)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.225.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696078/; classtype:trojan-activity;sid:84559178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696079)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696079/; classtype:trojan-activity;sid:84559179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696080)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696080/; classtype:trojan-activity;sid:84559180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696073)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.240.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696073/; classtype:trojan-activity;sid:84559173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696074)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.45.141.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696074/; classtype:trojan-activity;sid:84559174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696075)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.80.142.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696075/; classtype:trojan-activity;sid:84559175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696068)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.133.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696068/; classtype:trojan-activity;sid:84559168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696069)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.209.133.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696069/; classtype:trojan-activity;sid:84559169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696070)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.162.32.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696070/; classtype:trojan-activity;sid:84559170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696071)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.213.84.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696071/; classtype:trojan-activity;sid:84559171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696072)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696072/; classtype:trojan-activity;sid:84559172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696063)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.163.97.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696063/; classtype:trojan-activity;sid:84559163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696064)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.0.30.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696064/; classtype:trojan-activity;sid:84559164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696065)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.167.31.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696065/; classtype:trojan-activity;sid:84559165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696066)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696066/; classtype:trojan-activity;sid:84559166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696067)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.177.137.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696067/; classtype:trojan-activity;sid:84559167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696060)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.114.138.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696060/; classtype:trojan-activity;sid:84559160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696061)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696061/; classtype:trojan-activity;sid:84559161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696062)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.133.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696062/; classtype:trojan-activity;sid:84559162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696059)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.185.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696059/; classtype:trojan-activity;sid:84559159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696058)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696058/; classtype:trojan-activity;sid:84559158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696055)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696055/; classtype:trojan-activity;sid:84559155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696056)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.163.97.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696056/; classtype:trojan-activity;sid:84559156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696057)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.70.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696057/; classtype:trojan-activity;sid:84559157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696049)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.84.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696049/; classtype:trojan-activity;sid:84559149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696050)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696050/; classtype:trojan-activity;sid:84559150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696051)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.70.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696051/; classtype:trojan-activity;sid:84559151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696052)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696052/; classtype:trojan-activity;sid:84559152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696053)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.84.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696053/; classtype:trojan-activity;sid:84559153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696054)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.163.97.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696054/; classtype:trojan-activity;sid:84559154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696046)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.33.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696046/; classtype:trojan-activity;sid:84559146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696047)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"120.33.156.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696047/; classtype:trojan-activity;sid:84559147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696048)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.30.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696048/; classtype:trojan-activity;sid:84559148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696044)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.57.183.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696044/; classtype:trojan-activity;sid:84559144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696045)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696045/; classtype:trojan-activity;sid:84559145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696039)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.185.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696039/; classtype:trojan-activity;sid:84559139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696040)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.42.75.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696040/; classtype:trojan-activity;sid:84559140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696041)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.30.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696041/; classtype:trojan-activity;sid:84559141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696042)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696042/; classtype:trojan-activity;sid:84559142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696043)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.2.111.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696043/; classtype:trojan-activity;sid:84559143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696038)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696038/; classtype:trojan-activity;sid:84559138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696037)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"175.196.57.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696037/; classtype:trojan-activity;sid:84559137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696035)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696035/; classtype:trojan-activity;sid:84559135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696036)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.45.141.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696036/; classtype:trojan-activity;sid:84559136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696033)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.133.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696033/; classtype:trojan-activity;sid:84559133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696034)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.81.205.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696034/; classtype:trojan-activity;sid:84559134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696031)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696031/; classtype:trojan-activity;sid:84559131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696032)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696032/; classtype:trojan-activity;sid:84559132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696026)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696026/; classtype:trojan-activity;sid:84559126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696027)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.70.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696027/; classtype:trojan-activity;sid:84559127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696028)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.148.6.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696028/; classtype:trojan-activity;sid:84559128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696029)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.18.210.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696029/; classtype:trojan-activity;sid:84559129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696030)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.148.6.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696030/; classtype:trojan-activity;sid:84559130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696024)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.162.32.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696024/; classtype:trojan-activity;sid:84559124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696025)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696025/; classtype:trojan-activity;sid:84559125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696020)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.75.107.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696020/; classtype:trojan-activity;sid:84559120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696021)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696021/; classtype:trojan-activity;sid:84559121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696022)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696022/; classtype:trojan-activity;sid:84559122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696023)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.70.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696023/; classtype:trojan-activity;sid:84559123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696018)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.194.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696018/; classtype:trojan-activity;sid:84559118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696019)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.103.71.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696019/; classtype:trojan-activity;sid:84559119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696011)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.212.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696011/; classtype:trojan-activity;sid:84559111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696012)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.42.75.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696012/; classtype:trojan-activity;sid:84559112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696013)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.42.75.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696013/; classtype:trojan-activity;sid:84559113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696014)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.103.71.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696014/; classtype:trojan-activity;sid:84559114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696015)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.48.27.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696015/; classtype:trojan-activity;sid:84559115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696016)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.167.31.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696016/; classtype:trojan-activity;sid:84559116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696017)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.209.133.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696017/; classtype:trojan-activity;sid:84559117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696010)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.75.107.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696010/; classtype:trojan-activity;sid:84559110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696008)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696008/; classtype:trojan-activity;sid:84559108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696009)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.187.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696009/; classtype:trojan-activity;sid:84559109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696003)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696003/; classtype:trojan-activity;sid:84559103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696004)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696004/; classtype:trojan-activity;sid:84559104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696005)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.45.141.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696005/; classtype:trojan-activity;sid:84559105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696006)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.177.137.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696006/; classtype:trojan-activity;sid:84559106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696007)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.24.154.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696007/; classtype:trojan-activity;sid:84559107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695999)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.231.241.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695999/; classtype:trojan-activity;sid:84559099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696000)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.80.142.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696000/; classtype:trojan-activity;sid:84559100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696001)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696001/; classtype:trojan-activity;sid:84559101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696002)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.177.137.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696002/; classtype:trojan-activity;sid:84559102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695998)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.33.156.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695998/; classtype:trojan-activity;sid:84559098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695997)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.210.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695997/; classtype:trojan-activity;sid:84559097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695995)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.66.117.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695995/; classtype:trojan-activity;sid:84559095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695996)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.66.117.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695996/; classtype:trojan-activity;sid:84559096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695994)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695994/; classtype:trojan-activity;sid:84559094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695993)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.194.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695993/; classtype:trojan-activity;sid:84559093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695990)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.187.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695990/; classtype:trojan-activity;sid:84559090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695991)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.80.142.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695991/; classtype:trojan-activity;sid:84559091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695992)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695992/; classtype:trojan-activity;sid:84559092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695988)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.177.137.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695988/; classtype:trojan-activity;sid:84559088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695989)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.33.156.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695989/; classtype:trojan-activity;sid:84559089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695983)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.187.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695983/; classtype:trojan-activity;sid:84559083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695984)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695984/; classtype:trojan-activity;sid:84559084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695985)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.18.210.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695985/; classtype:trojan-activity;sid:84559085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695986)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695986/; classtype:trojan-activity;sid:84559086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695987)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.185.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695987/; classtype:trojan-activity;sid:84559087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695980)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.162.32.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695980/; classtype:trojan-activity;sid:84559080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695981)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.177.137.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695981/; classtype:trojan-activity;sid:84559081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695982)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.210.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695982/; classtype:trojan-activity;sid:84559082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695977)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.84.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695977/; classtype:trojan-activity;sid:84559077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695978)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.45.141.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695978/; classtype:trojan-activity;sid:84559078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695979)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.159.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695979/; classtype:trojan-activity;sid:84559079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695975)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.45.141.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695975/; classtype:trojan-activity;sid:84559075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695976)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695976/; classtype:trojan-activity;sid:84559076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695970)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.81.205.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695970/; classtype:trojan-activity;sid:84559070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695971)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.148.6.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695971/; classtype:trojan-activity;sid:84559071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695972)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.194.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695972/; classtype:trojan-activity;sid:84559072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695973)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.213.84.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695973/; classtype:trojan-activity;sid:84559073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695974)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.116.145.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695974/; classtype:trojan-activity;sid:84559074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695966)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.66.117.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695966/; classtype:trojan-activity;sid:84559066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695967)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.162.32.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695967/; classtype:trojan-activity;sid:84559067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695968)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.177.137.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695968/; classtype:trojan-activity;sid:84559068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695969)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.231.241.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695969/; classtype:trojan-activity;sid:84559069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695961)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.210.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695961/; classtype:trojan-activity;sid:84559061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695962)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695962/; classtype:trojan-activity;sid:84559062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695963)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"125.80.194.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695963/; classtype:trojan-activity;sid:84559063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695964)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.18.210.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695964/; classtype:trojan-activity;sid:84559064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695965)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695965/; classtype:trojan-activity;sid:84559065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695958)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.152.147.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695958/; classtype:trojan-activity;sid:84559058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695959)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.48.27.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695959/; classtype:trojan-activity;sid:84559059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695960)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695960/; classtype:trojan-activity;sid:84559060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695954)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.75.107.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695954/; classtype:trojan-activity;sid:84559054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695955)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695955/; classtype:trojan-activity;sid:84559055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695956)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.18.210.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695956/; classtype:trojan-activity;sid:84559056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695957)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.103.71.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695957/; classtype:trojan-activity;sid:84559057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695952)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695952/; classtype:trojan-activity;sid:84559052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695953)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695953/; classtype:trojan-activity;sid:84559053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695949)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.80.142.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695949/; classtype:trojan-activity;sid:84559049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695950)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.148.6.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695950/; classtype:trojan-activity;sid:84559050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695951)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.201.211.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695951/; classtype:trojan-activity;sid:84559051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695945)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.163.97.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695945/; classtype:trojan-activity;sid:84559045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695946)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.81.205.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695946/; classtype:trojan-activity;sid:84559046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695947)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.75.107.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695947/; classtype:trojan-activity;sid:84559047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695948)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695948/; classtype:trojan-activity;sid:84559048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695940)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.100.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695940/; classtype:trojan-activity;sid:84559040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695941)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.80.194.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695941/; classtype:trojan-activity;sid:84559041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695942)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.147.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695942/; classtype:trojan-activity;sid:84559042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695943)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.114.138.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695943/; classtype:trojan-activity;sid:84559043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695944)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.240.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695944/; classtype:trojan-activity;sid:84559044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695938)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.147.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695938/; classtype:trojan-activity;sid:84559038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695939)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.80.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695939/; classtype:trojan-activity;sid:84559039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695937)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695937/; classtype:trojan-activity;sid:84559037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695934)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.114.138.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695934/; classtype:trojan-activity;sid:84559034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695935)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.100.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695935/; classtype:trojan-activity;sid:84559035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695936)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.79.96.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695936/; classtype:trojan-activity;sid:84559036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695926)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"175.206.229.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695926/; classtype:trojan-activity;sid:84559026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695927)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.0.30.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695927/; classtype:trojan-activity;sid:84559027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695928)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.70.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695928/; classtype:trojan-activity;sid:84559028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695929)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.48.27.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695929/; classtype:trojan-activity;sid:84559029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695930)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.188.34.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695930/; classtype:trojan-activity;sid:84559030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695931)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.18.210.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695931/; classtype:trojan-activity;sid:84559031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695932)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695932/; classtype:trojan-activity;sid:84559032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695933)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.114.138.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695933/; classtype:trojan-activity;sid:84559033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695923)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695923/; classtype:trojan-activity;sid:84559023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695924)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.147.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695924/; classtype:trojan-activity;sid:84559024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695925)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.187.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695925/; classtype:trojan-activity;sid:84559025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695916)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695916/; classtype:trojan-activity;sid:84559016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695917)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.201.211.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695917/; classtype:trojan-activity;sid:84559017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695918)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.66.117.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695918/; classtype:trojan-activity;sid:84559018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695919)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.159.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695919/; classtype:trojan-activity;sid:84559019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695920)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695920/; classtype:trojan-activity;sid:84559020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695921)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.30.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695921/; classtype:trojan-activity;sid:84559021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695922)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.33.156.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695922/; classtype:trojan-activity;sid:84559022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695913)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.167.31.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695913/; classtype:trojan-activity;sid:84559013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695914)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.68.210.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695914/; classtype:trojan-activity;sid:84559014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695915)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695915/; classtype:trojan-activity;sid:84559015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695911)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.33.156.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695911/; classtype:trojan-activity;sid:84559011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695912)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695912/; classtype:trojan-activity;sid:84559012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695908)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.80.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695908/; classtype:trojan-activity;sid:84559008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695909)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.103.71.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695909/; classtype:trojan-activity;sid:84559009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695910)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"125.79.96.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695910/; classtype:trojan-activity;sid:84559010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695907)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.147.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695907/; classtype:trojan-activity;sid:84559007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695906)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.81.205.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695906/; classtype:trojan-activity;sid:84559006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695905)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"184.148.6.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695905/; classtype:trojan-activity;sid:84559005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695903)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.80.194.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695903/; classtype:trojan-activity;sid:84559003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695904)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695904/; classtype:trojan-activity;sid:84559004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695902)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"152.0.30.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695902/; classtype:trojan-activity;sid:84559002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695898)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695898/; classtype:trojan-activity;sid:84558998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695899)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.159.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695899/; classtype:trojan-activity;sid:84558999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695900)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.159.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695900/; classtype:trojan-activity;sid:84559000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695901)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695901/; classtype:trojan-activity;sid:84559001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695894)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.187.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695894/; classtype:trojan-activity;sid:84558994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695895)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.201.211.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695895/; classtype:trojan-activity;sid:84558995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695896)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.79.96.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695896/; classtype:trojan-activity;sid:84558996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695897)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.188.34.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695897/; classtype:trojan-activity;sid:84558997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695889)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.231.241.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695889/; classtype:trojan-activity;sid:84558989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695890)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.42.75.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695890/; classtype:trojan-activity;sid:84558990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695891)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695891/; classtype:trojan-activity;sid:84558991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695892)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.68.210.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695892/; classtype:trojan-activity;sid:84558992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695893)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695893/; classtype:trojan-activity;sid:84558993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695886)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695886/; classtype:trojan-activity;sid:84558986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695887)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.167.31.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695887/; classtype:trojan-activity;sid:84558987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695888)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.80.142.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695888/; classtype:trojan-activity;sid:84558988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695882)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.147.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695882/; classtype:trojan-activity;sid:84558982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695883)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.187.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695883/; classtype:trojan-activity;sid:84558983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695884)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695884/; classtype:trojan-activity;sid:84558984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695885)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.44.41.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695885/; classtype:trojan-activity;sid:84558985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695880)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.70.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695880/; classtype:trojan-activity;sid:84558980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695881)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.45.141.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695881/; classtype:trojan-activity;sid:84558981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695879)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.33.156.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695879/; classtype:trojan-activity;sid:84558979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695878)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.212.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695878/; classtype:trojan-activity;sid:84558978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695876)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.163.97.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695876/; classtype:trojan-activity;sid:84558976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695877)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.185.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695877/; classtype:trojan-activity;sid:84558977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695869)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695869/; classtype:trojan-activity;sid:84558969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695870)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.185.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695870/; classtype:trojan-activity;sid:84558970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695871)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.133.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695871/; classtype:trojan-activity;sid:84558971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695872)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.24.154.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695872/; classtype:trojan-activity;sid:84558972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695873)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.75.107.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695873/; classtype:trojan-activity;sid:84558973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695874)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.103.71.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695874/; classtype:trojan-activity;sid:84558974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695875)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695875/; classtype:trojan-activity;sid:84558975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695868)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.91.141.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695868/; classtype:trojan-activity;sid:84558968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695867)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.167.31.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695867/; classtype:trojan-activity;sid:84558967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695862)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.147.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695862/; classtype:trojan-activity;sid:84558962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695863)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695863/; classtype:trojan-activity;sid:84558963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695864)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.42.75.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695864/; classtype:trojan-activity;sid:84558964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695865)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.185.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695865/; classtype:trojan-activity;sid:84558965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695866)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"125.133.187.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695866/; classtype:trojan-activity;sid:84558966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695861)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.225.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695861/; classtype:trojan-activity;sid:84558961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695859)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.45.141.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695859/; classtype:trojan-activity;sid:84558959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695860)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695860/; classtype:trojan-activity;sid:84558960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695858)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.148.6.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695858/; classtype:trojan-activity;sid:84558958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695855)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.209.133.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695855/; classtype:trojan-activity;sid:84558955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695856)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.42.75.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695856/; classtype:trojan-activity;sid:84558956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695857)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"210.104.172.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695857/; classtype:trojan-activity;sid:84558957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695854)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695854/; classtype:trojan-activity;sid:84558954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695852)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.201.211.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695852/; classtype:trojan-activity;sid:84558952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695853)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.116.86.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695853/; classtype:trojan-activity;sid:84558953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695847)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.154.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695847/; classtype:trojan-activity;sid:84558947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695848)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.75.107.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695848/; classtype:trojan-activity;sid:84558948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695849)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.79.96.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695849/; classtype:trojan-activity;sid:84558949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695850)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.154.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695850/; classtype:trojan-activity;sid:84558950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695851)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.240.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695851/; classtype:trojan-activity;sid:84558951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695845)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.33.156.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695845/; classtype:trojan-activity;sid:84558945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695846)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.177.137.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695846/; classtype:trojan-activity;sid:84558946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695843)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.210.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695843/; classtype:trojan-activity;sid:84558943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695844)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.81.205.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695844/; classtype:trojan-activity;sid:84558944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695839)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.231.241.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695839/; classtype:trojan-activity;sid:84558939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695840)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.96.33.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695840/; classtype:trojan-activity;sid:84558940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695841)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.48.188.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695841/; classtype:trojan-activity;sid:84558941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695842)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.81.205.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695842/; classtype:trojan-activity;sid:84558942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695836)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.80.142.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695836/; classtype:trojan-activity;sid:84558936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695837)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.225.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695837/; classtype:trojan-activity;sid:84558937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695838)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.80.142.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695838/; classtype:trojan-activity;sid:84558938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695832)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.187.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695832/; classtype:trojan-activity;sid:84558932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695833)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.159.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695833/; classtype:trojan-activity;sid:84558933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695834)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.163.97.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695834/; classtype:trojan-activity;sid:84558934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695835)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.185.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695835/; classtype:trojan-activity;sid:84558935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695825)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695825/; classtype:trojan-activity;sid:84558925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695826)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695826/; classtype:trojan-activity;sid:84558926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695827)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695827/; classtype:trojan-activity;sid:84558927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695828)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695828/; classtype:trojan-activity;sid:84558928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695829)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.66.117.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695829/; classtype:trojan-activity;sid:84558929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695830)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695830/; classtype:trojan-activity;sid:84558930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695831)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.84.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695831/; classtype:trojan-activity;sid:84558931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695824)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"125.137.108.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695824/; classtype:trojan-activity;sid:84558924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695823)"; flow:established,from_client; content:"GET"; http_method; content:"/k5iw8j11zu.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g6.85cu3895.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695823/; classtype:trojan-activity;sid:84558923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695822)"; flow:established,from_client; content:"GET"; http_method; content:"/1gj0jj8c"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1c.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695822/; classtype:trojan-activity;sid:84558922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695821)"; flow:established,from_client; content:"GET"; http_method; content:"/p0.google|3f|t=wixdwvj9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1c.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695821/; classtype:trojan-activity;sid:84558921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695820)"; flow:established,from_client; content:"GET"; http_method; content:"/0nba72ikf7.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z3w4.1051lt6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695820/; classtype:trojan-activity;sid:84558920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695819)"; flow:established,from_client; content:"GET"; http_method; content:"/nbykhc42b1.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z3w4.1051lt6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695819/; classtype:trojan-activity;sid:84558919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695818)"; flow:established,from_client; content:"GET"; http_method; content:"/jh.check|3f|t=7q9l7l5u"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"aw.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695818/; classtype:trojan-activity;sid:84558918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695816)"; flow:established,from_client; content:"GET"; http_method; content:"/st.google|3f|t=u2kza7zq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"6g.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695816/; classtype:trojan-activity;sid:84558916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695817)"; flow:established,from_client; content:"GET"; http_method; content:"/cm0euyb4yz.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"7bn.1051lt6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695817/; classtype:trojan-activity;sid:84558917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.54.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695815/; classtype:trojan-activity;sid:84558915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.254.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695814/; classtype:trojan-activity;sid:84558914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695813)"; flow:established,from_client; content:"GET"; http_method; content:"/b4y86n2h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"6g.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695813/; classtype:trojan-activity;sid:84558913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695812)"; flow:established,from_client; content:"GET"; http_method; content:"/hy5dt03lkq.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t.ba2q7q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695812/; classtype:trojan-activity;sid:84558912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695811)"; flow:established,from_client; content:"GET"; http_method; content:"/i5l.check|3f|t=r1l8egt7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yb.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695811/; classtype:trojan-activity;sid:84558911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695810)"; flow:established,from_client; content:"GET"; http_method; content:"/gzhxqjy6am.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"7bn.1051lt6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695810/; classtype:trojan-activity;sid:84558910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.174.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695809/; classtype:trojan-activity;sid:84558909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.54.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695808/; classtype:trojan-activity;sid:84558908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695807)"; flow:established,from_client; content:"GET"; http_method; content:"/4yk9l617v4.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"7bn.1051lt6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695807/; classtype:trojan-activity;sid:84558907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695806)"; flow:established,from_client; content:"GET"; http_method; content:"/e2j.google|3f|t=mvwsk8he"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ch.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695806/; classtype:trojan-activity;sid:84558906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695805/; classtype:trojan-activity;sid:84558905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695804/; classtype:trojan-activity;sid:84558904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695803)"; flow:established,from_client; content:"GET"; http_method; content:"/hwxgn41ld1.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m0t.1051lt6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695803/; classtype:trojan-activity;sid:84558903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695802)"; flow:established,from_client; content:"GET"; http_method; content:"/xw.google|3f|t=9whyumy1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gw.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695802/; classtype:trojan-activity;sid:84558902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.32.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695801/; classtype:trojan-activity;sid:84558901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695800/; classtype:trojan-activity;sid:84558900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695799)"; flow:established,from_client; content:"GET"; http_method; content:"/ikb8dc55"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gw.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695799/; classtype:trojan-activity;sid:84558899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.128.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695798/; classtype:trojan-activity;sid:84558898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695797)"; flow:established,from_client; content:"GET"; http_method; content:"/z9w6qf7bve.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z9m2.ba2q7q.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695797/; classtype:trojan-activity;sid:84558897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.203.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695796/; classtype:trojan-activity;sid:84558896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695795)"; flow:established,from_client; content:"GET"; http_method; content:"/gutiknyka1.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v91.1051lt6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695795/; classtype:trojan-activity;sid:84558895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695794)"; flow:established,from_client; content:"GET"; http_method; content:"/fjg.google|3f|t=sgj5oo9x"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5d.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695794/; classtype:trojan-activity;sid:84558894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.72.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695793/; classtype:trojan-activity;sid:84558893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695791)"; flow:established,from_client; content:"GET"; http_method; content:"/n2mwjhrf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5d.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695791/; classtype:trojan-activity;sid:84558891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695792)"; flow:established,from_client; content:"GET"; http_method; content:"/mbqlsa3myz.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z9m2.ba2q7q.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695792/; classtype:trojan-activity;sid:84558892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.137.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695789/; classtype:trojan-activity;sid:84558889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.185.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695790/; classtype:trojan-activity;sid:84558890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.32.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695788/; classtype:trojan-activity;sid:84558888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695787)"; flow:established,from_client; content:"GET"; http_method; content:"/nf8i0tkya9.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w1.ba2q7q.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695787/; classtype:trojan-activity;sid:84558887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695786)"; flow:established,from_client; content:"GET"; http_method; content:"/exk4b9kj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"j0.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695786/; classtype:trojan-activity;sid:84558886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695784)"; flow:established,from_client; content:"GET"; http_method; content:"/zi.check|3f|t=3uerqqyn"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"j0.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695784/; classtype:trojan-activity;sid:84558884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695785)"; flow:established,from_client; content:"GET"; http_method; content:"/t625vgszcb.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2x.1051lt6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695785/; classtype:trojan-activity;sid:84558885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695783)"; flow:established,from_client; content:"GET"; http_method; content:"/krnyzd7oto.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w1.ba2q7q.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695783/; classtype:trojan-activity;sid:84558883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695782)"; flow:established,from_client; content:"GET"; http_method; content:"/1wb90e3g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2d.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695782/; classtype:trojan-activity;sid:84558882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695781/; classtype:trojan-activity;sid:84558881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.185.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695780/; classtype:trojan-activity;sid:84558880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695778)"; flow:established,from_client; content:"GET"; http_method; content:"/wk1.check|3f|t=p4lltq8w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"2d.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695778/; classtype:trojan-activity;sid:84558878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695779)"; flow:established,from_client; content:"GET"; http_method; content:"/ykihrj3tzb.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2x.1051lt6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695779/; classtype:trojan-activity;sid:84558879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695777)"; flow:established,from_client; content:"GET"; http_method; content:"/166/sfdkjs0d9cv00s9f900f920f30sd090bcv09dg90s90g0dfg09g0d0g90dg9g8dg09g0d.txt"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"23.95.243.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695777/; classtype:trojan-activity;sid:84558877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695776)"; flow:established,from_client; content:"GET"; http_method; content:"/98/9hg990ghhgh998hhgb76bc45dfdhfgfhghh09jghhg990900hhghh889ghgh99989.txt"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"192.3.136.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695776/; classtype:trojan-activity;sid:84558876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.34.215.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695775/; classtype:trojan-activity;sid:84558875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.127.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695774/; classtype:trojan-activity;sid:84558874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695773)"; flow:established,from_client; content:"GET"; http_method; content:"/qpy4ej4kpzpypyf.com"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695773/; classtype:trojan-activity;sid:84558873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695772)"; flow:established,from_client; content:"GET"; http_method; content:"/hdrmu2ezke.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q5.1051lt6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695772/; classtype:trojan-activity;sid:84558872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.170.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695771/; classtype:trojan-activity;sid:84558871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695770)"; flow:established,from_client; content:"GET"; http_method; content:"/stc.google|3f|t=93f8qj3j"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hw.3u-6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695770/; classtype:trojan-activity;sid:84558870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.188.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695769/; classtype:trojan-activity;sid:84558869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.8.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695768/; classtype:trojan-activity;sid:84558868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.34.215.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695767/; classtype:trojan-activity;sid:84558867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695766)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/housewkk/clientvonnupload.txt"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"vqfdkhdzsgauegpvqiem.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695766/; classtype:trojan-activity;sid:84558866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695765)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1elk1ala9fwycen1cvci2w9m_psm-czha"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695765/; classtype:trojan-activity;sid:84558865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695763)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17iw7qlvdem64gjkqsma2zaahzpq_o4zv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695763/; classtype:trojan-activity;sid:84558863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695764)"; flow:established,from_client; content:"GET"; http_method; content:"/f/gsqx9mrc64qodzwb25nqbxkeg2aaywu07ctpzdv5sodn8rij|3f|12711343|3f|12711343"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"3zd6k5n6q3.ufs.sh"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695764/; classtype:trojan-activity;sid:84558864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695762)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"go19.tarotbag.digital"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695762/; classtype:trojan-activity;sid:84558862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695761)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695761/; classtype:trojan-activity;sid:84558861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695760)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695760/; classtype:trojan-activity;sid:84558860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695759)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695759/; classtype:trojan-activity;sid:84558859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695758)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695758/; classtype:trojan-activity;sid:84558858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695757)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695757/; classtype:trojan-activity;sid:84558857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695756)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695756/; classtype:trojan-activity;sid:84558856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695755)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695755/; classtype:trojan-activity;sid:84558855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695754)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695754/; classtype:trojan-activity;sid:84558854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695753)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695753/; classtype:trojan-activity;sid:84558853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695752)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695752/; classtype:trojan-activity;sid:84558852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695750)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695750/; classtype:trojan-activity;sid:84558850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695751)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695751/; classtype:trojan-activity;sid:84558851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695749)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695749/; classtype:trojan-activity;sid:84558849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695748)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695748/; classtype:trojan-activity;sid:84558848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695747)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695747/; classtype:trojan-activity;sid:84558847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695745)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695745/; classtype:trojan-activity;sid:84558845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695746)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695746/; classtype:trojan-activity;sid:84558846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695744)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695744/; classtype:trojan-activity;sid:84558844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695743)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695743/; classtype:trojan-activity;sid:84558843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695742)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695742/; classtype:trojan-activity;sid:84558842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695741)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695741/; classtype:trojan-activity;sid:84558841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695740)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695740/; classtype:trojan-activity;sid:84558840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695738)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695738/; classtype:trojan-activity;sid:84558838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695739)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695739/; classtype:trojan-activity;sid:84558839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695732)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695732/; classtype:trojan-activity;sid:84558832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695733)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695733/; classtype:trojan-activity;sid:84558833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695734)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695734/; classtype:trojan-activity;sid:84558834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695735)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695735/; classtype:trojan-activity;sid:84558835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695736)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695736/; classtype:trojan-activity;sid:84558836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695737)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695737/; classtype:trojan-activity;sid:84558837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695731)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695731/; classtype:trojan-activity;sid:84558831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695713)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695713/; classtype:trojan-activity;sid:84558813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695714)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695714/; classtype:trojan-activity;sid:84558814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695715)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695715/; classtype:trojan-activity;sid:84558815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695716)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695716/; classtype:trojan-activity;sid:84558816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695717)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695717/; classtype:trojan-activity;sid:84558817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695718)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695718/; classtype:trojan-activity;sid:84558818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695719)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695719/; classtype:trojan-activity;sid:84558819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695720)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695720/; classtype:trojan-activity;sid:84558820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695721)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695721/; classtype:trojan-activity;sid:84558821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695722)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695722/; classtype:trojan-activity;sid:84558822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695723)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695723/; classtype:trojan-activity;sid:84558823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695724)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.113.227.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695724/; classtype:trojan-activity;sid:84558824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695725)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695725/; classtype:trojan-activity;sid:84558825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695726)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695726/; classtype:trojan-activity;sid:84558826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695727)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695727/; classtype:trojan-activity;sid:84558827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695728)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695728/; classtype:trojan-activity;sid:84558828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695729)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695729/; classtype:trojan-activity;sid:84558829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695730)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695730/; classtype:trojan-activity;sid:84558830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695709)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695709/; classtype:trojan-activity;sid:84558809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695710)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695710/; classtype:trojan-activity;sid:84558810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695711)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695711/; classtype:trojan-activity;sid:84558811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695712)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695712/; classtype:trojan-activity;sid:84558812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695708)"; flow:established,from_client; content:"GET"; http_method; content:"/3hxfee.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695708/; classtype:trojan-activity;sid:84558808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695707)"; flow:established,from_client; content:"GET"; http_method; content:"/gxh7ar04ov.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r2q3.94e-w8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695707/; classtype:trojan-activity;sid:84558807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695706)"; flow:established,from_client; content:"GET"; http_method; content:"/rjbm8prx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vo7.v4-z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695706/; classtype:trojan-activity;sid:84558806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.69.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695705/; classtype:trojan-activity;sid:84558805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.72.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695704/; classtype:trojan-activity;sid:84558804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.38.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695703/; classtype:trojan-activity;sid:84558803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695702)"; flow:established,from_client; content:"GET"; http_method; content:"/fku2idu7nq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d2m1.q9-j341.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695702/; classtype:trojan-activity;sid:84558802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695701)"; flow:established,from_client; content:"GET"; http_method; content:"/2b.google|3f|t=cyaftco2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vo7.v4-z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695701/; classtype:trojan-activity;sid:84558801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.38.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695700/; classtype:trojan-activity;sid:84558800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.219.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695699/; classtype:trojan-activity;sid:84558799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695698)"; flow:established,from_client; content:"GET"; http_method; content:"/gyg.check|3f|t=xfidqvnv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7h.5g-t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695698/; classtype:trojan-activity;sid:84558798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695697)"; flow:established,from_client; content:"GET"; http_method; content:"/mlhcw0c5ca.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vqx.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695697/; classtype:trojan-activity;sid:84558797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695696)"; flow:established,from_client; content:"GET"; http_method; content:"/1s.google|3f|t=lzm417vd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"elk.yw9a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695696/; classtype:trojan-activity;sid:84558796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695695)"; flow:established,from_client; content:"GET"; http_method; content:"/1s69gbt73n.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y7m.94e-w8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695695/; classtype:trojan-activity;sid:84558795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695693)"; flow:established,from_client; content:"GET"; http_method; content:"/t76zc5cp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"elk.yw9a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695693/; classtype:trojan-activity;sid:84558793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695694)"; flow:established,from_client; content:"GET"; http_method; content:"/1p0ggfyjbe.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vqx.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695694/; classtype:trojan-activity;sid:84558794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.27.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695692/; classtype:trojan-activity;sid:84558792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695691)"; flow:established,from_client; content:"GET"; http_method; content:"/8sy77e56hi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vqx.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695691/; classtype:trojan-activity;sid:84558791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695690)"; flow:established,from_client; content:"GET"; http_method; content:"/41h.google|3f|t=j5zkpkhl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h28.4qo8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695690/; classtype:trojan-activity;sid:84558790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.69.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695689/; classtype:trojan-activity;sid:84558789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.145.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695688/; classtype:trojan-activity;sid:84558788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.219.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695687/; classtype:trojan-activity;sid:84558787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.225.42.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695686/; classtype:trojan-activity;sid:84558786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.48.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695685/; classtype:trojan-activity;sid:84558785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695684)"; flow:established,from_client; content:"GET"; http_method; content:"/buqi59aoou.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a7n.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695684/; classtype:trojan-activity;sid:84558784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695682)"; flow:established,from_client; content:"GET"; http_method; content:"/vene/hykle.lpk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cadencevale.life"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695682/; classtype:trojan-activity;sid:84558782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695683)"; flow:established,from_client; content:"GET"; http_method; content:"/vene/tnjwjcvhyhgqqnxdipbauzvgbx47.bin"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"cadencevale.life"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695683/; classtype:trojan-activity;sid:84558783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695681)"; flow:established,from_client; content:"GET"; http_method; content:"/sxw.check|3f|t=jfwj1v65"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hl.oqtx.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695681/; classtype:trojan-activity;sid:84558781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.27.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695680/; classtype:trojan-activity;sid:84558780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695679)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hp1aeaimaxokv9_h_6atoxy_jw4k1npz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695679/; classtype:trojan-activity;sid:84558779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695678)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1slw0vqvrpne3x00ynns2upjxd0v6-4gk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695678/; classtype:trojan-activity;sid:84558778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695677)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gdw5hbnbzaqpwqqeguq2tbpo2o3quu9f"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695677/; classtype:trojan-activity;sid:84558777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695676)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w0apomew6b1uahwuy-lbpaunx9cspqtx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695676/; classtype:trojan-activity;sid:84558776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.225.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695675/; classtype:trojan-activity;sid:84558775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.92.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695674/; classtype:trojan-activity;sid:84558774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695673)"; flow:established,from_client; content:"GET"; http_method; content:"/order/server_encrypted.ps1"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"module.com.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695673/; classtype:trojan-activity;sid:84558773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695672)"; flow:established,from_client; content:"GET"; http_method; content:"/rowe176.pfm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cloudlocalservice.duckdns.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695672/; classtype:trojan-activity;sid:84558772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695671)"; flow:established,from_client; content:"GET"; http_method; content:"/jade.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cloudlocalservice.duckdns.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695671/; classtype:trojan-activity;sid:84558771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695670)"; flow:established,from_client; content:"GET"; http_method; content:"/9re6f5.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695670/; classtype:trojan-activity;sid:84558770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695669)"; flow:established,from_client; content:"GET"; http_method; content:"/w7kijjy0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hl.oqtx.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695669/; classtype:trojan-activity;sid:84558769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695668)"; flow:established,from_client; content:"GET"; http_method; content:"/7gav1zdbec.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b0t.94e-w8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695668/; classtype:trojan-activity;sid:84558768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695667)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251104055349.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nttgroups.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695667/; classtype:trojan-activity;sid:84558767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695666)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695666/; classtype:trojan-activity;sid:84558766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695665)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103095040.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nttgroups.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695665/; classtype:trojan-activity;sid:84558765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695664)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103070609.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nttgroups.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695664/; classtype:trojan-activity;sid:84558764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695663)"; flow:established,from_client; content:"GET"; http_method; content:"/6wcc0qr448.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a7n.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695663/; classtype:trojan-activity;sid:84558763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695662)"; flow:established,from_client; content:"GET"; http_method; content:"/63.google|3f|t=kv4ol925"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fh0.j935.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695662/; classtype:trojan-activity;sid:84558762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695659/; classtype:trojan-activity;sid:84558759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.116.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695660/; classtype:trojan-activity;sid:84558760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.54.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695661/; classtype:trojan-activity;sid:84558761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.187.104.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695652/; classtype:trojan-activity;sid:84558752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.54.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695653/; classtype:trojan-activity;sid:84558753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.23.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695654/; classtype:trojan-activity;sid:84558754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.222.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695655/; classtype:trojan-activity;sid:84558755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.96.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695656/; classtype:trojan-activity;sid:84558756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.224.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695657/; classtype:trojan-activity;sid:84558757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695658/; classtype:trojan-activity;sid:84558758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.92.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695651/; classtype:trojan-activity;sid:84558751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.187.104.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695647/; classtype:trojan-activity;sid:84558747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.255.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695648/; classtype:trojan-activity;sid:84558748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.190.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695649/; classtype:trojan-activity;sid:84558749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.119.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695650/; classtype:trojan-activity;sid:84558750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.126.86.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695646/; classtype:trojan-activity;sid:84558746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695645)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kko/0hgg00076fhgh7988hnddsdfs43400hjhnbnb9090ghghg78090jjh090909ghghg00.hta"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"46.183.220.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695645/; classtype:trojan-activity;sid:84558745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695644)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5561582465/fz0oky4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695644/; classtype:trojan-activity;sid:84558744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695641)"; flow:established,from_client; content:"GET"; http_method; content:"/98/9hg990ghhgh998hhgb76bc45dfdhfgfhghh09jghhg990900hhghh889ghgh99989.hta"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"192.3.136.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695641/; classtype:trojan-activity;sid:84558741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695642)"; flow:established,from_client; content:"GET"; http_method; content:"/480/sjdhf00vcb98sd0wjhjcmvnmsdfkjk0fs90c88b0d00s0cv89sdjjhj98vx0c0xc0v0cx08xcv0xcv.hta"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695642/; classtype:trojan-activity;sid:84558742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695643)"; flow:established,from_client; content:"GET"; http_method; content:"/166/sfdkjs0d9cv00s9f900f920f30sd090bcv09dg90s90g0dfg09g0d0g90dg9g8dg09g0d.hta"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"23.95.243.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695643/; classtype:trojan-activity;sid:84558743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.125.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695640/; classtype:trojan-activity;sid:84558740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695639)"; flow:established,from_client; content:"GET"; http_method; content:"/144/fsdf90sfcxv0sdf0f8g8dg0a00sd000sd88sdf090adf0sd0f90sdf00sdf00sdf0.hta"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"192.3.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695639/; classtype:trojan-activity;sid:84558739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.225.42.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695638/; classtype:trojan-activity;sid:84558738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695637)"; flow:established,from_client; content:"GET"; http_method; content:"/nqog2bghx3.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x.94e-w8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695637/; classtype:trojan-activity;sid:84558737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695634)"; flow:established,from_client; content:"GET"; http_method; content:"/2b37i9op"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fh0.j935.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695634/; classtype:trojan-activity;sid:84558734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695635)"; flow:established,from_client; content:"GET"; http_method; content:"/cq.check|3f|t=rb5nnhz9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"qfe.znx7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695635/; classtype:trojan-activity;sid:84558735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695636)"; flow:established,from_client; content:"GET"; http_method; content:"/gxna5q8jbq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t19.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695636/; classtype:trojan-activity;sid:84558736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695633)"; flow:established,from_client; content:"GET"; http_method; content:"/s/tax%20violation%20code.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dogist.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695633/; classtype:trojan-activity;sid:84558733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695632)"; flow:established,from_client; content:"GET"; http_method; content:"/155/sdf090cxv9s0w90200sdf0xcv0908dfg90g809sd09g8sgdfg090xcv88v9x9v9d9sd9f9s8d.hta"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"209.54.103.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695632/; classtype:trojan-activity;sid:84558732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695631)"; flow:established,from_client; content:"GET"; http_method; content:"/nueva%20carpeta/copi.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hostphpwindowsdriversappsos.duckdns.org"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695631/; classtype:trojan-activity;sid:84558731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695630)"; flow:established,from_client; content:"GET"; http_method; content:"/528yi33v3p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t19.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695630/; classtype:trojan-activity;sid:84558730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695629)"; flow:established,from_client; content:"GET"; http_method; content:"/rh7.google|3f|t=4f0p0oja"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"82.j-7m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695629/; classtype:trojan-activity;sid:84558729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695628)"; flow:established,from_client; content:"GET"; http_method; content:"/download/optimized_msi_20251026/optimized_msi.png"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695628/; classtype:trojan-activity;sid:84558728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.92.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695627/; classtype:trojan-activity;sid:84558727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695626)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251102171220.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695626/; classtype:trojan-activity;sid:84558726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695623)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251102211554.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695623/; classtype:trojan-activity;sid:84558723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695624)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103063144.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695624/; classtype:trojan-activity;sid:84558724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695625)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251101003850.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695625/; classtype:trojan-activity;sid:84558725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695621)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251030181807.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695621/; classtype:trojan-activity;sid:84558721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695622)"; flow:established,from_client; content:"GET"; http_method; content:"/34/items/msi-pro-with-b-64_20251031/msi_pro_with_b64.png"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"ia601401.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695622/; classtype:trojan-activity;sid:84558722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695619)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251102171235.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695619/; classtype:trojan-activity;sid:84558719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695620)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103153516.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695620/; classtype:trojan-activity;sid:84558720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695615)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251102211531.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695615/; classtype:trojan-activity;sid:84558715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695616)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103161159.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695616/; classtype:trojan-activity;sid:84558716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695617)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103162541.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695617/; classtype:trojan-activity;sid:84558717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695618)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103153506.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695618/; classtype:trojan-activity;sid:84558718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695610)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103084058.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695610/; classtype:trojan-activity;sid:84558710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695611)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103162550.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695611/; classtype:trojan-activity;sid:84558711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695612)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103170459.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695612/; classtype:trojan-activity;sid:84558712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695613)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103063134.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695613/; classtype:trojan-activity;sid:84558713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695614)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251101003838.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695614/; classtype:trojan-activity;sid:84558714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695606)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103170506.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695606/; classtype:trojan-activity;sid:84558706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695607)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251030181852.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695607/; classtype:trojan-activity;sid:84558707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695608)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103161207.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695608/; classtype:trojan-activity;sid:84558708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695609)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103084110.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695609/; classtype:trojan-activity;sid:84558709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.222.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695605/; classtype:trojan-activity;sid:84558705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695604)"; flow:established,from_client; content:"GET"; http_method; content:"/b4r.google|3f|t=vbqka5v2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"6zy.l-ly.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695604/; classtype:trojan-activity;sid:84558704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695603)"; flow:established,from_client; content:"GET"; http_method; content:"/2bewe7f61u.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mz4.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695603/; classtype:trojan-activity;sid:84558703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695601)"; flow:established,from_client; content:"GET"; http_method; content:"/xx1.google|3f|t=13v5qa19"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ug0.k7t0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695601/; classtype:trojan-activity;sid:84558701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695602)"; flow:established,from_client; content:"GET"; http_method; content:"/zlm43v91vn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mz4.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695602/; classtype:trojan-activity;sid:84558702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695600)"; flow:established,from_client; content:"GET"; http_method; content:"/sr0ar3ti"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ug0.k7t0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695600/; classtype:trojan-activity;sid:84558700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695599)"; flow:established,from_client; content:"GET"; http_method; content:"/1g98nbyr2a.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p9z1.94e-w8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695599/; classtype:trojan-activity;sid:84558699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.140.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695598/; classtype:trojan-activity;sid:84558698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695596)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695596/; classtype:trojan-activity;sid:84558696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695597)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695597/; classtype:trojan-activity;sid:84558697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695595)"; flow:established,from_client; content:"GET"; http_method; content:"/host/droid.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"216.250.252.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695595/; classtype:trojan-activity;sid:84558695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695593)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695593/; classtype:trojan-activity;sid:84558693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695594)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695594/; classtype:trojan-activity;sid:84558694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695589)"; flow:established,from_client; content:"GET"; http_method; content:"/446/fsfjjs903dsf8328sd3930f03303fsdsft233030g484030f309fdfg320400rtetdfg0xc3049gdf329dg20.txt"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"192.3.136.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695589/; classtype:trojan-activity;sid:84558689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695590)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695590/; classtype:trojan-activity;sid:84558690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695591)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695591/; classtype:trojan-activity;sid:84558691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695592)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695592/; classtype:trojan-activity;sid:84558692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695588)"; flow:established,from_client; content:"GET"; http_method; content:"/y3/0i/wguebpwkec.dat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"193.160.32.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695588/; classtype:trojan-activity;sid:84558688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695587)"; flow:established,from_client; content:"GET"; http_method; content:"/y3/0i/ujkawf.mp4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.160.32.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695587/; classtype:trojan-activity;sid:84558687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.151.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695586/; classtype:trojan-activity;sid:84558686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695583)"; flow:established,from_client; content:"GET"; http_method; content:"/action-reader2025/doc/invoice-readerxx67384xx2025.msi"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"185.145.97.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695583/; classtype:trojan-activity;sid:84558683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695584)"; flow:established,from_client; content:"GET"; http_method; content:"/reader2025/doc/invoice-readerxx67384xx2025.msi"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"185.145.97.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695584/; classtype:trojan-activity;sid:84558684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695585)"; flow:established,from_client; content:"GET"; http_method; content:"/action-reader/doc/invoice-readerxx67384xx2025.msi"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"185.145.97.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695585/; classtype:trojan-activity;sid:84558685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695582)"; flow:established,from_client; content:"GET"; http_method; content:"/hfxv3j0mz2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k3.q9-j341.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695582/; classtype:trojan-activity;sid:84558682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695581)"; flow:established,from_client; content:"GET"; http_method; content:"/jsu.check|3f|t=h8ok1myc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"00.0fv1.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695581/; classtype:trojan-activity;sid:84558681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.15.117.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695580/; classtype:trojan-activity;sid:84558680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.172.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695579/; classtype:trojan-activity;sid:84558679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.222.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695578/; classtype:trojan-activity;sid:84558678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695575/; classtype:trojan-activity;sid:84558675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695576/; classtype:trojan-activity;sid:84558676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pi586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695577/; classtype:trojan-activity;sid:84558677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695569/; classtype:trojan-activity;sid:84558669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695570/; classtype:trojan-activity;sid:84558670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695571/; classtype:trojan-activity;sid:84558671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695572/; classtype:trojan-activity;sid:84558672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695573)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4t"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695573/; classtype:trojan-activity;sid:84558673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695574/; classtype:trojan-activity;sid:84558674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695566/; classtype:trojan-activity;sid:84558666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695567/; classtype:trojan-activity;sid:84558667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695568/; classtype:trojan-activity;sid:84558668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695559)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695559/; classtype:trojan-activity;sid:84558659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695560)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695560/; classtype:trojan-activity;sid:84558660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695561)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695561/; classtype:trojan-activity;sid:84558661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695562/; classtype:trojan-activity;sid:84558662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695563/; classtype:trojan-activity;sid:84558663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695564)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695564/; classtype:trojan-activity;sid:84558664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695565)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695565/; classtype:trojan-activity;sid:84558665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.202.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695558/; classtype:trojan-activity;sid:84558658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.15.117.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695557/; classtype:trojan-activity;sid:84558657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695556)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"546321.wristplante.digital"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695556/; classtype:trojan-activity;sid:84558656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695555)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/storybet138v3.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"wahanastory.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695555/; classtype:trojan-activity;sid:84558655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695554)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.226.121.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695554/; classtype:trojan-activity;sid:84558654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695552)"; flow:established,from_client; content:"GET"; http_method; content:"/ligolo-agent.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"64.226.121.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695552/; classtype:trojan-activity;sid:84558652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695553)"; flow:established,from_client; content:"GET"; http_method; content:"/no-more-spam.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"no-more-spam.app"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695553/; classtype:trojan-activity;sid:84558653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695550)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5851730241/fzcgcte.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695550/; classtype:trojan-activity;sid:84558650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695551)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%91%e6%b1%87%e5%9b%bd%e9%99%85.apk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"yhgj28.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695551/; classtype:trojan-activity;sid:84558651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695549)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"invitezoom.jcamargoseguros.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695549/; classtype:trojan-activity;sid:84558649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695546)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tiktoki-goolge.sbs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695546/; classtype:trojan-activity;sid:84558646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695547)"; flow:established,from_client; content:"GET"; http_method; content:"/youtubeultra.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ytultr.pro"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695547/; classtype:trojan-activity;sid:84558647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695548)"; flow:established,from_client; content:"GET"; http_method; content:"/kuailian.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kuailianpc1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695548/; classtype:trojan-activity;sid:84558648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695544)"; flow:established,from_client; content:"GET"; http_method; content:"/m/downloads/download.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"eyangjitu.live"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695544/; classtype:trojan-activity;sid:84558644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695545)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tikitok-goolges.sbs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695545/; classtype:trojan-activity;sid:84558645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695542)"; flow:established,from_client; content:"GET"; http_method; content:"/chisel.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.226.121.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695542/; classtype:trojan-activity;sid:84558642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695543)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tikpremplaymarktuzb.sbs"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695543/; classtype:trojan-activity;sid:84558643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695541)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/c0jqmppolpzk0yzcnljpegact-nph920lo277x9ketuhuxywu7ilzvnvs1ozmiovosgdzeir3xlxjbshcew7qkrsepnw8o7jxvypdnvollvwnwqlk_z2xydrkrckskdokfzrsqxk9koqfzwewoea5mu9/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"uc32a2c6a2a0920e8b603a8d5c36.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695541/; classtype:trojan-activity;sid:84558641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.222.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695540/; classtype:trojan-activity;sid:84558640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.54.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695539/; classtype:trojan-activity;sid:84558639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.15.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695538/; classtype:trojan-activity;sid:84558638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.29.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695537/; classtype:trojan-activity;sid:84558637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.67.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695536/; classtype:trojan-activity;sid:84558636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.32.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695535/; classtype:trojan-activity;sid:84558635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.33.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695534/; classtype:trojan-activity;sid:84558634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.54.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695533/; classtype:trojan-activity;sid:84558633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695532)"; flow:established,from_client; content:"GET"; http_method; content:"/kla.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695532/; classtype:trojan-activity;sid:84558632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695531)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695531/; classtype:trojan-activity;sid:84558631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695530/; classtype:trojan-activity;sid:84558630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695529)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695529/; classtype:trojan-activity;sid:84558629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695526)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695526/; classtype:trojan-activity;sid:84558626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695527)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695527/; classtype:trojan-activity;sid:84558627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695528)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695528/; classtype:trojan-activity;sid:84558628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.221.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695525/; classtype:trojan-activity;sid:84558625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.15.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695524/; classtype:trojan-activity;sid:84558624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.152.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695523/; classtype:trojan-activity;sid:84558623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695521)"; flow:established,from_client; content:"GET"; http_method; content:"/0x83911d24fx.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695521/; classtype:trojan-activity;sid:84558621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695522)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695522/; classtype:trojan-activity;sid:84558622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.176.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695520/; classtype:trojan-activity;sid:84558620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.152.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695519/; classtype:trojan-activity;sid:84558619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.137.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695518/; classtype:trojan-activity;sid:84558618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.67.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695517/; classtype:trojan-activity;sid:84558617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695516)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695516/; classtype:trojan-activity;sid:84558616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695514)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695514/; classtype:trojan-activity;sid:84558614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695515)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695515/; classtype:trojan-activity;sid:84558615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695504)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695504/; classtype:trojan-activity;sid:84558604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695505)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695505/; classtype:trojan-activity;sid:84558605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695506)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695506/; classtype:trojan-activity;sid:84558606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695507)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695507/; classtype:trojan-activity;sid:84558607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695508)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695508/; classtype:trojan-activity;sid:84558608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695509)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695509/; classtype:trojan-activity;sid:84558609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695510)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695510/; classtype:trojan-activity;sid:84558610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695511)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695511/; classtype:trojan-activity;sid:84558611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695512)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695512/; classtype:trojan-activity;sid:84558612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695513)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695513/; classtype:trojan-activity;sid:84558613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695503)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.113.227.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695503/; classtype:trojan-activity;sid:84558603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.20.56"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695502/; classtype:trojan-activity;sid:84558602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.15.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695501/; classtype:trojan-activity;sid:84558601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.247.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695500/; classtype:trojan-activity;sid:84558600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.221.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695499/; classtype:trojan-activity;sid:84558599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.36.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695498/; classtype:trojan-activity;sid:84558598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.152.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695497/; classtype:trojan-activity;sid:84558597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.49.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695496/; classtype:trojan-activity;sid:84558596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695495)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.mips"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695495/; classtype:trojan-activity;sid:84558595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695493)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.i686"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695493/; classtype:trojan-activity;sid:84558593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695494)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.arm"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695494/; classtype:trojan-activity;sid:84558594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695481)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.x86_64"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695481/; classtype:trojan-activity;sid:84558581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695482)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.x86"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695482/; classtype:trojan-activity;sid:84558582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695483)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.i486"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695483/; classtype:trojan-activity;sid:84558583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695484)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.arm6"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695484/; classtype:trojan-activity;sid:84558584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695485)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.arm7"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695485/; classtype:trojan-activity;sid:84558585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695486)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.ppc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695486/; classtype:trojan-activity;sid:84558586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695487)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.arc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695487/; classtype:trojan-activity;sid:84558587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695488)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.arm5"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695488/; classtype:trojan-activity;sid:84558588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695489)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.mpsl"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695489/; classtype:trojan-activity;sid:84558589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695490)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.m68k"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695490/; classtype:trojan-activity;sid:84558590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695491)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.spc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695491/; classtype:trojan-activity;sid:84558591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695492)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.sh4"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695492/; classtype:trojan-activity;sid:84558592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.85.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695480/; classtype:trojan-activity;sid:84558580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.248.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695479/; classtype:trojan-activity;sid:84558579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.15.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695478/; classtype:trojan-activity;sid:84558578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695477/; classtype:trojan-activity;sid:84558577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.49.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695476/; classtype:trojan-activity;sid:84558576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.225.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695475/; classtype:trojan-activity;sid:84558575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695474/; classtype:trojan-activity;sid:84558574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.85.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695473/; classtype:trojan-activity;sid:84558573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.118.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695472/; classtype:trojan-activity;sid:84558572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.156.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695471/; classtype:trojan-activity;sid:84558571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.41.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695470/; classtype:trojan-activity;sid:84558570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.69.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695469/; classtype:trojan-activity;sid:84558569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.73.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695468/; classtype:trojan-activity;sid:84558568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.118.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695467/; classtype:trojan-activity;sid:84558567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.233.147.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695466/; classtype:trojan-activity;sid:84558566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.155.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695465/; classtype:trojan-activity;sid:84558565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.14.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695464/; classtype:trojan-activity;sid:84558564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.41.213.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695463/; classtype:trojan-activity;sid:84558563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.41.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695462/; classtype:trojan-activity;sid:84558562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.156.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695461/; classtype:trojan-activity;sid:84558561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.13.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695460/; classtype:trojan-activity;sid:84558560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.233.147.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695459/; classtype:trojan-activity;sid:84558559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.83.80.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695457/; classtype:trojan-activity;sid:84558557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.211.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695458/; classtype:trojan-activity;sid:84558558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.168.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695456/; classtype:trojan-activity;sid:84558556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.204.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695455/; classtype:trojan-activity;sid:84558555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.128.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695454/; classtype:trojan-activity;sid:84558554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695453/; classtype:trojan-activity;sid:84558553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.233.1.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695452/; classtype:trojan-activity;sid:84558552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.151.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695451/; classtype:trojan-activity;sid:84558551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.157.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695450/; classtype:trojan-activity;sid:84558550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.76.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695449/; classtype:trojan-activity;sid:84558549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695448)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"124.198.132.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695448/; classtype:trojan-activity;sid:84558548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.211.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695446/; classtype:trojan-activity;sid:84558546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.83.80.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695447/; classtype:trojan-activity;sid:84558547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.111.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695444/; classtype:trojan-activity;sid:84558544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.168.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695445/; classtype:trojan-activity;sid:84558545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.170.136.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695443/; classtype:trojan-activity;sid:84558543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.120.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695442/; classtype:trojan-activity;sid:84558542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.233.1.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695441/; classtype:trojan-activity;sid:84558541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.82.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695440/; classtype:trojan-activity;sid:84558540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695439/; classtype:trojan-activity;sid:84558539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.196.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695438/; classtype:trojan-activity;sid:84558538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.170.136.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695437/; classtype:trojan-activity;sid:84558537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.154.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695436/; classtype:trojan-activity;sid:84558536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.238.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695435/; classtype:trojan-activity;sid:84558535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.82.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695433/; classtype:trojan-activity;sid:84558533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.151.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695434/; classtype:trojan-activity;sid:84558534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.242.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695432/; classtype:trojan-activity;sid:84558532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.125.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695431/; classtype:trojan-activity;sid:84558531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.154.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695430/; classtype:trojan-activity;sid:84558530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.218.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695429/; classtype:trojan-activity;sid:84558529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.255.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695428/; classtype:trojan-activity;sid:84558528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.40.80.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695427/; classtype:trojan-activity;sid:84558527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.245.37.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695426/; classtype:trojan-activity;sid:84558526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.151.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695422/; classtype:trojan-activity;sid:84558522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.14.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695423/; classtype:trojan-activity;sid:84558523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.151.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695424/; classtype:trojan-activity;sid:84558524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.245.37.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695425/; classtype:trojan-activity;sid:84558525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.77.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695421/; classtype:trojan-activity;sid:84558521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.120.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695420/; classtype:trojan-activity;sid:84558520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.127.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695419/; classtype:trojan-activity;sid:84558519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.238.116.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695418/; classtype:trojan-activity;sid:84558518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.120.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695417/; classtype:trojan-activity;sid:84558517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.125.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695416/; classtype:trojan-activity;sid:84558516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695415)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695415/; classtype:trojan-activity;sid:84558515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695411)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695411/; classtype:trojan-activity;sid:84558511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695412)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695412/; classtype:trojan-activity;sid:84558512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695413)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695413/; classtype:trojan-activity;sid:84558513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695414)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695414/; classtype:trojan-activity;sid:84558514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.117.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695410/; classtype:trojan-activity;sid:84558510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695409/; classtype:trojan-activity;sid:84558509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.206.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695408/; classtype:trojan-activity;sid:84558508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.218.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695407/; classtype:trojan-activity;sid:84558507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.92.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695406/; classtype:trojan-activity;sid:84558506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.161.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695405/; classtype:trojan-activity;sid:84558505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.68.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695404/; classtype:trojan-activity;sid:84558504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.117.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695403/; classtype:trojan-activity;sid:84558503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695402)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2038862353/fghomcw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695402/; classtype:trojan-activity;sid:84558502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.148.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695401/; classtype:trojan-activity;sid:84558501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.68.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695399/; classtype:trojan-activity;sid:84558499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.117.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695400/; classtype:trojan-activity;sid:84558500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.66.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695398/; classtype:trojan-activity;sid:84558498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695395)"; flow:established,from_client; content:"GET"; http_method; content:"/mwah"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.33.23.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695395/; classtype:trojan-activity;sid:84558495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695396)"; flow:established,from_client; content:"GET"; http_method; content:"/mwah"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dd.nvms9000.su"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695396/; classtype:trojan-activity;sid:84558496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695397)"; flow:established,from_client; content:"GET"; http_method; content:"/pppoeb"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"149.33.23.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695397/; classtype:trojan-activity;sid:84558497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.148.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695394/; classtype:trojan-activity;sid:84558494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.21.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695393/; classtype:trojan-activity;sid:84558493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.66.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695392/; classtype:trojan-activity;sid:84558492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.68.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695391/; classtype:trojan-activity;sid:84558491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.17.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695390/; classtype:trojan-activity;sid:84558490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.127.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695387/; classtype:trojan-activity;sid:84558487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.141.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695388/; classtype:trojan-activity;sid:84558488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.61.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695389/; classtype:trojan-activity;sid:84558489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.181.192.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695386/; classtype:trojan-activity;sid:84558486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695385)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8134610967/qsgshxz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695385/; classtype:trojan-activity;sid:84558485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695382)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695382/; classtype:trojan-activity;sid:84558482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695383)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695383/; classtype:trojan-activity;sid:84558483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695384/; classtype:trojan-activity;sid:84558484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695376)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695376/; classtype:trojan-activity;sid:84558476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695377)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695377/; classtype:trojan-activity;sid:84558477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695378)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695378/; classtype:trojan-activity;sid:84558478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695379)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695379/; classtype:trojan-activity;sid:84558479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695380)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695380/; classtype:trojan-activity;sid:84558480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695381)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695381/; classtype:trojan-activity;sid:84558481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695373)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695373/; classtype:trojan-activity;sid:84558473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695374)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695374/; classtype:trojan-activity;sid:84558474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695375)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695375/; classtype:trojan-activity;sid:84558475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.17.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695371/; classtype:trojan-activity;sid:84558471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.68.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695372/; classtype:trojan-activity;sid:84558472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.6.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695370/; classtype:trojan-activity;sid:84558470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.127.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695369/; classtype:trojan-activity;sid:84558469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.181.192.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695368/; classtype:trojan-activity;sid:84558468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.223.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695367/; classtype:trojan-activity;sid:84558467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695366/; classtype:trojan-activity;sid:84558466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.149.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695365/; classtype:trojan-activity;sid:84558465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695363)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695363/; classtype:trojan-activity;sid:84558463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695364)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695364/; classtype:trojan-activity;sid:84558464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695362)"; flow:established,from_client; content:"GET"; http_method; content:"/b1ka1sdn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s9.l-ly.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695362/; classtype:trojan-activity;sid:84558462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695361)"; flow:established,from_client; content:"GET"; http_method; content:"/3iqz752gsu.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b.tyj-4b.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695361/; classtype:trojan-activity;sid:84558461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.152.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695360/; classtype:trojan-activity;sid:84558460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.248.83.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695359/; classtype:trojan-activity;sid:84558459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.123.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695358/; classtype:trojan-activity;sid:84558458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.173.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695357/; classtype:trojan-activity;sid:84558457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695132)"; flow:established,from_client; content:"GET"; http_method; content:"/446/fsfjjs903dsf8328sd3930f03303fsdsft233030g484030f309fdfg320400rtetdfg0xc3049gdf329dg20.hta"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"192.3.136.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695132/; classtype:trojan-activity;sid:84558232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695119)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.242.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695119/; classtype:trojan-activity;sid:84558219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.84.221.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695111/; classtype:trojan-activity;sid:84558211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.249.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695107/; classtype:trojan-activity;sid:84558207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.160.65.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695108/; classtype:trojan-activity;sid:84558208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.110.68.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695110/; classtype:trojan-activity;sid:84558210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.78.13.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695099/; classtype:trojan-activity;sid:84558199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.117.127.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695096/; classtype:trojan-activity;sid:84558196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695090)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"189.165.2.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695090/; classtype:trojan-activity;sid:84558190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695083)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.151.0.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695083/; classtype:trojan-activity;sid:84558183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695084)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.151.0.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695084/; classtype:trojan-activity;sid:84558184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695085)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.246.163.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695085/; classtype:trojan-activity;sid:84558185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695086)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"58.186.163.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695086/; classtype:trojan-activity;sid:84558186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695087)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.90.226"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695087/; classtype:trojan-activity;sid:84558187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695088)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.197.141.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695088/; classtype:trojan-activity;sid:84558188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695079)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.176.149.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695079/; classtype:trojan-activity;sid:84558179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695080)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.86.246.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695080/; classtype:trojan-activity;sid:84558180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695082)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.84.28.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695082/; classtype:trojan-activity;sid:84558182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.108.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695033/; classtype:trojan-activity;sid:84558133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.108.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695018/; classtype:trojan-activity;sid:84558118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694960/; classtype:trojan-activity;sid:84558060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.42.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694946/; classtype:trojan-activity;sid:84558046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694940)"; flow:established,from_client; content:"GET"; http_method; content:"/syschnu.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694940/; classtype:trojan-activity;sid:84558040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694835)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694835/; classtype:trojan-activity;sid:84557935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694822)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694822/; classtype:trojan-activity;sid:84557922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694823)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694823/; classtype:trojan-activity;sid:84557923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694824)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694824/; classtype:trojan-activity;sid:84557924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694825)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694825/; classtype:trojan-activity;sid:84557925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694826)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694826/; classtype:trojan-activity;sid:84557926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694827)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694827/; classtype:trojan-activity;sid:84557927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694828)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694828/; classtype:trojan-activity;sid:84557928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694829)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694829/; classtype:trojan-activity;sid:84557929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694830)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694830/; classtype:trojan-activity;sid:84557930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694831)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694831/; classtype:trojan-activity;sid:84557931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694832)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694832/; classtype:trojan-activity;sid:84557932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694833)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694833/; classtype:trojan-activity;sid:84557933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694783)"; flow:established,from_client; content:"GET"; http_method; content:"/ldplayer9_ld_407586_ld.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ldplaycn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694783/; classtype:trojan-activity;sid:84557883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694766/; classtype:trojan-activity;sid:84557866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694767)"; flow:established,from_client; content:"GET"; http_method; content:"/clipaid-pro.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"clipaid.app"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694767/; classtype:trojan-activity;sid:84557867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694762)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694762/; classtype:trojan-activity;sid:84557862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694763)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694763/; classtype:trojan-activity;sid:84557863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.174.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694606/; classtype:trojan-activity;sid:84557706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.254.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694600/; classtype:trojan-activity;sid:84557700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.254.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694599/; classtype:trojan-activity;sid:84557699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.174.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694598/; classtype:trojan-activity;sid:84557698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694534)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvarm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694534/; classtype:trojan-activity;sid:84557634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694528)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvm68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694528/; classtype:trojan-activity;sid:84557628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694529)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvspc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694529/; classtype:trojan-activity;sid:84557629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694530)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvx86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694530/; classtype:trojan-activity;sid:84557630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694531)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvarm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694531/; classtype:trojan-activity;sid:84557631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694532)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694532/; classtype:trojan-activity;sid:84557632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694525)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvmips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694525/; classtype:trojan-activity;sid:84557625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694513)"; flow:established,from_client; content:"GET"; http_method; content:"/ok"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694513/; classtype:trojan-activity;sid:84557613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694439)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7559408112/8rsl970.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694439/; classtype:trojan-activity;sid:84557539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694313)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694313/; classtype:trojan-activity;sid:84557413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694304)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694304/; classtype:trojan-activity;sid:84557404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694305)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694305/; classtype:trojan-activity;sid:84557405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694306)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694306/; classtype:trojan-activity;sid:84557406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694307)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694307/; classtype:trojan-activity;sid:84557407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694308)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694308/; classtype:trojan-activity;sid:84557408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694309)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694309/; classtype:trojan-activity;sid:84557409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694310)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694310/; classtype:trojan-activity;sid:84557410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694311)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694311/; classtype:trojan-activity;sid:84557411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694312)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694312/; classtype:trojan-activity;sid:84557412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694300)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694300/; classtype:trojan-activity;sid:84557400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694301)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694301/; classtype:trojan-activity;sid:84557401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694302)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694302/; classtype:trojan-activity;sid:84557402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694303)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694303/; classtype:trojan-activity;sid:84557403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694152)"; flow:established,from_client; content:"GET"; http_method; content:"/d/boss25617"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.119.139.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694152/; classtype:trojan-activity;sid:84557252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693979)"; flow:established,from_client; content:"GET"; http_method; content:"/xobi.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693979/; classtype:trojan-activity;sid:84557079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.229.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693878/; classtype:trojan-activity;sid:84556978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.229.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693853/; classtype:trojan-activity;sid:84556953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693727/; classtype:trojan-activity;sid:84556827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"67.214.245.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693553/; classtype:trojan-activity;sid:84556653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.151.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693552/; classtype:trojan-activity;sid:84556652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.151.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693531/; classtype:trojan-activity;sid:84556631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.158.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693497/; classtype:trojan-activity;sid:84556597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693496)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.92.110.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693496/; classtype:trojan-activity;sid:84556596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693492)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.246.163.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693492/; classtype:trojan-activity;sid:84556592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.176.149.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693493/; classtype:trojan-activity;sid:84556593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693333/; classtype:trojan-activity;sid:84556433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693302)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/fullbet138.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"warkopshopfb138.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693302/; classtype:trojan-activity;sid:84556402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693300)"; flow:established,from_client; content:"GET"; http_method; content:"/engelvoelkers.apk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"pelis25.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693300/; classtype:trojan-activity;sid:84556400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.134.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693288/; classtype:trojan-activity;sid:84556388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693218)"; flow:established,from_client; content:"GET"; http_method; content:"/software.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693218/; classtype:trojan-activity;sid:84556318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693020)"; flow:established,from_client; content:"GET"; http_method; content:"/144/sdf0xc9v0sd0fff0sd09d/ojo090iui0ewr0d0dfsd9f032iue0rt0ter0dfg0fdg0ert9eterfdg90dfgw9e0r.doc"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"192.3.136.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693020/; classtype:trojan-activity;sid:84556120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693018)"; flow:established,from_client; content:"GET"; http_method; content:"/144/ojo090iui0ewr0d0dfsd9f032iue0rt0ter0dfg0fdg0ert9eterfdg90dfgw9e0r.vbe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"192.3.136.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693018/; classtype:trojan-activity;sid:84556118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693019)"; flow:established,from_client; content:"GET"; http_method; content:"/144/ojo090iui0ewr0d0dfsd9f032iue0rt0ter0dfg0fdg0ert9eterfdg90dfgw9e0r.vbe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"192.3.136.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693019/; classtype:trojan-activity;sid:84556119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693017)"; flow:established,from_client; content:"GET"; http_method; content:"/144/sdf0xc9v0sd0fff0sd09d/ojo090iui0ewr0d0dfsd9f032iue0rt0ter0dfg0fdg0ert9eterfdg90dfgw9e0r.doc"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"192.3.136.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693017/; classtype:trojan-activity;sid:84556117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693004)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693004/; classtype:trojan-activity;sid:84556104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693005)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693005/; classtype:trojan-activity;sid:84556105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693006)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693006/; classtype:trojan-activity;sid:84556106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693007)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693007/; classtype:trojan-activity;sid:84556107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693008)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693008/; classtype:trojan-activity;sid:84556108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693009)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693009/; classtype:trojan-activity;sid:84556109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693010)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/spc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693010/; classtype:trojan-activity;sid:84556110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693011)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693011/; classtype:trojan-activity;sid:84556111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693012)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693012/; classtype:trojan-activity;sid:84556112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692994)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documents/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692994/; classtype:trojan-activity;sid:84556094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692987)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692987/; classtype:trojan-activity;sid:84556087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692988)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692988/; classtype:trojan-activity;sid:84556088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692989)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documents/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692989/; classtype:trojan-activity;sid:84556089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692990)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692990/; classtype:trojan-activity;sid:84556090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692991)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documents/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692991/; classtype:trojan-activity;sid:84556091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692983)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692983/; classtype:trojan-activity;sid:84556083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692977)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692977/; classtype:trojan-activity;sid:84556077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692978)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documents/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692978/; classtype:trojan-activity;sid:84556078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692979)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documents/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692979/; classtype:trojan-activity;sid:84556079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692981)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documents/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692981/; classtype:trojan-activity;sid:84556081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692982)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692982/; classtype:trojan-activity;sid:84556082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692952/; classtype:trojan-activity;sid:84556052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692875)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.215.85.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692875/; classtype:trojan-activity;sid:84555975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692856)"; flow:established,from_client; content:"GET"; http_method; content:"/l/walletconnectdevrestore.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cwwgg-p5wdxtar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692856/; classtype:trojan-activity;sid:84555956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.132.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692846/; classtype:trojan-activity;sid:84555946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692777)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.31agostomax4.dynuddns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692777/; classtype:trojan-activity;sid:84555877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692778)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.31agostomax4.dynuddns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692778/; classtype:trojan-activity;sid:84555878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692597/; classtype:trojan-activity;sid:84555697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.173.159.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692590/; classtype:trojan-activity;sid:84555690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692585/; classtype:trojan-activity;sid:84555685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.173.159.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692571/; classtype:trojan-activity;sid:84555671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.214.245.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3692261/; classtype:trojan-activity;sid:84555361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.225.1.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3692243/; classtype:trojan-activity;sid:84555343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692219)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3692219/; classtype:trojan-activity;sid:84555319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692204)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.104.228.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3692204/; classtype:trojan-activity;sid:84555304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3692102/; classtype:trojan-activity;sid:84555202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692021)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3692021/; classtype:trojan-activity;sid:84555121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691924)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.184.227.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691924/; classtype:trojan-activity;sid:84555024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691923)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.174.142.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691923/; classtype:trojan-activity;sid:84555023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691919)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.85.201.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691919/; classtype:trojan-activity;sid:84555019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.99.212.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691913/; classtype:trojan-activity;sid:84555013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.171.212.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691915/; classtype:trojan-activity;sid:84555015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691909)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.143.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691909/; classtype:trojan-activity;sid:84555009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691906)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.176.149.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691906/; classtype:trojan-activity;sid:84555006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.195.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691855/; classtype:trojan-activity;sid:84554955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.195.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691834/; classtype:trojan-activity;sid:84554934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691617/; classtype:trojan-activity;sid:84554717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691605/; classtype:trojan-activity;sid:84554705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.172.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691533/; classtype:trojan-activity;sid:84554633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.172.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691518/; classtype:trojan-activity;sid:84554618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691488)"; flow:established,from_client; content:"GET"; http_method; content:"/88/m0uuou00uyuy00u0u/o090njhjh89jjjhjhdgf545jnbmmnb0jkhhjkkh0jfhddsd49hhgbn98ds3ddswe3dgfgggf0nnmb80nmuhuh.doc"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"172.245.95.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691488/; classtype:trojan-activity;sid:84554588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691487)"; flow:established,from_client; content:"GET"; http_method; content:"/88/m0uuou00uyuy00u0u/o090njhjh89jjjhjhdgf545jnbmmnb0jkhhjkkh0jfhddsd49hhgbn98ds3ddswe3dgfgggf0nnmb80nmuhuh.doc"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"172.245.95.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691487/; classtype:trojan-activity;sid:84554587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691455)"; flow:established,from_client; content:"GET"; http_method; content:"/svchron.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691455/; classtype:trojan-activity;sid:84554555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691443)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.89.73.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691443/; classtype:trojan-activity;sid:84554543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691444)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691444/; classtype:trojan-activity;sid:84554544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691445)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.70.100.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691445/; classtype:trojan-activity;sid:84554545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691440)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.43.186.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691440/; classtype:trojan-activity;sid:84554540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691428)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.77.200.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691428/; classtype:trojan-activity;sid:84554528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691423)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.151.0.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691423/; classtype:trojan-activity;sid:84554523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691294/; classtype:trojan-activity;sid:84554394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691224/; classtype:trojan-activity;sid:84554324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691013)"; flow:established,from_client; content:"GET"; http_method; content:"/approve"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"144.31.90.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691013/; classtype:trojan-activity;sid:84554113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691003)"; flow:established,from_client; content:"GET"; http_method; content:"/obfdownload2/task.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.172.80.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691003/; classtype:trojan-activity;sid:84554103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690764/; classtype:trojan-activity;sid:84553864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690721)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.198.49.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690721/; classtype:trojan-activity;sid:84553821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690719)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.162.117.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690719/; classtype:trojan-activity;sid:84553819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690716)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"136.115.102.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690716/; classtype:trojan-activity;sid:84553816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.2.93.67"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690711/; classtype:trojan-activity;sid:84553811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.171.7.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690696/; classtype:trojan-activity;sid:84553796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690700)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.164.188.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690700/; classtype:trojan-activity;sid:84553800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.87.37.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690703/; classtype:trojan-activity;sid:84553803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690688)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"161.97.108.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690688/; classtype:trojan-activity;sid:84553788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690667)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/bof.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"polimakels.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690667/; classtype:trojan-activity;sid:84553767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690666)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"polimakels.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690666/; classtype:trojan-activity;sid:84553766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690616)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/theme-compat/toters.vbs"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"arhitectpitesti.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690616/; classtype:trojan-activity;sid:84553716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690476/; classtype:trojan-activity;sid:84553576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690469/; classtype:trojan-activity;sid:84553569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690296)"; flow:established,from_client; content:"GET"; http_method; content:"/mbjdf8dsh/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"23.94.145.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690296/; classtype:trojan-activity;sid:84553396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690297)"; flow:established,from_client; content:"GET"; http_method; content:"/mbjdf8dsh/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"23.94.145.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690297/; classtype:trojan-activity;sid:84553397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690298)"; flow:established,from_client; content:"GET"; http_method; content:"/mbjdf8dsh/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"23.94.145.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690298/; classtype:trojan-activity;sid:84553398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690293)"; flow:established,from_client; content:"GET"; http_method; content:"/mbjdf8dsh/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"23.94.145.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690293/; classtype:trojan-activity;sid:84553393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690295)"; flow:established,from_client; content:"GET"; http_method; content:"/mbjdf8dsh/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"23.94.145.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690295/; classtype:trojan-activity;sid:84553395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690174)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690174/; classtype:trojan-activity;sid:84553274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690175)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690175/; classtype:trojan-activity;sid:84553275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690172)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690172/; classtype:trojan-activity;sid:84553272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690139)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/athena777.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"athena777.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690139/; classtype:trojan-activity;sid:84553239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690061/; classtype:trojan-activity;sid:84553161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689738)"; flow:established,from_client; content:"GET"; http_method; content:"/website/apk/kalyanmatka.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"kalyanmatka.world"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689738/; classtype:trojan-activity;sid:84552838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689726)"; flow:established,from_client; content:"GET"; http_method; content:"/rh_0.9.3.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689726/; classtype:trojan-activity;sid:84552826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689713)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689713/; classtype:trojan-activity;sid:84552813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.15.112.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689698/; classtype:trojan-activity;sid:84552798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689700)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.197.62.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689700/; classtype:trojan-activity;sid:84552800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.45.96.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689683/; classtype:trojan-activity;sid:84552783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.45.96.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689673/; classtype:trojan-activity;sid:84552773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.117.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689656/; classtype:trojan-activity;sid:84552756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.68.52.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689578/; classtype:trojan-activity;sid:84552678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.68.52.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689561/; classtype:trojan-activity;sid:84552661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689479/; classtype:trojan-activity;sid:84552579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689350)"; flow:established,from_client; content:"GET"; http_method; content:"/dfdsvc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689350/; classtype:trojan-activity;sid:84552450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689344)"; flow:established,from_client; content:"GET"; http_method; content:"/d/boss67971"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.119.139.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689344/; classtype:trojan-activity;sid:84552444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689345)"; flow:established,from_client; content:"GET"; http_method; content:"/stealc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689345/; classtype:trojan-activity;sid:84552445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689346)"; flow:established,from_client; content:"GET"; http_method; content:"/xiobv.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689346/; classtype:trojan-activity;sid:84552446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689227)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"downloader.nvms9000.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689227/; classtype:trojan-activity;sid:84552327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689228)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"downloader.nvms9000.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689228/; classtype:trojan-activity;sid:84552328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.209.207.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689214/; classtype:trojan-activity;sid:84552314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.209.207.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689201/; classtype:trojan-activity;sid:84552301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"68.168.144.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3689156/; classtype:trojan-activity;sid:84552256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.24.176.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3689034/; classtype:trojan-activity;sid:84552134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.24.176.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3689021/; classtype:trojan-activity;sid:84552121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689016)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.178.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3689016/; classtype:trojan-activity;sid:84552116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688995)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.171.49.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688995/; classtype:trojan-activity;sid:84552095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688996)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.234.173.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688996/; classtype:trojan-activity;sid:84552096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688997)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.171.7.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688997/; classtype:trojan-activity;sid:84552097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688999)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"153.174.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688999/; classtype:trojan-activity;sid:84552099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688941)"; flow:established,from_client; content:"GET"; http_method; content:"/limi/abounding_proposal.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"tajalrayhan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688941/; classtype:trojan-activity;sid:84552041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688936)"; flow:established,from_client; content:"GET"; http_method; content:"/20250804.7z"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"access.dragongolf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688936/; classtype:trojan-activity;sid:84552036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688820)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688820/; classtype:trojan-activity;sid:84551920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688819)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688819/; classtype:trojan-activity;sid:84551919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688818)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688818/; classtype:trojan-activity;sid:84551918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688817)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688817/; classtype:trojan-activity;sid:84551917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688815)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688815/; classtype:trojan-activity;sid:84551915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688813)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688813/; classtype:trojan-activity;sid:84551913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688791)"; flow:established,from_client; content:"GET"; http_method; content:"/10.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688791/; classtype:trojan-activity;sid:84551891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688726)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688726/; classtype:trojan-activity;sid:84551826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688720)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688720/; classtype:trojan-activity;sid:84551820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688722)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688722/; classtype:trojan-activity;sid:84551822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688723)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688723/; classtype:trojan-activity;sid:84551823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688724)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688724/; classtype:trojan-activity;sid:84551824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688725)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688725/; classtype:trojan-activity;sid:84551825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688716)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688716/; classtype:trojan-activity;sid:84551816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688692)"; flow:established,from_client; content:"GET"; http_method; content:"/xmr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688692/; classtype:trojan-activity;sid:84551792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688691)"; flow:established,from_client; content:"GET"; http_method; content:"/v.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688691/; classtype:trojan-activity;sid:84551791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688690)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688690/; classtype:trojan-activity;sid:84551790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.166.85.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688689/; classtype:trojan-activity;sid:84551789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688659)"; flow:established,from_client; content:"GET"; http_method; content:"/32.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688659/; classtype:trojan-activity;sid:84551759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688580)"; flow:established,from_client; content:"GET"; http_method; content:"/zocp.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688580/; classtype:trojan-activity;sid:84551680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688498)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688498/; classtype:trojan-activity;sid:84551598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688499)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688499/; classtype:trojan-activity;sid:84551599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688500/; classtype:trojan-activity;sid:84551600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688501)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688501/; classtype:trojan-activity;sid:84551601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688225)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.ppc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688225/; classtype:trojan-activity;sid:84551325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688226)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.spc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688226/; classtype:trojan-activity;sid:84551326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688227)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.sh4"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688227/; classtype:trojan-activity;sid:84551327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688228)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688228/; classtype:trojan-activity;sid:84551328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688229)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm6"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688229/; classtype:trojan-activity;sid:84551329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688214)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688214/; classtype:trojan-activity;sid:84551314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688215)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.mpsl"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688215/; classtype:trojan-activity;sid:84551315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688216)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688216/; classtype:trojan-activity;sid:84551316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688217)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688217/; classtype:trojan-activity;sid:84551317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688218)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.x86"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688218/; classtype:trojan-activity;sid:84551318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688219)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm7"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688219/; classtype:trojan-activity;sid:84551319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688220)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688220/; classtype:trojan-activity;sid:84551320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688222)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.x86_64"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688222/; classtype:trojan-activity;sid:84551322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688223)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm5"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688223/; classtype:trojan-activity;sid:84551323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.85.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688178/; classtype:trojan-activity;sid:84551278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.184.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688160/; classtype:trojan-activity;sid:84551260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688131)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.195.236.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688131/; classtype:trojan-activity;sid:84551231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.78.212.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688129/; classtype:trojan-activity;sid:84551229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.79.244.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688123/; classtype:trojan-activity;sid:84551223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.117.211.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688124/; classtype:trojan-activity;sid:84551224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688118)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.254.164.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688118/; classtype:trojan-activity;sid:84551218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688113)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.235.204.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688113/; classtype:trojan-activity;sid:84551213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687923)"; flow:established,from_client; content:"GET"; http_method; content:"/gaagu0ehwesj9ia5lhlz4puhckc2bnov/1boi0txtjjwgzs1bzlecvjpguwqpye3k.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"178.16.52.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687923/; classtype:trojan-activity;sid:84551023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687921)"; flow:established,from_client; content:"GET"; http_method; content:"/gaagu0ehwesj9ia5lhlz4puhckc2bnov/8gvk01wwwxhhto7bj1pwbajm8yonuuqf.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"178.16.52.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687921/; classtype:trojan-activity;sid:84551021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687916)"; flow:established,from_client; content:"GET"; http_method; content:"/y6m2uw0dgi.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"filerit.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687916/; classtype:trojan-activity;sid:84551016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687914)"; flow:established,from_client; content:"GET"; http_method; content:"/4aa9fqc792.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pub-bfc34934a91a4893817098f73415917a.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687914/; classtype:trojan-activity;sid:84551014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.83.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687804/; classtype:trojan-activity;sid:84550904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687753)"; flow:established,from_client; content:"GET"; http_method; content:"/zibll001/ffff/refs/heads/main/web.sh"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687753/; classtype:trojan-activity;sid:84550853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687752)"; flow:established,from_client; content:"GET"; http_method; content:"/clipper.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687752/; classtype:trojan-activity;sid:84550852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.68.110.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687326/; classtype:trojan-activity;sid:84550426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687314)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.79.60.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687314/; classtype:trojan-activity;sid:84550414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.214.63.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687316/; classtype:trojan-activity;sid:84550416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.68.110.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687294/; classtype:trojan-activity;sid:84550394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687171)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique3/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687171/; classtype:trojan-activity;sid:84550271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.53.25.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687127/; classtype:trojan-activity;sid:84550227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687060)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687060/; classtype:trojan-activity;sid:84550160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687045)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687045/; classtype:trojan-activity;sid:84550145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687046)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687046/; classtype:trojan-activity;sid:84550146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687038)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687038/; classtype:trojan-activity;sid:84550138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687039)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687039/; classtype:trojan-activity;sid:84550139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687040)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687040/; classtype:trojan-activity;sid:84550140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687042)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687042/; classtype:trojan-activity;sid:84550142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687043)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687043/; classtype:trojan-activity;sid:84550143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687044)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687044/; classtype:trojan-activity;sid:84550144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687030)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687030/; classtype:trojan-activity;sid:84550130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687031)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687031/; classtype:trojan-activity;sid:84550131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687032)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687032/; classtype:trojan-activity;sid:84550132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687034)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687034/; classtype:trojan-activity;sid:84550134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687035)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687035/; classtype:trojan-activity;sid:84550135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687036)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687036/; classtype:trojan-activity;sid:84550136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687037)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687037/; classtype:trojan-activity;sid:84550137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687029)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687029/; classtype:trojan-activity;sid:84550129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687019)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687019/; classtype:trojan-activity;sid:84550119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687020)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687020/; classtype:trojan-activity;sid:84550120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687021)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687021/; classtype:trojan-activity;sid:84550121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687022)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687022/; classtype:trojan-activity;sid:84550122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687023)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687023/; classtype:trojan-activity;sid:84550123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687024)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687024/; classtype:trojan-activity;sid:84550124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687025)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687025/; classtype:trojan-activity;sid:84550125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687026)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687026/; classtype:trojan-activity;sid:84550126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687028)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687028/; classtype:trojan-activity;sid:84550128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687016)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687016/; classtype:trojan-activity;sid:84550116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687017)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687017/; classtype:trojan-activity;sid:84550117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687018)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687018/; classtype:trojan-activity;sid:84550118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687015)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687015/; classtype:trojan-activity;sid:84550115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687014)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687014/; classtype:trojan-activity;sid:84550114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687010)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687010/; classtype:trojan-activity;sid:84550110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687011)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687011/; classtype:trojan-activity;sid:84550111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687012)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687012/; classtype:trojan-activity;sid:84550112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686998)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686998/; classtype:trojan-activity;sid:84550098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687001)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687001/; classtype:trojan-activity;sid:84550101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687003)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687003/; classtype:trojan-activity;sid:84550103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686993)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686993/; classtype:trojan-activity;sid:84550093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686982)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686982/; classtype:trojan-activity;sid:84550082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686973)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686973/; classtype:trojan-activity;sid:84550073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686975)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686975/; classtype:trojan-activity;sid:84550075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686976)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686976/; classtype:trojan-activity;sid:84550076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686978)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686978/; classtype:trojan-activity;sid:84550078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686963)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686963/; classtype:trojan-activity;sid:84550063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686964)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686964/; classtype:trojan-activity;sid:84550064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686966)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686966/; classtype:trojan-activity;sid:84550066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686959)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686959/; classtype:trojan-activity;sid:84550059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686962)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686962/; classtype:trojan-activity;sid:84550062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686949)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686949/; classtype:trojan-activity;sid:84550049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686945)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686945/; classtype:trojan-activity;sid:84550045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686942)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686942/; classtype:trojan-activity;sid:84550042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686940)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686940/; classtype:trojan-activity;sid:84550040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686941)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686941/; classtype:trojan-activity;sid:84550041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686931)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686931/; classtype:trojan-activity;sid:84550031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686932)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686932/; classtype:trojan-activity;sid:84550032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686933)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686933/; classtype:trojan-activity;sid:84550033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686934)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686934/; classtype:trojan-activity;sid:84550034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686935)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686935/; classtype:trojan-activity;sid:84550035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686936)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686936/; classtype:trojan-activity;sid:84550036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686937)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686937/; classtype:trojan-activity;sid:84550037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686939)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686939/; classtype:trojan-activity;sid:84550039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686928)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686928/; classtype:trojan-activity;sid:84550028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686927)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686927/; classtype:trojan-activity;sid:84550027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686917)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686917/; classtype:trojan-activity;sid:84550017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686919)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686919/; classtype:trojan-activity;sid:84550019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686921)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686921/; classtype:trojan-activity;sid:84550021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686922)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686922/; classtype:trojan-activity;sid:84550022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686923)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686923/; classtype:trojan-activity;sid:84550023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686924)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686924/; classtype:trojan-activity;sid:84550024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686925)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686925/; classtype:trojan-activity;sid:84550025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686926)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686926/; classtype:trojan-activity;sid:84550026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686897)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686897/; classtype:trojan-activity;sid:84549997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686898)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686898/; classtype:trojan-activity;sid:84549998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686899)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686899/; classtype:trojan-activity;sid:84549999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686900)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686900/; classtype:trojan-activity;sid:84550000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686901)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686901/; classtype:trojan-activity;sid:84550001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686902)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686902/; classtype:trojan-activity;sid:84550002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686904)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686904/; classtype:trojan-activity;sid:84550004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686906)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686906/; classtype:trojan-activity;sid:84550006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686909)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686909/; classtype:trojan-activity;sid:84550009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686910)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686910/; classtype:trojan-activity;sid:84550010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686912)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686912/; classtype:trojan-activity;sid:84550012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686913)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686913/; classtype:trojan-activity;sid:84550013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686914)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686914/; classtype:trojan-activity;sid:84550014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686915)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686915/; classtype:trojan-activity;sid:84550015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686896)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686896/; classtype:trojan-activity;sid:84549996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686895)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686895/; classtype:trojan-activity;sid:84549995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686893)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686893/; classtype:trojan-activity;sid:84549993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686890)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686890/; classtype:trojan-activity;sid:84549990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686891)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686891/; classtype:trojan-activity;sid:84549991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686892)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686892/; classtype:trojan-activity;sid:84549992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686889)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686889/; classtype:trojan-activity;sid:84549989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686877)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686877/; classtype:trojan-activity;sid:84549977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686872)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686872/; classtype:trojan-activity;sid:84549972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686873)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686873/; classtype:trojan-activity;sid:84549973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686874)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686874/; classtype:trojan-activity;sid:84549974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686875)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686875/; classtype:trojan-activity;sid:84549975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686876)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686876/; classtype:trojan-activity;sid:84549976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686868)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686868/; classtype:trojan-activity;sid:84549968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686861)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686861/; classtype:trojan-activity;sid:84549961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686862)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686862/; classtype:trojan-activity;sid:84549962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686865)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686865/; classtype:trojan-activity;sid:84549965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686866)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686866/; classtype:trojan-activity;sid:84549966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686867)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686867/; classtype:trojan-activity;sid:84549967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686857)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686857/; classtype:trojan-activity;sid:84549957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686858)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686858/; classtype:trojan-activity;sid:84549958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686859)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686859/; classtype:trojan-activity;sid:84549959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686860)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686860/; classtype:trojan-activity;sid:84549960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686846)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686846/; classtype:trojan-activity;sid:84549946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686847)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686847/; classtype:trojan-activity;sid:84549947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686848)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686848/; classtype:trojan-activity;sid:84549948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686849)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686849/; classtype:trojan-activity;sid:84549949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686850)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686850/; classtype:trojan-activity;sid:84549950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686851)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686851/; classtype:trojan-activity;sid:84549951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686852)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686852/; classtype:trojan-activity;sid:84549952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686853)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686853/; classtype:trojan-activity;sid:84549953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686854)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686854/; classtype:trojan-activity;sid:84549954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686855)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686855/; classtype:trojan-activity;sid:84549955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686856)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686856/; classtype:trojan-activity;sid:84549956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686842)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686842/; classtype:trojan-activity;sid:84549942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686843)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686843/; classtype:trojan-activity;sid:84549943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686844)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686844/; classtype:trojan-activity;sid:84549944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686845)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686845/; classtype:trojan-activity;sid:84549945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686840)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686840/; classtype:trojan-activity;sid:84549940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686841)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686841/; classtype:trojan-activity;sid:84549941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686829)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686829/; classtype:trojan-activity;sid:84549929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686830)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686830/; classtype:trojan-activity;sid:84549930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686831)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686831/; classtype:trojan-activity;sid:84549931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686832)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686832/; classtype:trojan-activity;sid:84549932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686833)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686833/; classtype:trojan-activity;sid:84549933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686834)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686834/; classtype:trojan-activity;sid:84549934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686835)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686835/; classtype:trojan-activity;sid:84549935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686836)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686836/; classtype:trojan-activity;sid:84549936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686837)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686837/; classtype:trojan-activity;sid:84549937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686838)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686838/; classtype:trojan-activity;sid:84549938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686839)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686839/; classtype:trojan-activity;sid:84549939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686814)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686814/; classtype:trojan-activity;sid:84549914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686815)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686815/; classtype:trojan-activity;sid:84549915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686816)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686816/; classtype:trojan-activity;sid:84549916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686817)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686817/; classtype:trojan-activity;sid:84549917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686818)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686818/; classtype:trojan-activity;sid:84549918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686819)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686819/; classtype:trojan-activity;sid:84549919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686820)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686820/; classtype:trojan-activity;sid:84549920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686821)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686821/; classtype:trojan-activity;sid:84549921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686822)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686822/; classtype:trojan-activity;sid:84549922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686823)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686823/; classtype:trojan-activity;sid:84549923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686824)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686824/; classtype:trojan-activity;sid:84549924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686825)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686825/; classtype:trojan-activity;sid:84549925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686826)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686826/; classtype:trojan-activity;sid:84549926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686827)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686827/; classtype:trojan-activity;sid:84549927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686828)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686828/; classtype:trojan-activity;sid:84549928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686813)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686813/; classtype:trojan-activity;sid:84549913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686810)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686810/; classtype:trojan-activity;sid:84549910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686811)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686811/; classtype:trojan-activity;sid:84549911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686812)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686812/; classtype:trojan-activity;sid:84549912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686806)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686806/; classtype:trojan-activity;sid:84549906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686807)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686807/; classtype:trojan-activity;sid:84549907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686808)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686808/; classtype:trojan-activity;sid:84549908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686809)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686809/; classtype:trojan-activity;sid:84549909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686802)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686802/; classtype:trojan-activity;sid:84549902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686803)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686803/; classtype:trojan-activity;sid:84549903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686804)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686804/; classtype:trojan-activity;sid:84549904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686805)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686805/; classtype:trojan-activity;sid:84549905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686795)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686795/; classtype:trojan-activity;sid:84549895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686789)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686789/; classtype:trojan-activity;sid:84549889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686791)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686791/; classtype:trojan-activity;sid:84549891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686792)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686792/; classtype:trojan-activity;sid:84549892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686793)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686793/; classtype:trojan-activity;sid:84549893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686794)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686794/; classtype:trojan-activity;sid:84549894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686787)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686787/; classtype:trojan-activity;sid:84549887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686780)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686780/; classtype:trojan-activity;sid:84549880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686781)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686781/; classtype:trojan-activity;sid:84549881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686782)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686782/; classtype:trojan-activity;sid:84549882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686784)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686784/; classtype:trojan-activity;sid:84549884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686785)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686785/; classtype:trojan-activity;sid:84549885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686778)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686778/; classtype:trojan-activity;sid:84549878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686776)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686776/; classtype:trojan-activity;sid:84549876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686772)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686772/; classtype:trojan-activity;sid:84549872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686773)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686773/; classtype:trojan-activity;sid:84549873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686774)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686774/; classtype:trojan-activity;sid:84549874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686770)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686770/; classtype:trojan-activity;sid:84549870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686739)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686739/; classtype:trojan-activity;sid:84549839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686740)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686740/; classtype:trojan-activity;sid:84549840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686741)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686741/; classtype:trojan-activity;sid:84549841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686742)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686742/; classtype:trojan-activity;sid:84549842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686745)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686745/; classtype:trojan-activity;sid:84549845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686746)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686746/; classtype:trojan-activity;sid:84549846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686748)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686748/; classtype:trojan-activity;sid:84549848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686749)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686749/; classtype:trojan-activity;sid:84549849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686750)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686750/; classtype:trojan-activity;sid:84549850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686751)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686751/; classtype:trojan-activity;sid:84549851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686752)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686752/; classtype:trojan-activity;sid:84549852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686753)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686753/; classtype:trojan-activity;sid:84549853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686756)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686756/; classtype:trojan-activity;sid:84549856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686757)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686757/; classtype:trojan-activity;sid:84549857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686758)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686758/; classtype:trojan-activity;sid:84549858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686759)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686759/; classtype:trojan-activity;sid:84549859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686760)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686760/; classtype:trojan-activity;sid:84549860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686761)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686761/; classtype:trojan-activity;sid:84549861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686762)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686762/; classtype:trojan-activity;sid:84549862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686765)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686765/; classtype:trojan-activity;sid:84549865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686767)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686767/; classtype:trojan-activity;sid:84549867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686768)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686768/; classtype:trojan-activity;sid:84549868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686738)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686738/; classtype:trojan-activity;sid:84549838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686737)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686737/; classtype:trojan-activity;sid:84549837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686732)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686732/; classtype:trojan-activity;sid:84549832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686730)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686730/; classtype:trojan-activity;sid:84549830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686731)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686731/; classtype:trojan-activity;sid:84549831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686726)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686726/; classtype:trojan-activity;sid:84549826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686727)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686727/; classtype:trojan-activity;sid:84549827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686728)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686728/; classtype:trojan-activity;sid:84549828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686718)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686718/; classtype:trojan-activity;sid:84549818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686719)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686719/; classtype:trojan-activity;sid:84549819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686720)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686720/; classtype:trojan-activity;sid:84549820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686721)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686721/; classtype:trojan-activity;sid:84549821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686722)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686722/; classtype:trojan-activity;sid:84549822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686723)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686723/; classtype:trojan-activity;sid:84549823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686724)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686724/; classtype:trojan-activity;sid:84549824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686725)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686725/; classtype:trojan-activity;sid:84549825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686717)"; flow:established,from_client; content:"GET"; http_method; content:"/nonrendition.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"162.241.70.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686717/; classtype:trojan-activity;sid:84549817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.53.25.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686574/; classtype:trojan-activity;sid:84549674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.167.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686568/; classtype:trojan-activity;sid:84549668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686397/; classtype:trojan-activity;sid:84549497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686380)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.uhavenobotsxd"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686380/; classtype:trojan-activity;sid:84549480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686381)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.uhavenobotsxd"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686381/; classtype:trojan-activity;sid:84549481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686382)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.uhavenobotsxd"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686382/; classtype:trojan-activity;sid:84549482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686383)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.uhavenobotsxd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686383/; classtype:trojan-activity;sid:84549483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686384)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.uhavenobotsxd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686384/; classtype:trojan-activity;sid:84549484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686385)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.uhavenobotsxd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686385/; classtype:trojan-activity;sid:84549485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686386)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.uhavenobotsxd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686386/; classtype:trojan-activity;sid:84549486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686326)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.20.93.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686326/; classtype:trojan-activity;sid:84549426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.166.85.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686286/; classtype:trojan-activity;sid:84549386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686281/; classtype:trojan-activity;sid:84549381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.35.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686277/; classtype:trojan-activity;sid:84549377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686254)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686254/; classtype:trojan-activity;sid:84549354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686248)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686248/; classtype:trojan-activity;sid:84549348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686249)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686249/; classtype:trojan-activity;sid:84549349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686250)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686250/; classtype:trojan-activity;sid:84549350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686252)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686252/; classtype:trojan-activity;sid:84549352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686245)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686245/; classtype:trojan-activity;sid:84549345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686243)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686243/; classtype:trojan-activity;sid:84549343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686244)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686244/; classtype:trojan-activity;sid:84549344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686242)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686242/; classtype:trojan-activity;sid:84549342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686228)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686228/; classtype:trojan-activity;sid:84549328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686229)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686229/; classtype:trojan-activity;sid:84549329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686230)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686230/; classtype:trojan-activity;sid:84549330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686231)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686231/; classtype:trojan-activity;sid:84549331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686232)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686232/; classtype:trojan-activity;sid:84549332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686234)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686234/; classtype:trojan-activity;sid:84549334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686236)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686236/; classtype:trojan-activity;sid:84549336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686237)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686237/; classtype:trojan-activity;sid:84549337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686238)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686238/; classtype:trojan-activity;sid:84549338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686239)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686239/; classtype:trojan-activity;sid:84549339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686240)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686240/; classtype:trojan-activity;sid:84549340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686224)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686224/; classtype:trojan-activity;sid:84549324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686225)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686225/; classtype:trojan-activity;sid:84549325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686226)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686226/; classtype:trojan-activity;sid:84549326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686208)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686208/; classtype:trojan-activity;sid:84549308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686209)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686209/; classtype:trojan-activity;sid:84549309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686210)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686210/; classtype:trojan-activity;sid:84549310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686211)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686211/; classtype:trojan-activity;sid:84549311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686212)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686212/; classtype:trojan-activity;sid:84549312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686213)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686213/; classtype:trojan-activity;sid:84549313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686214)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686214/; classtype:trojan-activity;sid:84549314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686215)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686215/; classtype:trojan-activity;sid:84549315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686216)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686216/; classtype:trojan-activity;sid:84549316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686217)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686217/; classtype:trojan-activity;sid:84549317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686218)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686218/; classtype:trojan-activity;sid:84549318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686219)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686219/; classtype:trojan-activity;sid:84549319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686220)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686220/; classtype:trojan-activity;sid:84549320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686221)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686221/; classtype:trojan-activity;sid:84549321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686222)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686222/; classtype:trojan-activity;sid:84549322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686205)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686205/; classtype:trojan-activity;sid:84549305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686206)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686206/; classtype:trojan-activity;sid:84549306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686207)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686207/; classtype:trojan-activity;sid:84549307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686201)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686201/; classtype:trojan-activity;sid:84549301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686202)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686202/; classtype:trojan-activity;sid:84549302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686203)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686203/; classtype:trojan-activity;sid:84549303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686204)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686204/; classtype:trojan-activity;sid:84549304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686197)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686197/; classtype:trojan-activity;sid:84549297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686198)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686198/; classtype:trojan-activity;sid:84549298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686199)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686199/; classtype:trojan-activity;sid:84549299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686200)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686200/; classtype:trojan-activity;sid:84549300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686193)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686193/; classtype:trojan-activity;sid:84549293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686194)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686194/; classtype:trojan-activity;sid:84549294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686195)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686195/; classtype:trojan-activity;sid:84549295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686196)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686196/; classtype:trojan-activity;sid:84549296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686185)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686185/; classtype:trojan-activity;sid:84549285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686186)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686186/; classtype:trojan-activity;sid:84549286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686188)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686188/; classtype:trojan-activity;sid:84549288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686189)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686189/; classtype:trojan-activity;sid:84549289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686190)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686190/; classtype:trojan-activity;sid:84549290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686191)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686191/; classtype:trojan-activity;sid:84549291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686192)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686192/; classtype:trojan-activity;sid:84549292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686180)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686180/; classtype:trojan-activity;sid:84549280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686181)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686181/; classtype:trojan-activity;sid:84549281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686182)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686182/; classtype:trojan-activity;sid:84549282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686183)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686183/; classtype:trojan-activity;sid:84549283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686184)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686184/; classtype:trojan-activity;sid:84549284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686176)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686176/; classtype:trojan-activity;sid:84549276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686177)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686177/; classtype:trojan-activity;sid:84549277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686178)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686178/; classtype:trojan-activity;sid:84549278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686179)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686179/; classtype:trojan-activity;sid:84549279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686171)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686171/; classtype:trojan-activity;sid:84549271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686172)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686172/; classtype:trojan-activity;sid:84549272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686173)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686173/; classtype:trojan-activity;sid:84549273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686174)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686174/; classtype:trojan-activity;sid:84549274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686167)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686167/; classtype:trojan-activity;sid:84549267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686168)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686168/; classtype:trojan-activity;sid:84549268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686169)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686169/; classtype:trojan-activity;sid:84549269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686170)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686170/; classtype:trojan-activity;sid:84549270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686156)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686156/; classtype:trojan-activity;sid:84549256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686158)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686158/; classtype:trojan-activity;sid:84549258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686159)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686159/; classtype:trojan-activity;sid:84549259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686160)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686160/; classtype:trojan-activity;sid:84549260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686161)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686161/; classtype:trojan-activity;sid:84549261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686162)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686162/; classtype:trojan-activity;sid:84549262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686163)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686163/; classtype:trojan-activity;sid:84549263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686165)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686165/; classtype:trojan-activity;sid:84549265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686166)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686166/; classtype:trojan-activity;sid:84549266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686152)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686152/; classtype:trojan-activity;sid:84549252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686153)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686153/; classtype:trojan-activity;sid:84549253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686154)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686154/; classtype:trojan-activity;sid:84549254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686155)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686155/; classtype:trojan-activity;sid:84549255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686148)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686148/; classtype:trojan-activity;sid:84549248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686149)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686149/; classtype:trojan-activity;sid:84549249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686150)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686150/; classtype:trojan-activity;sid:84549250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686151)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686151/; classtype:trojan-activity;sid:84549251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686144)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686144/; classtype:trojan-activity;sid:84549244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686145)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686145/; classtype:trojan-activity;sid:84549245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686146)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686146/; classtype:trojan-activity;sid:84549246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686147)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686147/; classtype:trojan-activity;sid:84549247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686136)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686136/; classtype:trojan-activity;sid:84549236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686137)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686137/; classtype:trojan-activity;sid:84549237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686138)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686138/; classtype:trojan-activity;sid:84549238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686139)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686139/; classtype:trojan-activity;sid:84549239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686140)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686140/; classtype:trojan-activity;sid:84549240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686142)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686142/; classtype:trojan-activity;sid:84549242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686143)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686143/; classtype:trojan-activity;sid:84549243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686122)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686122/; classtype:trojan-activity;sid:84549222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686123)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686123/; classtype:trojan-activity;sid:84549223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686124)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686124/; classtype:trojan-activity;sid:84549224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686125)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686125/; classtype:trojan-activity;sid:84549225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686126)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686126/; classtype:trojan-activity;sid:84549226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686127)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686127/; classtype:trojan-activity;sid:84549227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686129)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686129/; classtype:trojan-activity;sid:84549229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686130)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686130/; classtype:trojan-activity;sid:84549230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686131)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686131/; classtype:trojan-activity;sid:84549231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686132)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686132/; classtype:trojan-activity;sid:84549232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686133)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686133/; classtype:trojan-activity;sid:84549233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686134)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686134/; classtype:trojan-activity;sid:84549234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686117)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686117/; classtype:trojan-activity;sid:84549217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686119)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686119/; classtype:trojan-activity;sid:84549219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686120)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686120/; classtype:trojan-activity;sid:84549220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686113)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686113/; classtype:trojan-activity;sid:84549213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686114)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686114/; classtype:trojan-activity;sid:84549214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686115)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686115/; classtype:trojan-activity;sid:84549215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686116)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686116/; classtype:trojan-activity;sid:84549216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686109)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686109/; classtype:trojan-activity;sid:84549209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686110)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686110/; classtype:trojan-activity;sid:84549210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686111)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686111/; classtype:trojan-activity;sid:84549211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686107)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686107/; classtype:trojan-activity;sid:84549207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686108)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686108/; classtype:trojan-activity;sid:84549208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686096)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686096/; classtype:trojan-activity;sid:84549196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686097)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686097/; classtype:trojan-activity;sid:84549197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686098)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686098/; classtype:trojan-activity;sid:84549198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686099)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686099/; classtype:trojan-activity;sid:84549199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686101)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686101/; classtype:trojan-activity;sid:84549201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686102)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686102/; classtype:trojan-activity;sid:84549202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686103)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686103/; classtype:trojan-activity;sid:84549203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686105)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686105/; classtype:trojan-activity;sid:84549205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686106)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686106/; classtype:trojan-activity;sid:84549206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686087)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686087/; classtype:trojan-activity;sid:84549187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686088)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686088/; classtype:trojan-activity;sid:84549188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686090)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686090/; classtype:trojan-activity;sid:84549190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686091)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686091/; classtype:trojan-activity;sid:84549191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686092)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686092/; classtype:trojan-activity;sid:84549192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686093)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686093/; classtype:trojan-activity;sid:84549193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686094)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686094/; classtype:trojan-activity;sid:84549194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686095)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686095/; classtype:trojan-activity;sid:84549195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686086)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686086/; classtype:trojan-activity;sid:84549186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686082)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686082/; classtype:trojan-activity;sid:84549182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686083)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686083/; classtype:trojan-activity;sid:84549183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686084)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686084/; classtype:trojan-activity;sid:84549184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686085)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686085/; classtype:trojan-activity;sid:84549185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686073)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686073/; classtype:trojan-activity;sid:84549173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686074)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686074/; classtype:trojan-activity;sid:84549174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686075)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686075/; classtype:trojan-activity;sid:84549175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686076)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686076/; classtype:trojan-activity;sid:84549176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686077)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686077/; classtype:trojan-activity;sid:84549177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686078)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686078/; classtype:trojan-activity;sid:84549178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686079)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686079/; classtype:trojan-activity;sid:84549179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686081)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686081/; classtype:trojan-activity;sid:84549181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686069)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686069/; classtype:trojan-activity;sid:84549169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686070)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686070/; classtype:trojan-activity;sid:84549170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686071)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686071/; classtype:trojan-activity;sid:84549171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686072)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686072/; classtype:trojan-activity;sid:84549172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686064)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686064/; classtype:trojan-activity;sid:84549164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686065)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686065/; classtype:trojan-activity;sid:84549165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686066)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686066/; classtype:trojan-activity;sid:84549166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686067)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686067/; classtype:trojan-activity;sid:84549167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686068)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686068/; classtype:trojan-activity;sid:84549168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686057)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686057/; classtype:trojan-activity;sid:84549157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686058)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686058/; classtype:trojan-activity;sid:84549158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686059)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686059/; classtype:trojan-activity;sid:84549159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686060)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686060/; classtype:trojan-activity;sid:84549160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686061)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686061/; classtype:trojan-activity;sid:84549161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686062)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686062/; classtype:trojan-activity;sid:84549162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686056)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686056/; classtype:trojan-activity;sid:84549156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686055)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686055/; classtype:trojan-activity;sid:84549155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686049)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686049/; classtype:trojan-activity;sid:84549149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686050)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686050/; classtype:trojan-activity;sid:84549150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686051)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686051/; classtype:trojan-activity;sid:84549151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686052)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686052/; classtype:trojan-activity;sid:84549152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686053)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686053/; classtype:trojan-activity;sid:84549153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686054)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686054/; classtype:trojan-activity;sid:84549154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686039)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686039/; classtype:trojan-activity;sid:84549139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686040)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686040/; classtype:trojan-activity;sid:84549140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686041)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686041/; classtype:trojan-activity;sid:84549141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686042)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686042/; classtype:trojan-activity;sid:84549142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686043)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686043/; classtype:trojan-activity;sid:84549143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686044)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686044/; classtype:trojan-activity;sid:84549144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686045)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686045/; classtype:trojan-activity;sid:84549145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686047)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686047/; classtype:trojan-activity;sid:84549147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686048)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686048/; classtype:trojan-activity;sid:84549148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686027)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686027/; classtype:trojan-activity;sid:84549127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686028)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686028/; classtype:trojan-activity;sid:84549128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686029)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686029/; classtype:trojan-activity;sid:84549129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686030)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686030/; classtype:trojan-activity;sid:84549130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686031)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686031/; classtype:trojan-activity;sid:84549131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686032)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686032/; classtype:trojan-activity;sid:84549132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686033)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686033/; classtype:trojan-activity;sid:84549133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686034)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686034/; classtype:trojan-activity;sid:84549134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686035)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686035/; classtype:trojan-activity;sid:84549135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686036)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686036/; classtype:trojan-activity;sid:84549136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686037)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686037/; classtype:trojan-activity;sid:84549137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686024)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686024/; classtype:trojan-activity;sid:84549124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686025)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686025/; classtype:trojan-activity;sid:84549125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686026)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686026/; classtype:trojan-activity;sid:84549126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686023)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686023/; classtype:trojan-activity;sid:84549123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686022)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686022/; classtype:trojan-activity;sid:84549122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686021)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686021/; classtype:trojan-activity;sid:84549121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686018)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686018/; classtype:trojan-activity;sid:84549118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686019)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686019/; classtype:trojan-activity;sid:84549119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686006)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686006/; classtype:trojan-activity;sid:84549106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686007)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686007/; classtype:trojan-activity;sid:84549107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686008)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686008/; classtype:trojan-activity;sid:84549108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686009)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686009/; classtype:trojan-activity;sid:84549109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686010)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686010/; classtype:trojan-activity;sid:84549110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686011)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686011/; classtype:trojan-activity;sid:84549111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686012)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686012/; classtype:trojan-activity;sid:84549112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686013)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686013/; classtype:trojan-activity;sid:84549113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686014)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686014/; classtype:trojan-activity;sid:84549114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686015)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686015/; classtype:trojan-activity;sid:84549115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686016)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686016/; classtype:trojan-activity;sid:84549116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685997)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685997/; classtype:trojan-activity;sid:84549097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685998)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685998/; classtype:trojan-activity;sid:84549098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685999)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685999/; classtype:trojan-activity;sid:84549099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686000)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686000/; classtype:trojan-activity;sid:84549100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686001)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686001/; classtype:trojan-activity;sid:84549101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686002)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686002/; classtype:trojan-activity;sid:84549102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686003)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686003/; classtype:trojan-activity;sid:84549103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686004)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686004/; classtype:trojan-activity;sid:84549104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686005)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686005/; classtype:trojan-activity;sid:84549105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685995)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685995/; classtype:trojan-activity;sid:84549095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685996)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685996/; classtype:trojan-activity;sid:84549096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685992)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685992/; classtype:trojan-activity;sid:84549092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685994)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685994/; classtype:trojan-activity;sid:84549094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685991)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685991/; classtype:trojan-activity;sid:84549091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685990)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685990/; classtype:trojan-activity;sid:84549090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685985)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685985/; classtype:trojan-activity;sid:84549085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685986)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685986/; classtype:trojan-activity;sid:84549086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685987)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685987/; classtype:trojan-activity;sid:84549087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685988)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685988/; classtype:trojan-activity;sid:84549088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685969)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685969/; classtype:trojan-activity;sid:84549069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685970)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685970/; classtype:trojan-activity;sid:84549070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685971)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685971/; classtype:trojan-activity;sid:84549071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685972)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685972/; classtype:trojan-activity;sid:84549072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685973)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685973/; classtype:trojan-activity;sid:84549073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685975)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685975/; classtype:trojan-activity;sid:84549075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685977)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685977/; classtype:trojan-activity;sid:84549077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685978)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685978/; classtype:trojan-activity;sid:84549078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685979)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685979/; classtype:trojan-activity;sid:84549079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685980)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685980/; classtype:trojan-activity;sid:84549080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685981)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685981/; classtype:trojan-activity;sid:84549081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685964)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685964/; classtype:trojan-activity;sid:84549064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685965)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685965/; classtype:trojan-activity;sid:84549065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685967)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685967/; classtype:trojan-activity;sid:84549067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685968)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685968/; classtype:trojan-activity;sid:84549068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685963)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685963/; classtype:trojan-activity;sid:84549063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685961)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685961/; classtype:trojan-activity;sid:84549061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685962)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685962/; classtype:trojan-activity;sid:84549062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685955)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685955/; classtype:trojan-activity;sid:84549055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685956)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685956/; classtype:trojan-activity;sid:84549056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685957)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685957/; classtype:trojan-activity;sid:84549057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685958)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685958/; classtype:trojan-activity;sid:84549058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685959)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685959/; classtype:trojan-activity;sid:84549059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685952)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685952/; classtype:trojan-activity;sid:84549052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685953)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685953/; classtype:trojan-activity;sid:84549053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685954)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685954/; classtype:trojan-activity;sid:84549054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685948)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685948/; classtype:trojan-activity;sid:84549048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685949)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685949/; classtype:trojan-activity;sid:84549049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685950)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685950/; classtype:trojan-activity;sid:84549050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685951)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685951/; classtype:trojan-activity;sid:84549051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685938)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685938/; classtype:trojan-activity;sid:84549038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685939)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685939/; classtype:trojan-activity;sid:84549039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685940)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685940/; classtype:trojan-activity;sid:84549040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685941)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685941/; classtype:trojan-activity;sid:84549041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685942)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685942/; classtype:trojan-activity;sid:84549042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685943)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685943/; classtype:trojan-activity;sid:84549043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685944)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685944/; classtype:trojan-activity;sid:84549044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685945)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685945/; classtype:trojan-activity;sid:84549045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685946)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685946/; classtype:trojan-activity;sid:84549046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685947)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685947/; classtype:trojan-activity;sid:84549047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685933)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685933/; classtype:trojan-activity;sid:84549033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685934)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685934/; classtype:trojan-activity;sid:84549034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685935)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685935/; classtype:trojan-activity;sid:84549035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685936)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685936/; classtype:trojan-activity;sid:84549036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685937)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685937/; classtype:trojan-activity;sid:84549037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685925)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685925/; classtype:trojan-activity;sid:84549025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685926)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685926/; classtype:trojan-activity;sid:84549026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685927)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685927/; classtype:trojan-activity;sid:84549027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685928)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685928/; classtype:trojan-activity;sid:84549028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685929)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685929/; classtype:trojan-activity;sid:84549029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685930)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685930/; classtype:trojan-activity;sid:84549030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685931)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685931/; classtype:trojan-activity;sid:84549031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685932)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685932/; classtype:trojan-activity;sid:84549032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685917)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685917/; classtype:trojan-activity;sid:84549017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685918)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685918/; classtype:trojan-activity;sid:84549018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685919)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685919/; classtype:trojan-activity;sid:84549019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685920)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685920/; classtype:trojan-activity;sid:84549020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685921)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685921/; classtype:trojan-activity;sid:84549021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685922)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685922/; classtype:trojan-activity;sid:84549022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685924)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685924/; classtype:trojan-activity;sid:84549024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685910)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685910/; classtype:trojan-activity;sid:84549010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685911)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685911/; classtype:trojan-activity;sid:84549011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685912)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685912/; classtype:trojan-activity;sid:84549012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685914)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685914/; classtype:trojan-activity;sid:84549014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685915)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685915/; classtype:trojan-activity;sid:84549015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685916)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685916/; classtype:trojan-activity;sid:84549016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685907)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685907/; classtype:trojan-activity;sid:84549007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685908)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685908/; classtype:trojan-activity;sid:84549008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685909)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685909/; classtype:trojan-activity;sid:84549009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685901)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685901/; classtype:trojan-activity;sid:84549001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685902)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685902/; classtype:trojan-activity;sid:84549002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685905)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685905/; classtype:trojan-activity;sid:84549005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685906)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685906/; classtype:trojan-activity;sid:84549006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685893)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685893/; classtype:trojan-activity;sid:84548993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685894)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685894/; classtype:trojan-activity;sid:84548994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685895)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685895/; classtype:trojan-activity;sid:84548995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685896)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685896/; classtype:trojan-activity;sid:84548996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685897)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685897/; classtype:trojan-activity;sid:84548997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685898)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685898/; classtype:trojan-activity;sid:84548998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685899)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685899/; classtype:trojan-activity;sid:84548999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685900)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685900/; classtype:trojan-activity;sid:84549000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685887)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685887/; classtype:trojan-activity;sid:84548987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685888)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685888/; classtype:trojan-activity;sid:84548988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685889)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685889/; classtype:trojan-activity;sid:84548989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685890)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685890/; classtype:trojan-activity;sid:84548990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685891)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685891/; classtype:trojan-activity;sid:84548991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685892)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685892/; classtype:trojan-activity;sid:84548992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685886)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685886/; classtype:trojan-activity;sid:84548986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685879)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685879/; classtype:trojan-activity;sid:84548979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685881)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685881/; classtype:trojan-activity;sid:84548981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685882)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685882/; classtype:trojan-activity;sid:84548982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685884)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685884/; classtype:trojan-activity;sid:84548984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685885)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685885/; classtype:trojan-activity;sid:84548985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685877)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685877/; classtype:trojan-activity;sid:84548977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685878)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685878/; classtype:trojan-activity;sid:84548978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685867)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685867/; classtype:trojan-activity;sid:84548967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685868)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685868/; classtype:trojan-activity;sid:84548968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685869)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685869/; classtype:trojan-activity;sid:84548969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685870)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685870/; classtype:trojan-activity;sid:84548970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685871)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685871/; classtype:trojan-activity;sid:84548971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685872)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685872/; classtype:trojan-activity;sid:84548972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685873)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685873/; classtype:trojan-activity;sid:84548973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685874)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685874/; classtype:trojan-activity;sid:84548974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685875)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685875/; classtype:trojan-activity;sid:84548975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685876)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685876/; classtype:trojan-activity;sid:84548976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685863)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685863/; classtype:trojan-activity;sid:84548963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685864)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685864/; classtype:trojan-activity;sid:84548964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685865)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685865/; classtype:trojan-activity;sid:84548965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685866)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685866/; classtype:trojan-activity;sid:84548966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685861)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685861/; classtype:trojan-activity;sid:84548961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685862)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685862/; classtype:trojan-activity;sid:84548962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685852)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685852/; classtype:trojan-activity;sid:84548952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685853)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685853/; classtype:trojan-activity;sid:84548953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685854)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685854/; classtype:trojan-activity;sid:84548954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685855)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685855/; classtype:trojan-activity;sid:84548955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685857)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685857/; classtype:trojan-activity;sid:84548957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685858)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685858/; classtype:trojan-activity;sid:84548958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685859)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685859/; classtype:trojan-activity;sid:84548959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685860)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685860/; classtype:trojan-activity;sid:84548960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685847)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685847/; classtype:trojan-activity;sid:84548947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685848)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685848/; classtype:trojan-activity;sid:84548948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685849)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685849/; classtype:trojan-activity;sid:84548949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685850)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685850/; classtype:trojan-activity;sid:84548950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685851)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685851/; classtype:trojan-activity;sid:84548951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685837)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685837/; classtype:trojan-activity;sid:84548937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685838)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685838/; classtype:trojan-activity;sid:84548938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685839)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685839/; classtype:trojan-activity;sid:84548939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685840)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685840/; classtype:trojan-activity;sid:84548940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685841)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685841/; classtype:trojan-activity;sid:84548941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685842)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685842/; classtype:trojan-activity;sid:84548942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685843)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685843/; classtype:trojan-activity;sid:84548943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685844)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685844/; classtype:trojan-activity;sid:84548944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685845)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685845/; classtype:trojan-activity;sid:84548945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685830)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685830/; classtype:trojan-activity;sid:84548930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685831)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685831/; classtype:trojan-activity;sid:84548931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685832)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685832/; classtype:trojan-activity;sid:84548932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685833)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685833/; classtype:trojan-activity;sid:84548933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685834)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685834/; classtype:trojan-activity;sid:84548934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685835)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685835/; classtype:trojan-activity;sid:84548935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685836)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685836/; classtype:trojan-activity;sid:84548936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685827)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685827/; classtype:trojan-activity;sid:84548927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685828)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685828/; classtype:trojan-activity;sid:84548928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685829)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685829/; classtype:trojan-activity;sid:84548929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685825)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685825/; classtype:trojan-activity;sid:84548925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685826)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685826/; classtype:trojan-activity;sid:84548926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685813)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685813/; classtype:trojan-activity;sid:84548913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685815)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685815/; classtype:trojan-activity;sid:84548915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685816)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685816/; classtype:trojan-activity;sid:84548916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685817)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685817/; classtype:trojan-activity;sid:84548917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685818)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685818/; classtype:trojan-activity;sid:84548918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685819)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685819/; classtype:trojan-activity;sid:84548919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685820)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685820/; classtype:trojan-activity;sid:84548920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685821)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685821/; classtype:trojan-activity;sid:84548921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685822)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685822/; classtype:trojan-activity;sid:84548922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685805)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685805/; classtype:trojan-activity;sid:84548905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685806)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685806/; classtype:trojan-activity;sid:84548906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685807)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685807/; classtype:trojan-activity;sid:84548907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685808)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685808/; classtype:trojan-activity;sid:84548908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685809)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685809/; classtype:trojan-activity;sid:84548909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685810)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685810/; classtype:trojan-activity;sid:84548910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685811)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685811/; classtype:trojan-activity;sid:84548911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685812)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685812/; classtype:trojan-activity;sid:84548912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685798)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685798/; classtype:trojan-activity;sid:84548898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685799)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685799/; classtype:trojan-activity;sid:84548899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685800)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685800/; classtype:trojan-activity;sid:84548900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685801)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685801/; classtype:trojan-activity;sid:84548901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685797)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685797/; classtype:trojan-activity;sid:84548897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685792)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685792/; classtype:trojan-activity;sid:84548892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685793)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685793/; classtype:trojan-activity;sid:84548893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685794)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685794/; classtype:trojan-activity;sid:84548894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685795)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685795/; classtype:trojan-activity;sid:84548895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685796)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685796/; classtype:trojan-activity;sid:84548896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685786)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685786/; classtype:trojan-activity;sid:84548886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685787)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685787/; classtype:trojan-activity;sid:84548887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685788)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685788/; classtype:trojan-activity;sid:84548888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685789)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685789/; classtype:trojan-activity;sid:84548889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685790)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685790/; classtype:trojan-activity;sid:84548890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685791)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685791/; classtype:trojan-activity;sid:84548891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685779)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685779/; classtype:trojan-activity;sid:84548879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685780)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685780/; classtype:trojan-activity;sid:84548880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685781)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685781/; classtype:trojan-activity;sid:84548881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685782)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685782/; classtype:trojan-activity;sid:84548882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685783)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685783/; classtype:trojan-activity;sid:84548883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685784)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685784/; classtype:trojan-activity;sid:84548884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685785)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685785/; classtype:trojan-activity;sid:84548885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685776)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685776/; classtype:trojan-activity;sid:84548876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685777)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685777/; classtype:trojan-activity;sid:84548877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685778)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685778/; classtype:trojan-activity;sid:84548878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685767)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685767/; classtype:trojan-activity;sid:84548867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685768)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685768/; classtype:trojan-activity;sid:84548868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685770)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685770/; classtype:trojan-activity;sid:84548870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685771)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685771/; classtype:trojan-activity;sid:84548871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685772)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685772/; classtype:trojan-activity;sid:84548872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685773)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685773/; classtype:trojan-activity;sid:84548873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685774)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685774/; classtype:trojan-activity;sid:84548874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685775)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685775/; classtype:trojan-activity;sid:84548875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685757)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685757/; classtype:trojan-activity;sid:84548857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685759)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685759/; classtype:trojan-activity;sid:84548859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685760)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685760/; classtype:trojan-activity;sid:84548860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685761)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685761/; classtype:trojan-activity;sid:84548861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685762)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685762/; classtype:trojan-activity;sid:84548862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685763)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685763/; classtype:trojan-activity;sid:84548863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685765)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685765/; classtype:trojan-activity;sid:84548865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685766)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685766/; classtype:trojan-activity;sid:84548866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685753)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685753/; classtype:trojan-activity;sid:84548853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685754)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685754/; classtype:trojan-activity;sid:84548854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685755)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685755/; classtype:trojan-activity;sid:84548855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685756)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685756/; classtype:trojan-activity;sid:84548856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685751)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685751/; classtype:trojan-activity;sid:84548851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685752)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685752/; classtype:trojan-activity;sid:84548852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685749)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685749/; classtype:trojan-activity;sid:84548849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685731)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685731/; classtype:trojan-activity;sid:84548831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685732)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685732/; classtype:trojan-activity;sid:84548832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685733)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685733/; classtype:trojan-activity;sid:84548833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685735)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685735/; classtype:trojan-activity;sid:84548835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685736)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685736/; classtype:trojan-activity;sid:84548836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685737)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685737/; classtype:trojan-activity;sid:84548837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685738)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685738/; classtype:trojan-activity;sid:84548838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685739)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685739/; classtype:trojan-activity;sid:84548839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685743)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685743/; classtype:trojan-activity;sid:84548843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685744)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685744/; classtype:trojan-activity;sid:84548844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685746)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685746/; classtype:trojan-activity;sid:84548846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685747)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685747/; classtype:trojan-activity;sid:84548847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685748)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685748/; classtype:trojan-activity;sid:84548848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685721)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685721/; classtype:trojan-activity;sid:84548821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685722)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685722/; classtype:trojan-activity;sid:84548822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685723)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685723/; classtype:trojan-activity;sid:84548823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685724)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685724/; classtype:trojan-activity;sid:84548824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685725)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685725/; classtype:trojan-activity;sid:84548825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685726)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685726/; classtype:trojan-activity;sid:84548826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685727)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685727/; classtype:trojan-activity;sid:84548827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685728)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685728/; classtype:trojan-activity;sid:84548828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685729)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685729/; classtype:trojan-activity;sid:84548829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685730)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685730/; classtype:trojan-activity;sid:84548830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685716)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685716/; classtype:trojan-activity;sid:84548816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685717)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685717/; classtype:trojan-activity;sid:84548817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685718)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685718/; classtype:trojan-activity;sid:84548818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685719)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685719/; classtype:trojan-activity;sid:84548819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685720)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685720/; classtype:trojan-activity;sid:84548820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685713)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685713/; classtype:trojan-activity;sid:84548813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685714)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685714/; classtype:trojan-activity;sid:84548814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685715)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685715/; classtype:trojan-activity;sid:84548815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.146.224.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685653/; classtype:trojan-activity;sid:84548753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.19.233.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685654/; classtype:trojan-activity;sid:84548754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.156.24.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685652/; classtype:trojan-activity;sid:84548752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.178.226.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685645/; classtype:trojan-activity;sid:84548745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685495/; classtype:trojan-activity;sid:84548595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.124.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685381/; classtype:trojan-activity;sid:84548481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685360)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685360/; classtype:trojan-activity;sid:84548460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685347)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685347/; classtype:trojan-activity;sid:84548447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685348)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685348/; classtype:trojan-activity;sid:84548448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685340)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685340/; classtype:trojan-activity;sid:84548440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685341)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685341/; classtype:trojan-activity;sid:84548441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685337)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685337/; classtype:trojan-activity;sid:84548437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685338)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685338/; classtype:trojan-activity;sid:84548438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685334)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685334/; classtype:trojan-activity;sid:84548434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.132.225.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685332/; classtype:trojan-activity;sid:84548432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685327)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685327/; classtype:trojan-activity;sid:84548427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685320)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685320/; classtype:trojan-activity;sid:84548420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685321)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685321/; classtype:trojan-activity;sid:84548421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685322)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685322/; classtype:trojan-activity;sid:84548422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685323)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685323/; classtype:trojan-activity;sid:84548423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685325)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685325/; classtype:trojan-activity;sid:84548425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685326)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685326/; classtype:trojan-activity;sid:84548426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685312)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685312/; classtype:trojan-activity;sid:84548412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685313)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685313/; classtype:trojan-activity;sid:84548413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685314)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685314/; classtype:trojan-activity;sid:84548414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685315)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685315/; classtype:trojan-activity;sid:84548415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685316)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685316/; classtype:trojan-activity;sid:84548416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685317)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685317/; classtype:trojan-activity;sid:84548417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685303)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685303/; classtype:trojan-activity;sid:84548403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685304)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685304/; classtype:trojan-activity;sid:84548404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685308)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685308/; classtype:trojan-activity;sid:84548408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685310)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685310/; classtype:trojan-activity;sid:84548410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685311)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685311/; classtype:trojan-activity;sid:84548411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.124.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685147/; classtype:trojan-activity;sid:84548247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.34.61.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685139/; classtype:trojan-activity;sid:84548239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.34.61.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685135/; classtype:trojan-activity;sid:84548235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.167.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685116/; classtype:trojan-activity;sid:84548216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685103)"; flow:established,from_client; content:"GET"; http_method; content:"/wget_telnet.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3685103/; classtype:trojan-activity;sid:84548203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.17.42.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684900/; classtype:trojan-activity;sid:84548000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.111.3.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684903/; classtype:trojan-activity;sid:84548003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.249.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684843/; classtype:trojan-activity;sid:84547943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684806)"; flow:established,from_client; content:"GET"; http_method; content:"/zoom/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"khoancatbetong89.vn"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684806/; classtype:trojan-activity;sid:84547906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684798)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684798/; classtype:trojan-activity;sid:84547898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684799)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684799/; classtype:trojan-activity;sid:84547899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684800)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684800/; classtype:trojan-activity;sid:84547900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684801)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684801/; classtype:trojan-activity;sid:84547901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684795)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684795/; classtype:trojan-activity;sid:84547895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684787)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684787/; classtype:trojan-activity;sid:84547887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684789)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684789/; classtype:trojan-activity;sid:84547889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684790)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684790/; classtype:trojan-activity;sid:84547890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684791)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684791/; classtype:trojan-activity;sid:84547891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684793)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684793/; classtype:trojan-activity;sid:84547893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684794)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684794/; classtype:trojan-activity;sid:84547894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.83.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684782/; classtype:trojan-activity;sid:84547882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684751)"; flow:established,from_client; content:"GET"; http_method; content:"/90/cvd3dd0ok0s0/sdo09ewsdf023jfkjsdxc0vxc90sd9f3f9df90cxv9x0vsfjsdkfj090xc00sfsd399sdf00xcv0xv0e90w.doc"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"23.95.117.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684751/; classtype:trojan-activity;sid:84547851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684749)"; flow:established,from_client; content:"GET"; http_method; content:"/90/cvd3dd0ok0s0/sdo09ewsdf023jfkjsdxc0vxc90sd9f3f9df90cxv9x0vsfjsdkfj090xc00sfsd399sdf00xcv0xv0e90w.doc"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"23.95.117.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684749/; classtype:trojan-activity;sid:84547849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.8.224.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684691/; classtype:trojan-activity;sid:84547791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.8.224.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684656/; classtype:trojan-activity;sid:84547756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684652)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251022232849.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pocopa.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684652/; classtype:trojan-activity;sid:84547752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684468)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm5"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684468/; classtype:trojan-activity;sid:84547568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684465)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mpsl"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684465/; classtype:trojan-activity;sid:84547565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684466)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm6"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684466/; classtype:trojan-activity;sid:84547566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684467)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86_64"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684467/; classtype:trojan-activity;sid:84547567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684462)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684462/; classtype:trojan-activity;sid:84547562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684463)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mips"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684463/; classtype:trojan-activity;sid:84547563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684464)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.sh4"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684464/; classtype:trojan-activity;sid:84547564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684457)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.m68k"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684457/; classtype:trojan-activity;sid:84547557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684458)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684458/; classtype:trojan-activity;sid:84547558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684459)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.spc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684459/; classtype:trojan-activity;sid:84547559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684460)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684460/; classtype:trojan-activity;sid:84547560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684461)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.ppc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684461/; classtype:trojan-activity;sid:84547561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684454)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.i686"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684454/; classtype:trojan-activity;sid:84547554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684455)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm7"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684455/; classtype:trojan-activity;sid:84547555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684456)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684456/; classtype:trojan-activity;sid:84547556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684360)"; flow:established,from_client; content:"GET"; http_method; content:"/898xylbd/139assicc.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.140.182.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684360/; classtype:trojan-activity;sid:84547460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684356)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684356/; classtype:trojan-activity;sid:84547456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684355)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684355/; classtype:trojan-activity;sid:84547455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684352)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684352/; classtype:trojan-activity;sid:84547452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684353)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684353/; classtype:trojan-activity;sid:84547453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684354)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684354/; classtype:trojan-activity;sid:84547454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684347)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684347/; classtype:trojan-activity;sid:84547447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684348)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684348/; classtype:trojan-activity;sid:84547448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684349)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684349/; classtype:trojan-activity;sid:84547449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684350)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684350/; classtype:trojan-activity;sid:84547450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684351)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684351/; classtype:trojan-activity;sid:84547451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684345)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684345/; classtype:trojan-activity;sid:84547445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684346)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684346/; classtype:trojan-activity;sid:84547446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684319)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684319/; classtype:trojan-activity;sid:84547419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684318)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684318/; classtype:trojan-activity;sid:84547418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684317)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684317/; classtype:trojan-activity;sid:84547417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684316)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/android/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684316/; classtype:trojan-activity;sid:84547416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684315)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684315/; classtype:trojan-activity;sid:84547415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684313)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/android/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684313/; classtype:trojan-activity;sid:84547413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684314)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/android/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684314/; classtype:trojan-activity;sid:84547414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684310)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/android/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684310/; classtype:trojan-activity;sid:84547410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684311)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/android/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684311/; classtype:trojan-activity;sid:84547411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684312)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/android/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684312/; classtype:trojan-activity;sid:84547412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684308)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684308/; classtype:trojan-activity;sid:84547408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684309)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684309/; classtype:trojan-activity;sid:84547409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684274)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684274/; classtype:trojan-activity;sid:84547374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684275)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684275/; classtype:trojan-activity;sid:84547375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684263)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684263/; classtype:trojan-activity;sid:84547363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684258)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684258/; classtype:trojan-activity;sid:84547358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684259)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684259/; classtype:trojan-activity;sid:84547359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684260)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684260/; classtype:trojan-activity;sid:84547360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684261)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684261/; classtype:trojan-activity;sid:84547361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684262)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684262/; classtype:trojan-activity;sid:84547362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684255)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684255/; classtype:trojan-activity;sid:84547355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684256)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684256/; classtype:trojan-activity;sid:84547356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684257)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684257/; classtype:trojan-activity;sid:84547357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684253)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684253/; classtype:trojan-activity;sid:84547353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684254)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684254/; classtype:trojan-activity;sid:84547354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684250)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684250/; classtype:trojan-activity;sid:84547350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684251)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684251/; classtype:trojan-activity;sid:84547351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684252)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684252/; classtype:trojan-activity;sid:84547352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3684164/; classtype:trojan-activity;sid:84547264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684008)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.214.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3684008/; classtype:trojan-activity;sid:84547108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683994)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.195.65.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683994/; classtype:trojan-activity;sid:84547094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683996)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.70.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683996/; classtype:trojan-activity;sid:84547096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683997)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.97.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683997/; classtype:trojan-activity;sid:84547097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.63.137.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683987/; classtype:trojan-activity;sid:84547087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.94.86.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683983/; classtype:trojan-activity;sid:84547083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683975/; classtype:trojan-activity;sid:84547075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.155.92.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683969/; classtype:trojan-activity;sid:84547069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.92.235.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683958/; classtype:trojan-activity;sid:84547058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683949)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.143.225.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683949/; classtype:trojan-activity;sid:84547049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683956)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.92.235.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683956/; classtype:trojan-activity;sid:84547056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683939)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"161.97.108.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683939/; classtype:trojan-activity;sid:84547039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683907)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/gl0ygtd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683907/; classtype:trojan-activity;sid:84547007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683856/; classtype:trojan-activity;sid:84546956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683787/; classtype:trojan-activity;sid:84546887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683723)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683723/; classtype:trojan-activity;sid:84546823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683665)"; flow:established,from_client; content:"GET"; http_method; content:"/cmsjj"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"globaltechbilling.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683665/; classtype:trojan-activity;sid:84546765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683567)"; flow:established,from_client; content:"GET"; http_method; content:"/onastroll-2000f5n/5vcye/releases/download/v1.2/launcher.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683567/; classtype:trojan-activity;sid:84546667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683554)"; flow:established,from_client; content:"GET"; http_method; content:"/sl/x"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.201.0.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683554/; classtype:trojan-activity;sid:84546654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683557)"; flow:established,from_client; content:"GET"; http_method; content:"/fire/wormb.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683557/; classtype:trojan-activity;sid:84546657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683558)"; flow:established,from_client; content:"GET"; http_method; content:"/sl/y"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.201.0.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683558/; classtype:trojan-activity;sid:84546658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.250.184.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683457/; classtype:trojan-activity;sid:84546557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683253)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w64|7c|26|7c|stage=true"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683253/; classtype:trojan-activity;sid:84546353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683254)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w32|7c|26|7c|stage=true"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683254/; classtype:trojan-activity;sid:84546354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683250)"; flow:established,from_client; content:"GET"; http_method; content:"/swt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683250/; classtype:trojan-activity;sid:84546350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683215)"; flow:established,from_client; content:"GET"; http_method; content:"/1/items.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.249.192.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683215/; classtype:trojan-activity;sid:84546315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683212)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/dbghelp.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.120.89.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683212/; classtype:trojan-activity;sid:84546312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683070)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683070/; classtype:trojan-activity;sid:84546170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683052)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683052/; classtype:trojan-activity;sid:84546152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683053)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683053/; classtype:trojan-activity;sid:84546153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683054)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683054/; classtype:trojan-activity;sid:84546154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683055)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683055/; classtype:trojan-activity;sid:84546155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683056)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683056/; classtype:trojan-activity;sid:84546156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683057)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683057/; classtype:trojan-activity;sid:84546157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683063)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683063/; classtype:trojan-activity;sid:84546163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683050)"; flow:established,from_client; content:"GET"; http_method; content:"/byte"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683050/; classtype:trojan-activity;sid:84546150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683049)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.xml"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683049/; classtype:trojan-activity;sid:84546149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683048)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683048/; classtype:trojan-activity;sid:84546148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683026)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683026/; classtype:trojan-activity;sid:84546126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683029)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683029/; classtype:trojan-activity;sid:84546129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683030)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683030/; classtype:trojan-activity;sid:84546130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683033)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683033/; classtype:trojan-activity;sid:84546133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683034)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683034/; classtype:trojan-activity;sid:84546134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683035)"; flow:established,from_client; content:"GET"; http_method; content:"/vac"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683035/; classtype:trojan-activity;sid:84546135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683036)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683036/; classtype:trojan-activity;sid:84546136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683038)"; flow:established,from_client; content:"GET"; http_method; content:"/spring"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683038/; classtype:trojan-activity;sid:84546138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683041)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683041/; classtype:trojan-activity;sid:84546141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683044)"; flow:established,from_client; content:"GET"; http_method; content:"/link"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683044/; classtype:trojan-activity;sid:84546144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683010)"; flow:established,from_client; content:"GET"; http_method; content:"/spring"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683010/; classtype:trojan-activity;sid:84546110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683011)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683011/; classtype:trojan-activity;sid:84546111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683012)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683012/; classtype:trojan-activity;sid:84546112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683013)"; flow:established,from_client; content:"GET"; http_method; content:"/vac"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683013/; classtype:trojan-activity;sid:84546113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683014)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683014/; classtype:trojan-activity;sid:84546114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683015)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683015/; classtype:trojan-activity;sid:84546115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683016)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683016/; classtype:trojan-activity;sid:84546116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683017)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683017/; classtype:trojan-activity;sid:84546117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683018)"; flow:established,from_client; content:"GET"; http_method; content:"/byte"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683018/; classtype:trojan-activity;sid:84546118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683019)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683019/; classtype:trojan-activity;sid:84546119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683020)"; flow:established,from_client; content:"GET"; http_method; content:"/link"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683020/; classtype:trojan-activity;sid:84546120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683021)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683021/; classtype:trojan-activity;sid:84546121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683022)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683022/; classtype:trojan-activity;sid:84546122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683023)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683023/; classtype:trojan-activity;sid:84546123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683024)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683024/; classtype:trojan-activity;sid:84546124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683025)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683025/; classtype:trojan-activity;sid:84546125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683009)"; flow:established,from_client; content:"GET"; http_method; content:"/byte"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683009/; classtype:trojan-activity;sid:84546109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683008)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683008/; classtype:trojan-activity;sid:84546108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683005)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.xml"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683005/; classtype:trojan-activity;sid:84546105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683006)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683006/; classtype:trojan-activity;sid:84546106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683007)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683007/; classtype:trojan-activity;sid:84546107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683004)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683004/; classtype:trojan-activity;sid:84546104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683002)"; flow:established,from_client; content:"GET"; http_method; content:"/vac"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683002/; classtype:trojan-activity;sid:84546102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682998)"; flow:established,from_client; content:"GET"; http_method; content:"/spring"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682998/; classtype:trojan-activity;sid:84546098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682999)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682999/; classtype:trojan-activity;sid:84546099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683000)"; flow:established,from_client; content:"GET"; http_method; content:"/link"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683000/; classtype:trojan-activity;sid:84546100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682997)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.xml"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682997/; classtype:trojan-activity;sid:84546097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682988)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682988/; classtype:trojan-activity;sid:84546088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682989)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682989/; classtype:trojan-activity;sid:84546089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682990)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682990/; classtype:trojan-activity;sid:84546090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682991)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682991/; classtype:trojan-activity;sid:84546091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682992)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682992/; classtype:trojan-activity;sid:84546092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682993)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682993/; classtype:trojan-activity;sid:84546093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682994)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682994/; classtype:trojan-activity;sid:84546094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682995)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682995/; classtype:trojan-activity;sid:84546095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682996)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682996/; classtype:trojan-activity;sid:84546096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682985)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682985/; classtype:trojan-activity;sid:84546085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682986)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682986/; classtype:trojan-activity;sid:84546086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682987)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682987/; classtype:trojan-activity;sid:84546087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682750)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kmro/kkdi99ew0cv03jdjfsdhj400df04sdxcv0we03220dcxvjs9f930sxcvj322jjsdf0sdf0sfxc0f032jdkfs.hta"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"23.95.117.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682750/; classtype:trojan-activity;sid:84545850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.49.158.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682508/; classtype:trojan-activity;sid:84545608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.49.158.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682497/; classtype:trojan-activity;sid:84545597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682343)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kkn/sd99w090xcvjijsei000sdf09w0ef0cdf3iiuif920fs0f0sdf032fisidufiu0v0x9v090diudfg00909dfg00df.hta"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"23.95.117.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682343/; classtype:trojan-activity;sid:84545443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682337)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2fnewdll.txt|3f|alt=media|7c|26|7c|token=2a7619df-4ea7-43d3-9c6e-b74be01ff67f"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682337/; classtype:trojan-activity;sid:84545437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682321)"; flow:established,from_client; content:"GET"; http_method; content:"/download/wp4055032-l-wallpapers_with_b64/wp4055032-l-wallpapers_with_b64.jpg"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682321/; classtype:trojan-activity;sid:84545421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682316)"; flow:established,from_client; content:"GET"; http_method; content:"/wheatw.pfm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tehnomag.rs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682316/; classtype:trojan-activity;sid:84545416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682317)"; flow:established,from_client; content:"GET"; http_method; content:"/wheatw.pfm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tehnomag.rs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682317/; classtype:trojan-activity;sid:84545417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682271)"; flow:established,from_client; content:"GET"; http_method; content:"/5/items/msi-pro-with-b-64_20251015_1424/msi_pro_with_b64.png"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"ia801000.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682271/; classtype:trojan-activity;sid:84545371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682083)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost46quasarlightbuz/musical-palm-tree/releases/download/asas/launcher.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682083/; classtype:trojan-activity;sid:84545183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682073)"; flow:established,from_client; content:"GET"; http_method; content:"/vac"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682073/; classtype:trojan-activity;sid:84545173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682070)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682070/; classtype:trojan-activity;sid:84545170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682071)"; flow:established,from_client; content:"GET"; http_method; content:"/link"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682071/; classtype:trojan-activity;sid:84545171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682072)"; flow:established,from_client; content:"GET"; http_method; content:"/byte"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682072/; classtype:trojan-activity;sid:84545172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682064)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682064/; classtype:trojan-activity;sid:84545164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682056)"; flow:established,from_client; content:"GET"; http_method; content:"/spring"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682056/; classtype:trojan-activity;sid:84545156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682057)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682057/; classtype:trojan-activity;sid:84545157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682058)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682058/; classtype:trojan-activity;sid:84545158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682059)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682059/; classtype:trojan-activity;sid:84545159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682060)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682060/; classtype:trojan-activity;sid:84545160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682061)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682061/; classtype:trojan-activity;sid:84545161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682048)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682048/; classtype:trojan-activity;sid:84545148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682049)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682049/; classtype:trojan-activity;sid:84545149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682050)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682050/; classtype:trojan-activity;sid:84545150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682051)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682051/; classtype:trojan-activity;sid:84545151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682052)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682052/; classtype:trojan-activity;sid:84545152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682053)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682053/; classtype:trojan-activity;sid:84545153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682054)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682054/; classtype:trojan-activity;sid:84545154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682055)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682055/; classtype:trojan-activity;sid:84545155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682042)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.xml"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682042/; classtype:trojan-activity;sid:84545142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.110.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681991/; classtype:trojan-activity;sid:84545091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.110.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681982/; classtype:trojan-activity;sid:84545082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.184.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681757/; classtype:trojan-activity;sid:84544857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681361)"; flow:established,from_client; content:"GET"; http_method; content:"/toot"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681361/; classtype:trojan-activity;sid:84544461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681345)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.93.62.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681345/; classtype:trojan-activity;sid:84544445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681337)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.93.62.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681337/; classtype:trojan-activity;sid:84544437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681338)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.93.62.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681338/; classtype:trojan-activity;sid:84544438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681262)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681262/; classtype:trojan-activity;sid:84544362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.132.225.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681153/; classtype:trojan-activity;sid:84544253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681053)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.77.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681053/; classtype:trojan-activity;sid:84544153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681054)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"68.64.176.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681054/; classtype:trojan-activity;sid:84544154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681048)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681048/; classtype:trojan-activity;sid:84544148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681049)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.79.229.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681049/; classtype:trojan-activity;sid:84544149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681042)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.201.74.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681042/; classtype:trojan-activity;sid:84544142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681043)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.201.74.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681043/; classtype:trojan-activity;sid:84544143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681044)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.126.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681044/; classtype:trojan-activity;sid:84544144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681045)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.242.12.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681045/; classtype:trojan-activity;sid:84544145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681047)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.79.229.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681047/; classtype:trojan-activity;sid:84544147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.170.215.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681035/; classtype:trojan-activity;sid:84544135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.103.251.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681032/; classtype:trojan-activity;sid:84544132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681031)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.226.220.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681031/; classtype:trojan-activity;sid:84544131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.90.248.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681019/; classtype:trojan-activity;sid:84544119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.210.37.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681011/; classtype:trojan-activity;sid:84544111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.84.181.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681010/; classtype:trojan-activity;sid:84544110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680431)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost46quasarlightbuz/y8wmk/releases/download/dowz/cryptoalpha.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680431/; classtype:trojan-activity;sid:84543531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680429)"; flow:established,from_client; content:"GET"; http_method; content:"/checker/1.pdb"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lh24h7tp-5500.euw.devtunnels.ms"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680429/; classtype:trojan-activity;sid:84543529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680421)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office@master/policy.js"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680421/; classtype:trojan-activity;sid:84543521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680422)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office@master/terms-of-use.js"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680422/; classtype:trojan-activity;sid:84543522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680424)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/minere.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"193.233.175.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680424/; classtype:trojan-activity;sid:84543524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680426)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office@master/rules.js"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680426/; classtype:trojan-activity;sid:84543526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680427)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office@master/license.js"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680427/; classtype:trojan-activity;sid:84543527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680408)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkmips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680408/; classtype:trojan-activity;sid:84543508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680409)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680409/; classtype:trojan-activity;sid:84543509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680410)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680410/; classtype:trojan-activity;sid:84543510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680411)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680411/; classtype:trojan-activity;sid:84543511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680412)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkmpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680412/; classtype:trojan-activity;sid:84543512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680413)"; flow:established,from_client; content:"GET"; http_method; content:"/nshkarm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680413/; classtype:trojan-activity;sid:84543513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680322)"; flow:established,from_client; content:"GET"; http_method; content:"/new/x64-setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tapestryoftruth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680322/; classtype:trojan-activity;sid:84543422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680291)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/cred64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680291/; classtype:trojan-activity;sid:84543391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680288)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/vnc.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680288/; classtype:trojan-activity;sid:84543388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680289)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/clip64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680289/; classtype:trojan-activity;sid:84543389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680290)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/clip.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680290/; classtype:trojan-activity;sid:84543390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680287)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/cred.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680287/; classtype:trojan-activity;sid:84543387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680264)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680264/; classtype:trojan-activity;sid:84543364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680262)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680262/; classtype:trojan-activity;sid:84543362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680256)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680256/; classtype:trojan-activity;sid:84543356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680248)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680248/; classtype:trojan-activity;sid:84543348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680249)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680249/; classtype:trojan-activity;sid:84543349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680250)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680250/; classtype:trojan-activity;sid:84543350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.83.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679915/; classtype:trojan-activity;sid:84543015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679911)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679911/; classtype:trojan-activity;sid:84543011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679909)"; flow:established,from_client; content:"GET"; http_method; content:"/arm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679909/; classtype:trojan-activity;sid:84543009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679775)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office/rules.js"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679775/; classtype:trojan-activity;sid:84542875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679755/; classtype:trojan-activity;sid:84542855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679637)"; flow:established,from_client; content:"GET"; http_method; content:"/injector.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679637/; classtype:trojan-activity;sid:84542737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679537/; classtype:trojan-activity;sid:84542637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.139.62.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679484/; classtype:trojan-activity;sid:84542584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679304)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.90.248.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679304/; classtype:trojan-activity;sid:84542404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679261)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2frodita%20pe.txt|3f|alt=media|7c|26|7c|token=4d0ef261-f77d-400f-952d-34c41ee8d7f5"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679261/; classtype:trojan-activity;sid:84542361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679262)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2fdllroda.txt|3f|alt=media|7c|26|7c|token=8b9a573d-2052-4ffd-963f-6d1e2e01398c"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679262/; classtype:trojan-activity;sid:84542362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679256)"; flow:established,from_client; content:"GET"; http_method; content:"/fire/wormb.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679256/; classtype:trojan-activity;sid:84542356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679158)"; flow:established,from_client; content:"GET"; http_method; content:"/notepad.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bmh-global.myfirewall.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679158/; classtype:trojan-activity;sid:84542258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679148)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpoint.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"igw.myfirewall.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679148/; classtype:trojan-activity;sid:84542248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679147)"; flow:established,from_client; content:"GET"; http_method; content:"/words.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"igw.myfirewall.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679147/; classtype:trojan-activity;sid:84542247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679132)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679132/; classtype:trojan-activity;sid:84542232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.139.62.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679015/; classtype:trojan-activity;sid:84542115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678940)"; flow:established,from_client; content:"GET"; http_method; content:"/prefiction.mp4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.sgeseducation.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678940/; classtype:trojan-activity;sid:84542040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678938)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.226.8.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678938/; classtype:trojan-activity;sid:84542038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.160.56.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678926/; classtype:trojan-activity;sid:84542026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"50.43.160.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678923/; classtype:trojan-activity;sid:84542023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678912)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.145.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678912/; classtype:trojan-activity;sid:84542012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678879)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678879/; classtype:trojan-activity;sid:84541979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678877)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678877/; classtype:trojan-activity;sid:84541977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678878)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678878/; classtype:trojan-activity;sid:84541978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678876)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678876/; classtype:trojan-activity;sid:84541976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678875)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678875/; classtype:trojan-activity;sid:84541975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678874)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678874/; classtype:trojan-activity;sid:84541974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678872)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678872/; classtype:trojan-activity;sid:84541972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678873)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678873/; classtype:trojan-activity;sid:84541973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678870)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678870/; classtype:trojan-activity;sid:84541970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678871)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678871/; classtype:trojan-activity;sid:84541971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678868)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678868/; classtype:trojan-activity;sid:84541968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678857)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678857/; classtype:trojan-activity;sid:84541957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678785)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251014233438.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pocopa.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678785/; classtype:trojan-activity;sid:84541885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678611)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251012232701.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pocopa.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678611/; classtype:trojan-activity;sid:84541711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678512)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678512/; classtype:trojan-activity;sid:84541612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678230)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678230/; classtype:trojan-activity;sid:84541330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678227)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678227/; classtype:trojan-activity;sid:84541327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678228)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678228/; classtype:trojan-activity;sid:84541328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678213)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678213/; classtype:trojan-activity;sid:84541313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678214/; classtype:trojan-activity;sid:84541314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678215)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678215/; classtype:trojan-activity;sid:84541315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678216)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678216/; classtype:trojan-activity;sid:84541316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678217)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678217/; classtype:trojan-activity;sid:84541317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678218)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678218/; classtype:trojan-activity;sid:84541318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678219)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678219/; classtype:trojan-activity;sid:84541319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678220/; classtype:trojan-activity;sid:84541320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678221)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678221/; classtype:trojan-activity;sid:84541321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678222)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678222/; classtype:trojan-activity;sid:84541322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678223)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678223/; classtype:trojan-activity;sid:84541323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678224)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678224/; classtype:trojan-activity;sid:84541324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678225)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678225/; classtype:trojan-activity;sid:84541325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678208)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678208/; classtype:trojan-activity;sid:84541308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678209)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678209/; classtype:trojan-activity;sid:84541309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678210/; classtype:trojan-activity;sid:84541310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678211)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678211/; classtype:trojan-activity;sid:84541311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678212)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678212/; classtype:trojan-activity;sid:84541312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678204)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678204/; classtype:trojan-activity;sid:84541304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678206)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678206/; classtype:trojan-activity;sid:84541306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678207)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678207/; classtype:trojan-activity;sid:84541307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678197/; classtype:trojan-activity;sid:84541297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678198)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678198/; classtype:trojan-activity;sid:84541298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678199)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678199/; classtype:trojan-activity;sid:84541299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678200)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678200/; classtype:trojan-activity;sid:84541300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678201)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678201/; classtype:trojan-activity;sid:84541301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678203)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678203/; classtype:trojan-activity;sid:84541303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678193)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678193/; classtype:trojan-activity;sid:84541293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678194/; classtype:trojan-activity;sid:84541294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678195)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678195/; classtype:trojan-activity;sid:84541295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678196)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678196/; classtype:trojan-activity;sid:84541296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678190)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678190/; classtype:trojan-activity;sid:84541290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678191)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678191/; classtype:trojan-activity;sid:84541291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678192)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678192/; classtype:trojan-activity;sid:84541292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678188)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678188/; classtype:trojan-activity;sid:84541288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678189)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678189/; classtype:trojan-activity;sid:84541289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678177)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678177/; classtype:trojan-activity;sid:84541277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678178)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678178/; classtype:trojan-activity;sid:84541278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678179)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678179/; classtype:trojan-activity;sid:84541279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678181)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678181/; classtype:trojan-activity;sid:84541281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678182)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678182/; classtype:trojan-activity;sid:84541282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678183)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678183/; classtype:trojan-activity;sid:84541283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678184)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678184/; classtype:trojan-activity;sid:84541284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678185/; classtype:trojan-activity;sid:84541285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678186)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678186/; classtype:trojan-activity;sid:84541286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678187)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678187/; classtype:trojan-activity;sid:84541287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678176)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678176/; classtype:trojan-activity;sid:84541276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678175)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678175/; classtype:trojan-activity;sid:84541275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678167)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678167/; classtype:trojan-activity;sid:84541267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678168)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678168/; classtype:trojan-activity;sid:84541268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678169)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678169/; classtype:trojan-activity;sid:84541269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678170)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678170/; classtype:trojan-activity;sid:84541270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678171)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678171/; classtype:trojan-activity;sid:84541271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678172)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678172/; classtype:trojan-activity;sid:84541272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678173)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678173/; classtype:trojan-activity;sid:84541273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678022)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.126.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678022/; classtype:trojan-activity;sid:84541122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.234.234.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678015/; classtype:trojan-activity;sid:84541115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.15.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678013/; classtype:trojan-activity;sid:84541113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.238.207.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678011/; classtype:trojan-activity;sid:84541111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678006)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.93.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678006/; classtype:trojan-activity;sid:84541106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677999)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.25.123.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677999/; classtype:trojan-activity;sid:84541099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677995)"; flow:established,from_client; content:"GET"; http_method; content:"/rad.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677995/; classtype:trojan-activity;sid:84541095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677993)"; flow:established,from_client; content:"GET"; http_method; content:"/clp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677993/; classtype:trojan-activity;sid:84541093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677967/; classtype:trojan-activity;sid:84541067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677717/; classtype:trojan-activity;sid:84540817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677635)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677635/; classtype:trojan-activity;sid:84540735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677625)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677625/; classtype:trojan-activity;sid:84540725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677626)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677626/; classtype:trojan-activity;sid:84540726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677627)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677627/; classtype:trojan-activity;sid:84540727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677628)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677628/; classtype:trojan-activity;sid:84540728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677629)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677629/; classtype:trojan-activity;sid:84540729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677630)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677630/; classtype:trojan-activity;sid:84540730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677631)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677631/; classtype:trojan-activity;sid:84540731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677632)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677632/; classtype:trojan-activity;sid:84540732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677633)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677633/; classtype:trojan-activity;sid:84540733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677634)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.49.29.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677634/; classtype:trojan-activity;sid:84540734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677546)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677546/; classtype:trojan-activity;sid:84540646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677521/; classtype:trojan-activity;sid:84540621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677512)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677512/; classtype:trojan-activity;sid:84540612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677510)"; flow:established,from_client; content:"GET"; http_method; content:"/sm"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677510/; classtype:trojan-activity;sid:84540610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677509)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677509/; classtype:trojan-activity;sid:84540609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677457)"; flow:established,from_client; content:"GET"; http_method; content:"/lil"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"84.234.96.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677457/; classtype:trojan-activity;sid:84540557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677453)"; flow:established,from_client; content:"GET"; http_method; content:"/dv"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.234.96.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677453/; classtype:trojan-activity;sid:84540553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677444)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677444/; classtype:trojan-activity;sid:84540544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677438)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.234.96.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677438/; classtype:trojan-activity;sid:84540538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677421)"; flow:established,from_client; content:"GET"; http_method; content:"/20231222%e5%bd%b1%e6%8a%80/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677421/; classtype:trojan-activity;sid:84540521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.235.153.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677042/; classtype:trojan-activity;sid:84540142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.235.153.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3677034/; classtype:trojan-activity;sid:84540134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3676945)"; flow:established,from_client; content:"GET"; http_method; content:"/release/xeno%20rat%20server.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"106.70.228.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3676945/; classtype:trojan-activity;sid:84540045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675744)"; flow:established,from_client; content:"GET"; http_method; content:"/release/stub/xeno%20rat%20client.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"106.70.228.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675744/; classtype:trojan-activity;sid:84538844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3675515)"; flow:established,from_client; content:"GET"; http_method; content:"/mainos.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.70.228.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3675515/; classtype:trojan-activity;sid:84538615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671102)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671102/; classtype:trojan-activity;sid:84534202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671101)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671101/; classtype:trojan-activity;sid:84534201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671043)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.144.133.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671043/; classtype:trojan-activity;sid:84534143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671016)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671016/; classtype:trojan-activity;sid:84534116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671017)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671017/; classtype:trojan-activity;sid:84534117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671018)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671018/; classtype:trojan-activity;sid:84534118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671019)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671019/; classtype:trojan-activity;sid:84534119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671020)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671020/; classtype:trojan-activity;sid:84534120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671021)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671021/; classtype:trojan-activity;sid:84534121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671022)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671022/; classtype:trojan-activity;sid:84534122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671023)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671023/; classtype:trojan-activity;sid:84534123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671012)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671012/; classtype:trojan-activity;sid:84534112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671013)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671013/; classtype:trojan-activity;sid:84534113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671014)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671014/; classtype:trojan-activity;sid:84534114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671015)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671015/; classtype:trojan-activity;sid:84534115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671011)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.77.241.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671011/; classtype:trojan-activity;sid:84534111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.33.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670907/; classtype:trojan-activity;sid:84534007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670827)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/a5ebkxa.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670827/; classtype:trojan-activity;sid:84533927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670708)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670708/; classtype:trojan-activity;sid:84533808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670704)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670704/; classtype:trojan-activity;sid:84533804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670685)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670685/; classtype:trojan-activity;sid:84533785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670670)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670670/; classtype:trojan-activity;sid:84533770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670626)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670626/; classtype:trojan-activity;sid:84533726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670493)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670493/; classtype:trojan-activity;sid:84533593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670489)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670489/; classtype:trojan-activity;sid:84533589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670490)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670490/; classtype:trojan-activity;sid:84533590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670480)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670480/; classtype:trojan-activity;sid:84533580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670481)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670481/; classtype:trojan-activity;sid:84533581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670482)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.234.96.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670482/; classtype:trojan-activity;sid:84533582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670483)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670483/; classtype:trojan-activity;sid:84533583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670484)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670484/; classtype:trojan-activity;sid:84533584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670453)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670453/; classtype:trojan-activity;sid:84533553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670426)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670426/; classtype:trojan-activity;sid:84533526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670427)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670427/; classtype:trojan-activity;sid:84533527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670428)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670428/; classtype:trojan-activity;sid:84533528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670429)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670429/; classtype:trojan-activity;sid:84533529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670430)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670430/; classtype:trojan-activity;sid:84533530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3670434)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"143.20.185.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3670434/; classtype:trojan-activity;sid:84533534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.183.56.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669940/; classtype:trojan-activity;sid:84533040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.143.139.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669935/; classtype:trojan-activity;sid:84533035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669936)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.143.139.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669936/; classtype:trojan-activity;sid:84533036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669896)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/build.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"serasoo.direct.quickconnect.to"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669896/; classtype:trojan-activity;sid:84532996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669561)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669561/; classtype:trojan-activity;sid:84532661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669562/; classtype:trojan-activity;sid:84532662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669563/; classtype:trojan-activity;sid:84532663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669564)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669564/; classtype:trojan-activity;sid:84532664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669559/; classtype:trojan-activity;sid:84532659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669560/; classtype:trojan-activity;sid:84532660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669558/; classtype:trojan-activity;sid:84532658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669553/; classtype:trojan-activity;sid:84532653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669554/; classtype:trojan-activity;sid:84532654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669555/; classtype:trojan-activity;sid:84532655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669556/; classtype:trojan-activity;sid:84532656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ip.nebulabin.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669557/; classtype:trojan-activity;sid:84532657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.249.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669225/; classtype:trojan-activity;sid:84532325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.249.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669216/; classtype:trojan-activity;sid:84532316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.249.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668819/; classtype:trojan-activity;sid:84531919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668794)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.196.126.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668794/; classtype:trojan-activity;sid:84531894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.141.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668780/; classtype:trojan-activity;sid:84531880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668652)"; flow:established,from_client; content:"GET"; http_method; content:"/bbhclienttools/client_server/bridge.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"oss.bbhcar.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668652/; classtype:trojan-activity;sid:84531752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668647)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.24.0/xmrig-6.24.0-windows-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668647/; classtype:trojan-activity;sid:84531747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668586)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"apn-87-251-249-41.static.gprs.plus.pl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668586/; classtype:trojan-activity;sid:84531686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668504)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668504/; classtype:trojan-activity;sid:84531604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668501)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668501/; classtype:trojan-activity;sid:84531601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668279/; classtype:trojan-activity;sid:84531379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668203)"; flow:established,from_client; content:"GET"; http_method; content:"/vhvd9ugu8er4rnq.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668203/; classtype:trojan-activity;sid:84531303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668193/; classtype:trojan-activity;sid:84531293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668179)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm6"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668179/; classtype:trojan-activity;sid:84531279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668174)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mpsl"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668174/; classtype:trojan-activity;sid:84531274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668175)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668175/; classtype:trojan-activity;sid:84531275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668167)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.i686"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668167/; classtype:trojan-activity;sid:84531267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668168)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm7"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668168/; classtype:trojan-activity;sid:84531268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668169)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.m68k"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668169/; classtype:trojan-activity;sid:84531269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668154)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm5"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668154/; classtype:trojan-activity;sid:84531254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668155)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86_64"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668155/; classtype:trojan-activity;sid:84531255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668157)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.spc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668157/; classtype:trojan-activity;sid:84531257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668158)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.sh4"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668158/; classtype:trojan-activity;sid:84531258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668139)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668139/; classtype:trojan-activity;sid:84531239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668142)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668142/; classtype:trojan-activity;sid:84531242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668130)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.ppc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668130/; classtype:trojan-activity;sid:84531230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668131)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mips"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668131/; classtype:trojan-activity;sid:84531231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668112/; classtype:trojan-activity;sid:84531212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668095)"; flow:established,from_client; content:"GET"; http_method; content:"/qudette/2wcwjxtg2340akf/releases/download/loaders/setup.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668095/; classtype:trojan-activity;sid:84531195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667750)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667750/; classtype:trojan-activity;sid:84530850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667684)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.132.150.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667684/; classtype:trojan-activity;sid:84530784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667686)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.48.123.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667686/; classtype:trojan-activity;sid:84530786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667591)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667591/; classtype:trojan-activity;sid:84530691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667589)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667589/; classtype:trojan-activity;sid:84530689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667586)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667586/; classtype:trojan-activity;sid:84530686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667588)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667588/; classtype:trojan-activity;sid:84530688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667585)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667585/; classtype:trojan-activity;sid:84530685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667584)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667584/; classtype:trojan-activity;sid:84530684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667582)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667582/; classtype:trojan-activity;sid:84530682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667583)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667583/; classtype:trojan-activity;sid:84530683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667569/; classtype:trojan-activity;sid:84530669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667557)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667557/; classtype:trojan-activity;sid:84530657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667555/; classtype:trojan-activity;sid:84530655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667531)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667531/; classtype:trojan-activity;sid:84530631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667532)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667532/; classtype:trojan-activity;sid:84530632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667533)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667533/; classtype:trojan-activity;sid:84530633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667534)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667534/; classtype:trojan-activity;sid:84530634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667535)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667535/; classtype:trojan-activity;sid:84530635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667536)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667536/; classtype:trojan-activity;sid:84530636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667537)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667537/; classtype:trojan-activity;sid:84530637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667538)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667538/; classtype:trojan-activity;sid:84530638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667539)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667539/; classtype:trojan-activity;sid:84530639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667540)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667540/; classtype:trojan-activity;sid:84530640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667542/; classtype:trojan-activity;sid:84530642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667543/; classtype:trojan-activity;sid:84530643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667544)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667544/; classtype:trojan-activity;sid:84530644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667545)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667545/; classtype:trojan-activity;sid:84530645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667546/; classtype:trojan-activity;sid:84530646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667547)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667547/; classtype:trojan-activity;sid:84530647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667549)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667549/; classtype:trojan-activity;sid:84530649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667551)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667551/; classtype:trojan-activity;sid:84530651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667552)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667552/; classtype:trojan-activity;sid:84530652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667514)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"allahvsataturk.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667514/; classtype:trojan-activity;sid:84530614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667239)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251009005738.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pocopa.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667239/; classtype:trojan-activity;sid:84530339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667033/; classtype:trojan-activity;sid:84530133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667002)"; flow:established,from_client; content:"GET"; http_method; content:"/35/items/optimized_msi_20251008_1417/optimized_msi.png"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"ia601007.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667002/; classtype:trojan-activity;sid:84530102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667000)"; flow:established,from_client; content:"GET"; http_method; content:"/35/items/optimized_msi_20251008_1417/optimized_msi.png"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"ia601007.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667000/; classtype:trojan-activity;sid:84530100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3666829/; classtype:trojan-activity;sid:84529929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666552)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666552/; classtype:trojan-activity;sid:84529652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666553)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.165.215.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666553/; classtype:trojan-activity;sid:84529653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666551)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666551/; classtype:trojan-activity;sid:84529651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666550)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666550/; classtype:trojan-activity;sid:84529650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666547)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.49.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666547/; classtype:trojan-activity;sid:84529647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666544)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.149.62.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666544/; classtype:trojan-activity;sid:84529644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.105.154.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666202/; classtype:trojan-activity;sid:84529302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666168)"; flow:established,from_client; content:"GET"; http_method; content:"/shost.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.188.91.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666168/; classtype:trojan-activity;sid:84529268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-09-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666133/; classtype:trojan-activity;sid:84529233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666131/; classtype:trojan-activity;sid:84529231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666130/; classtype:trojan-activity;sid:84529230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-09-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666129/; classtype:trojan-activity;sid:84529229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-06-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666128/; classtype:trojan-activity;sid:84529228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-11-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666127/; classtype:trojan-activity;sid:84529227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666123/; classtype:trojan-activity;sid:84529223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666124/; classtype:trojan-activity;sid:84529224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666125/; classtype:trojan-activity;sid:84529225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666126/; classtype:trojan-activity;sid:84529226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666121/; classtype:trojan-activity;sid:84529221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666122/; classtype:trojan-activity;sid:84529222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666120/; classtype:trojan-activity;sid:84529220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666118/; classtype:trojan-activity;sid:84529218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666119/; classtype:trojan-activity;sid:84529219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666113/; classtype:trojan-activity;sid:84529213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666114/; classtype:trojan-activity;sid:84529214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666116/; classtype:trojan-activity;sid:84529216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-10-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666117/; classtype:trojan-activity;sid:84529217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666110/; classtype:trojan-activity;sid:84529210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666111/; classtype:trojan-activity;sid:84529211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-05-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666112/; classtype:trojan-activity;sid:84529212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666105/; classtype:trojan-activity;sid:84529205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666106/; classtype:trojan-activity;sid:84529206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666107/; classtype:trojan-activity;sid:84529207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666108/; classtype:trojan-activity;sid:84529208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666109/; classtype:trojan-activity;sid:84529209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666101/; classtype:trojan-activity;sid:84529201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666102/; classtype:trojan-activity;sid:84529202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666103/; classtype:trojan-activity;sid:84529203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666104/; classtype:trojan-activity;sid:84529204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666095/; classtype:trojan-activity;sid:84529195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666096/; classtype:trojan-activity;sid:84529196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-09-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666098/; classtype:trojan-activity;sid:84529198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666099/; classtype:trojan-activity;sid:84529199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666092/; classtype:trojan-activity;sid:84529192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666094/; classtype:trojan-activity;sid:84529194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666090/; classtype:trojan-activity;sid:84529190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666091/; classtype:trojan-activity;sid:84529191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666089/; classtype:trojan-activity;sid:84529189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666084/; classtype:trojan-activity;sid:84529184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666081/; classtype:trojan-activity;sid:84529181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666082/; classtype:trojan-activity;sid:84529182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666083/; classtype:trojan-activity;sid:84529183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666069/; classtype:trojan-activity;sid:84529169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666070/; classtype:trojan-activity;sid:84529170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666071/; classtype:trojan-activity;sid:84529171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666073/; classtype:trojan-activity;sid:84529173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666075/; classtype:trojan-activity;sid:84529175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-12-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666076/; classtype:trojan-activity;sid:84529176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666080/; classtype:trojan-activity;sid:84529180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666066/; classtype:trojan-activity;sid:84529166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666065/; classtype:trojan-activity;sid:84529165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666063/; classtype:trojan-activity;sid:84529163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666062/; classtype:trojan-activity;sid:84529162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666061/; classtype:trojan-activity;sid:84529161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666060/; classtype:trojan-activity;sid:84529160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-09-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666059/; classtype:trojan-activity;sid:84529159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666058/; classtype:trojan-activity;sid:84529158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666057/; classtype:trojan-activity;sid:84529157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666056/; classtype:trojan-activity;sid:84529156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-05-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666053/; classtype:trojan-activity;sid:84529153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666055/; classtype:trojan-activity;sid:84529155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666048/; classtype:trojan-activity;sid:84529148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666049/; classtype:trojan-activity;sid:84529149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666050/; classtype:trojan-activity;sid:84529150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666051/; classtype:trojan-activity;sid:84529151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666052/; classtype:trojan-activity;sid:84529152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666042/; classtype:trojan-activity;sid:84529142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666043/; classtype:trojan-activity;sid:84529143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666044/; classtype:trojan-activity;sid:84529144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666045/; classtype:trojan-activity;sid:84529145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666046/; classtype:trojan-activity;sid:84529146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666047/; classtype:trojan-activity;sid:84529147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666038/; classtype:trojan-activity;sid:84529138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666039/; classtype:trojan-activity;sid:84529139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666041/; classtype:trojan-activity;sid:84529141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666036/; classtype:trojan-activity;sid:84529136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666037/; classtype:trojan-activity;sid:84529137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666033/; classtype:trojan-activity;sid:84529133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-12-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666034/; classtype:trojan-activity;sid:84529134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666035/; classtype:trojan-activity;sid:84529135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666032/; classtype:trojan-activity;sid:84529132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666028/; classtype:trojan-activity;sid:84529128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666029/; classtype:trojan-activity;sid:84529129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666030/; classtype:trojan-activity;sid:84529130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666031/; classtype:trojan-activity;sid:84529131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666027/; classtype:trojan-activity;sid:84529127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666026/; classtype:trojan-activity;sid:84529126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666020/; classtype:trojan-activity;sid:84529120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666021/; classtype:trojan-activity;sid:84529121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666022/; classtype:trojan-activity;sid:84529122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666023/; classtype:trojan-activity;sid:84529123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666024/; classtype:trojan-activity;sid:84529124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666025/; classtype:trojan-activity;sid:84529125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-03-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666018/; classtype:trojan-activity;sid:84529118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666019/; classtype:trojan-activity;sid:84529119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666015/; classtype:trojan-activity;sid:84529115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666017/; classtype:trojan-activity;sid:84529117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666014/; classtype:trojan-activity;sid:84529114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666013/; classtype:trojan-activity;sid:84529113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.81.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665881/; classtype:trojan-activity;sid:84528981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665853)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arm"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665853/; classtype:trojan-activity;sid:84528953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665849)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665849/; classtype:trojan-activity;sid:84528949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665848)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/debug"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665848/; classtype:trojan-activity;sid:84528948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665846)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arm5"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665846/; classtype:trojan-activity;sid:84528946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665844)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.i686"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665844/; classtype:trojan-activity;sid:84528944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665843)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665843/; classtype:trojan-activity;sid:84528943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665838)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.spc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665838/; classtype:trojan-activity;sid:84528938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665840)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arm6"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665840/; classtype:trojan-activity;sid:84528940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665823)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.x86_64"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665823/; classtype:trojan-activity;sid:84528923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665826)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.sh4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665826/; classtype:trojan-activity;sid:84528926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665827)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arm7"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665827/; classtype:trojan-activity;sid:84528927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665830)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665830/; classtype:trojan-activity;sid:84528930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665831)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.mips"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665831/; classtype:trojan-activity;sid:84528931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665832)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.ppc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665832/; classtype:trojan-activity;sid:84528932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665822)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.m68k"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"frosty-einstein.45-141-215-196.plesk.page"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665822/; classtype:trojan-activity;sid:84528922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665807)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665807/; classtype:trojan-activity;sid:84528907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665801)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.79.192.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665801/; classtype:trojan-activity;sid:84528901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665802)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665802/; classtype:trojan-activity;sid:84528902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665803)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665803/; classtype:trojan-activity;sid:84528903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665799)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665799/; classtype:trojan-activity;sid:84528899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665798)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.157.110.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665798/; classtype:trojan-activity;sid:84528898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665796)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665796/; classtype:trojan-activity;sid:84528896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665788)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665788/; classtype:trojan-activity;sid:84528888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665779)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665779/; classtype:trojan-activity;sid:84528879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665767)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665767/; classtype:trojan-activity;sid:84528867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665758)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.138.28.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665758/; classtype:trojan-activity;sid:84528858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665760)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.91.88.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665760/; classtype:trojan-activity;sid:84528860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665755)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665755/; classtype:trojan-activity;sid:84528855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665749)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.157.110.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665749/; classtype:trojan-activity;sid:84528849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665747)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665747/; classtype:trojan-activity;sid:84528847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665742)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665742/; classtype:trojan-activity;sid:84528842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665733)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.26.174.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665733/; classtype:trojan-activity;sid:84528833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665715)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665715/; classtype:trojan-activity;sid:84528815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665712)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665712/; classtype:trojan-activity;sid:84528812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665709)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665709/; classtype:trojan-activity;sid:84528809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665707)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.255.22.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665707/; classtype:trojan-activity;sid:84528807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665703)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665703/; classtype:trojan-activity;sid:84528803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665699)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665699/; classtype:trojan-activity;sid:84528799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665700)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.4.52.242"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665700/; classtype:trojan-activity;sid:84528800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665692)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"155.2.213.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665692/; classtype:trojan-activity;sid:84528792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665677)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665677/; classtype:trojan-activity;sid:84528777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665674)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"155.2.213.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665674/; classtype:trojan-activity;sid:84528774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665671)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.160.215.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665671/; classtype:trojan-activity;sid:84528771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665669)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665669/; classtype:trojan-activity;sid:84528769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665664)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665664/; classtype:trojan-activity;sid:84528764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665662)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.144.160.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665662/; classtype:trojan-activity;sid:84528762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665656)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665656/; classtype:trojan-activity;sid:84528756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665646)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/chendesheng/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665646/; classtype:trojan-activity;sid:84528746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665645)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/productcode/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665645/; classtype:trojan-activity;sid:84528745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665643)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/trkjob/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665643/; classtype:trojan-activity;sid:84528743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665644)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665644/; classtype:trojan-activity;sid:84528744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665642)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665642/; classtype:trojan-activity;sid:84528742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665641)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/2_0_50727/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665641/; classtype:trojan-activity;sid:84528741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665640)"; flow:established,from_client; content:"GET"; http_method; content:"/image/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665640/; classtype:trojan-activity;sid:84528740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665639)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665639/; classtype:trojan-activity;sid:84528739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665635)"; flow:established,from_client; content:"GET"; http_method; content:"/check_update_apk/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665635/; classtype:trojan-activity;sid:84528735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665636)"; flow:established,from_client; content:"GET"; http_method; content:"/test/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665636/; classtype:trojan-activity;sid:84528736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665637)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/aspnet_client/system_web/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665637/; classtype:trojan-activity;sid:84528737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665638)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/wmsentry/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665638/; classtype:trojan-activity;sid:84528738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665634)"; flow:established,from_client; content:"GET"; http_method; content:"/template/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665634/; classtype:trojan-activity;sid:84528734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665633)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665633/; classtype:trojan-activity;sid:84528733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665632)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/aspnet_client/system_web/4_0_30319/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665632/; classtype:trojan-activity;sid:84528732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665631)"; flow:established,from_client; content:"GET"; http_method; content:"/barcode/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665631/; classtype:trojan-activity;sid:84528731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665629)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/qdsc/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665629/; classtype:trojan-activity;sid:84528729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665630)"; flow:established,from_client; content:"GET"; http_method; content:"/cfg/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665630/; classtype:trojan-activity;sid:84528730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665627)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/aspnet_client/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665627/; classtype:trojan-activity;sid:84528727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665628)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/customercode/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665628/; classtype:trojan-activity;sid:84528728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665626)"; flow:established,from_client; content:"GET"; http_method; content:"/toupdateapk/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665626/; classtype:trojan-activity;sid:84528726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665625)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/cys/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665625/; classtype:trojan-activity;sid:84528725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665624)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/sysreport/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665624/; classtype:trojan-activity;sid:84528724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665622)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/testappicon/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665622/; classtype:trojan-activity;sid:84528722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665623)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/null/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665623/; classtype:trojan-activity;sid:84528723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665621)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665621/; classtype:trojan-activity;sid:84528721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665620)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/aspnet_client/system_web/2_0_50727/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665620/; classtype:trojan-activity;sid:84528720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665619)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc-testapp-/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665619/; classtype:trojan-activity;sid:84528719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665617)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/maanbang/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665617/; classtype:trojan-activity;sid:84528717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665618)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/test/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665618/; classtype:trojan-activity;sid:84528718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665616)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/liubin/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665616/; classtype:trojan-activity;sid:84528716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665615)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/fengzaixing/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665615/; classtype:trojan-activity;sid:84528715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665611)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665611/; classtype:trojan-activity;sid:84528711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665612)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665612/; classtype:trojan-activity;sid:84528712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665613)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665613/; classtype:trojan-activity;sid:84528713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665556)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665556/; classtype:trojan-activity;sid:84528656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665555)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arm"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665555/; classtype:trojan-activity;sid:84528655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665548)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arm6"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665548/; classtype:trojan-activity;sid:84528648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665549)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arm7"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665549/; classtype:trojan-activity;sid:84528649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665537)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.mips"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665537/; classtype:trojan-activity;sid:84528637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665539)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665539/; classtype:trojan-activity;sid:84528639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665540)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.sh4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665540/; classtype:trojan-activity;sid:84528640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665541)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665541/; classtype:trojan-activity;sid:84528641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665542)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.ppc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665542/; classtype:trojan-activity;sid:84528642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665543)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.arm5"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665543/; classtype:trojan-activity;sid:84528643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665544)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.x86_64"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665544/; classtype:trojan-activity;sid:84528644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665545)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.spc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665545/; classtype:trojan-activity;sid:84528645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665547)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.i686"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665547/; classtype:trojan-activity;sid:84528647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665535)"; flow:established,from_client; content:"GET"; http_method; content:"/fuckyou0urlhaus0abuse0ch/labello.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"45.141.215.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665535/; classtype:trojan-activity;sid:84528635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665482)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665482/; classtype:trojan-activity;sid:84528582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665481)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665481/; classtype:trojan-activity;sid:84528581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665480)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665480/; classtype:trojan-activity;sid:84528580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665471)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665471/; classtype:trojan-activity;sid:84528571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665472)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665472/; classtype:trojan-activity;sid:84528572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665473)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665473/; classtype:trojan-activity;sid:84528573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665474)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665474/; classtype:trojan-activity;sid:84528574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665475)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665475/; classtype:trojan-activity;sid:84528575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665476)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665476/; classtype:trojan-activity;sid:84528576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665477)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665477/; classtype:trojan-activity;sid:84528577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665478)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665478/; classtype:trojan-activity;sid:84528578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665479)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665479/; classtype:trojan-activity;sid:84528579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665469)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665469/; classtype:trojan-activity;sid:84528569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665470)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665470/; classtype:trojan-activity;sid:84528570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665463)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665463/; classtype:trojan-activity;sid:84528563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665464)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665464/; classtype:trojan-activity;sid:84528564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665465)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665465/; classtype:trojan-activity;sid:84528565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665466)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665466/; classtype:trojan-activity;sid:84528566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665467)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665467/; classtype:trojan-activity;sid:84528567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665468)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665468/; classtype:trojan-activity;sid:84528568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665460)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665460/; classtype:trojan-activity;sid:84528560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665461)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665461/; classtype:trojan-activity;sid:84528561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665462)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665462/; classtype:trojan-activity;sid:84528562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665455)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665455/; classtype:trojan-activity;sid:84528555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665452)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"microsoft-telemetry.at"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665452/; classtype:trojan-activity;sid:84528552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665450)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/vnc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"microsoft-telemetry.at"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665450/; classtype:trojan-activity;sid:84528550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665451)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"microsoft-telemetry.at"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665451/; classtype:trojan-activity;sid:84528551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665447)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"microsoft-telemetry.at"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665447/; classtype:trojan-activity;sid:84528547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665448)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"23.94.252.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665448/; classtype:trojan-activity;sid:84528548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665449)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"23.94.252.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665449/; classtype:trojan-activity;sid:84528549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665443)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"23.94.252.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665443/; classtype:trojan-activity;sid:84528543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665444)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/vnc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"23.94.252.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665444/; classtype:trojan-activity;sid:84528544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665445)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"microsoft-telemetry.at"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665445/; classtype:trojan-activity;sid:84528545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665446)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"23.94.252.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665446/; classtype:trojan-activity;sid:84528546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.37.228.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3665066/; classtype:trojan-activity;sid:84528166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665054)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.73.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3665054/; classtype:trojan-activity;sid:84528154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665050)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.73.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3665050/; classtype:trojan-activity;sid:84528150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665048)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.73.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3665048/; classtype:trojan-activity;sid:84528148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.90.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3665002/; classtype:trojan-activity;sid:84528102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.90.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664984/; classtype:trojan-activity;sid:84528084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664885)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.79.192.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664885/; classtype:trojan-activity;sid:84527985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664880)"; flow:established,from_client; content:"GET"; http_method; content:"/public/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664880/; classtype:trojan-activity;sid:84527980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664813)"; flow:established,from_client; content:"GET"; http_method; content:"/28/items/msi-pro-with-b-64_20251007_2240/msi_pro_with_b64.png"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"ia601009.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664813/; classtype:trojan-activity;sid:84527913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662908)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662908/; classtype:trojan-activity;sid:84526008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662886/; classtype:trojan-activity;sid:84525986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662887)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662887/; classtype:trojan-activity;sid:84525987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662888)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662888/; classtype:trojan-activity;sid:84525988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.160.26.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662879/; classtype:trojan-activity;sid:84525979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662850)"; flow:established,from_client; content:"GET"; http_method; content:"/afkzspyf66vlcjs.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662850/; classtype:trojan-activity;sid:84525950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662848)"; flow:established,from_client; content:"GET"; http_method; content:"/hmskzgr1vlc14nt.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662848/; classtype:trojan-activity;sid:84525948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662805)"; flow:established,from_client; content:"GET"; http_method; content:"/asmroyal/cd4/releases/download/cd4/cd4.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662805/; classtype:trojan-activity;sid:84525905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.105.154.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662501/; classtype:trojan-activity;sid:84525601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661438)"; flow:established,from_client; content:"GET"; http_method; content:"/fcpgnrwkcjpeojh.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661438/; classtype:trojan-activity;sid:84524538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661435)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1afutsiefohaia02gkfjdbgn-kk91hksb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661435/; classtype:trojan-activity;sid:84524535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661353/; classtype:trojan-activity;sid:84524453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661068)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/javawe.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"193.233.175.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661068/; classtype:trojan-activity;sid:84524168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661069)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/rate.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.233.175.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661069/; classtype:trojan-activity;sid:84524169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661079)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/arce.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.233.175.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661079/; classtype:trojan-activity;sid:84524179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.222.192.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3660984/; classtype:trojan-activity;sid:84524084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660915/; classtype:trojan-activity;sid:84524015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660738)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660738/; classtype:trojan-activity;sid:84523838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660696)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660696/; classtype:trojan-activity;sid:84523796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660690)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660690/; classtype:trojan-activity;sid:84523790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660688)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660688/; classtype:trojan-activity;sid:84523788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660680)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660680/; classtype:trojan-activity;sid:84523780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660679)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660679/; classtype:trojan-activity;sid:84523779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660677)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660677/; classtype:trojan-activity;sid:84523777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660676)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660676/; classtype:trojan-activity;sid:84523776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660675)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660675/; classtype:trojan-activity;sid:84523775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660674)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660674/; classtype:trojan-activity;sid:84523774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660672)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660672/; classtype:trojan-activity;sid:84523772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660671)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660671/; classtype:trojan-activity;sid:84523771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660670)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660670/; classtype:trojan-activity;sid:84523770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660668)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660668/; classtype:trojan-activity;sid:84523768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660669)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660669/; classtype:trojan-activity;sid:84523769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660665)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660665/; classtype:trojan-activity;sid:84523765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660666)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660666/; classtype:trojan-activity;sid:84523766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660663)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660663/; classtype:trojan-activity;sid:84523763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660664)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660664/; classtype:trojan-activity;sid:84523764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660660)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660660/; classtype:trojan-activity;sid:84523760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660659)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660659/; classtype:trojan-activity;sid:84523759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660657)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660657/; classtype:trojan-activity;sid:84523757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660658)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660658/; classtype:trojan-activity;sid:84523758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660655/; classtype:trojan-activity;sid:84523755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660656)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660656/; classtype:trojan-activity;sid:84523756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660654)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660654/; classtype:trojan-activity;sid:84523754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660652)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660652/; classtype:trojan-activity;sid:84523752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660653)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660653/; classtype:trojan-activity;sid:84523753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660647)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660647/; classtype:trojan-activity;sid:84523747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660648)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660648/; classtype:trojan-activity;sid:84523748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660649)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660649/; classtype:trojan-activity;sid:84523749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660644)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660644/; classtype:trojan-activity;sid:84523744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660642)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660642/; classtype:trojan-activity;sid:84523742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660641)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660641/; classtype:trojan-activity;sid:84523741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660640)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660640/; classtype:trojan-activity;sid:84523740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660639)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660639/; classtype:trojan-activity;sid:84523739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660638)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660638/; classtype:trojan-activity;sid:84523738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660637)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660637/; classtype:trojan-activity;sid:84523737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660636)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660636/; classtype:trojan-activity;sid:84523736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660635)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660635/; classtype:trojan-activity;sid:84523735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660634)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660634/; classtype:trojan-activity;sid:84523734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660633)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660633/; classtype:trojan-activity;sid:84523733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660631)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660631/; classtype:trojan-activity;sid:84523731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660630)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660630/; classtype:trojan-activity;sid:84523730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660629)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660629/; classtype:trojan-activity;sid:84523729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660627)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660627/; classtype:trojan-activity;sid:84523727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660626)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660626/; classtype:trojan-activity;sid:84523726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660625)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660625/; classtype:trojan-activity;sid:84523725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660624)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660624/; classtype:trojan-activity;sid:84523724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660622)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660622/; classtype:trojan-activity;sid:84523722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660623)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660623/; classtype:trojan-activity;sid:84523723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660621)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660621/; classtype:trojan-activity;sid:84523721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660620)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660620/; classtype:trojan-activity;sid:84523720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660619)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660619/; classtype:trojan-activity;sid:84523719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660618)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660618/; classtype:trojan-activity;sid:84523718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660615)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660615/; classtype:trojan-activity;sid:84523715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660616)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660616/; classtype:trojan-activity;sid:84523716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660614)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660614/; classtype:trojan-activity;sid:84523714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660612)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660612/; classtype:trojan-activity;sid:84523712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660613)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660613/; classtype:trojan-activity;sid:84523713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660611)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660611/; classtype:trojan-activity;sid:84523711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660608)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660608/; classtype:trojan-activity;sid:84523708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660607)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660607/; classtype:trojan-activity;sid:84523707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660605)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660605/; classtype:trojan-activity;sid:84523705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660603)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660603/; classtype:trojan-activity;sid:84523703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660600)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660600/; classtype:trojan-activity;sid:84523700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660599)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660599/; classtype:trojan-activity;sid:84523699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660598)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660598/; classtype:trojan-activity;sid:84523698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660596)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660596/; classtype:trojan-activity;sid:84523696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660595)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660595/; classtype:trojan-activity;sid:84523695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660594)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660594/; classtype:trojan-activity;sid:84523694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660592)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660592/; classtype:trojan-activity;sid:84523692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660593)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660593/; classtype:trojan-activity;sid:84523693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660590)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660590/; classtype:trojan-activity;sid:84523690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660591)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660591/; classtype:trojan-activity;sid:84523691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660587)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660587/; classtype:trojan-activity;sid:84523687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660588)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660588/; classtype:trojan-activity;sid:84523688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660589)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660589/; classtype:trojan-activity;sid:84523689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660585)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660585/; classtype:trojan-activity;sid:84523685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660583)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660583/; classtype:trojan-activity;sid:84523683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660584)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660584/; classtype:trojan-activity;sid:84523684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660581)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660581/; classtype:trojan-activity;sid:84523681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660582)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660582/; classtype:trojan-activity;sid:84523682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660579)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660579/; classtype:trojan-activity;sid:84523679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660580)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660580/; classtype:trojan-activity;sid:84523680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660577)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660577/; classtype:trojan-activity;sid:84523677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660575)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660575/; classtype:trojan-activity;sid:84523675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660576)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660576/; classtype:trojan-activity;sid:84523676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660573)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660573/; classtype:trojan-activity;sid:84523673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660574)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660574/; classtype:trojan-activity;sid:84523674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660571)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660571/; classtype:trojan-activity;sid:84523671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660569)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660569/; classtype:trojan-activity;sid:84523669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660570)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660570/; classtype:trojan-activity;sid:84523670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660568)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660568/; classtype:trojan-activity;sid:84523668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660563)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660563/; classtype:trojan-activity;sid:84523663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660564)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660564/; classtype:trojan-activity;sid:84523664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660566)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660566/; classtype:trojan-activity;sid:84523666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660559)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660559/; classtype:trojan-activity;sid:84523659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660560)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660560/; classtype:trojan-activity;sid:84523660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660561)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660561/; classtype:trojan-activity;sid:84523661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660558)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660558/; classtype:trojan-activity;sid:84523658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660552)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660552/; classtype:trojan-activity;sid:84523652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660553)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660553/; classtype:trojan-activity;sid:84523653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660554)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660554/; classtype:trojan-activity;sid:84523654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660555)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660555/; classtype:trojan-activity;sid:84523655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660556)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660556/; classtype:trojan-activity;sid:84523656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660537)"; flow:established,from_client; content:"GET"; http_method; content:"/sxs/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"110.227.197.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660537/; classtype:trojan-activity;sid:84523637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660513)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660513/; classtype:trojan-activity;sid:84523613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660514)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.222.32.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660514/; classtype:trojan-activity;sid:84523614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660505)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.95.124.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660505/; classtype:trojan-activity;sid:84523605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660502)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.19.233.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660502/; classtype:trojan-activity;sid:84523602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.246.178.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660487/; classtype:trojan-activity;sid:84523587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.28.10.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660475/; classtype:trojan-activity;sid:84523575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.101.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660465/; classtype:trojan-activity;sid:84523565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660469)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.96.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660469/; classtype:trojan-activity;sid:84523569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660460)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660460/; classtype:trojan-activity;sid:84523560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660332)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660332/; classtype:trojan-activity;sid:84523432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660331)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660331/; classtype:trojan-activity;sid:84523431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660329)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660329/; classtype:trojan-activity;sid:84523429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660328)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660328/; classtype:trojan-activity;sid:84523428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660327/; classtype:trojan-activity;sid:84523427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660302)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"csk.vietnamddns.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660302/; classtype:trojan-activity;sid:84523402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660300)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"csk.vietnamddns.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660300/; classtype:trojan-activity;sid:84523400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660301)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"csk.vietnamddns.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660301/; classtype:trojan-activity;sid:84523401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660299)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"csk.vietnamddns.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660299/; classtype:trojan-activity;sid:84523399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660290)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660290/; classtype:trojan-activity;sid:84523390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660262)"; flow:established,from_client; content:"GET"; http_method; content:"/fire/situp.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660262/; classtype:trojan-activity;sid:84523362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660260)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/asasa-84500.firebasestorage.app/o/272727.txt|3f|alt=media|7c|26|7c|token=57f3e282-a78f-4c1d-800e-f4d9abfc904b"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660260/; classtype:trojan-activity;sid:84523360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660216)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660216/; classtype:trojan-activity;sid:84523316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660207)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660207/; classtype:trojan-activity;sid:84523307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660199)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660199/; classtype:trojan-activity;sid:84523299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660200)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660200/; classtype:trojan-activity;sid:84523300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660201)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660201/; classtype:trojan-activity;sid:84523301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660202)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660202/; classtype:trojan-activity;sid:84523302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660197)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660197/; classtype:trojan-activity;sid:84523297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660198)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660198/; classtype:trojan-activity;sid:84523298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660188)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660188/; classtype:trojan-activity;sid:84523288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660190)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660190/; classtype:trojan-activity;sid:84523290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660191)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660191/; classtype:trojan-activity;sid:84523291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660192)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660192/; classtype:trojan-activity;sid:84523292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660193)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660193/; classtype:trojan-activity;sid:84523293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660194)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660194/; classtype:trojan-activity;sid:84523294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660195)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660195/; classtype:trojan-activity;sid:84523295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660196)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660196/; classtype:trojan-activity;sid:84523296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660185)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660185/; classtype:trojan-activity;sid:84523285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660180)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660180/; classtype:trojan-activity;sid:84523280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660183)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660183/; classtype:trojan-activity;sid:84523283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660177)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660177/; classtype:trojan-activity;sid:84523277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660167)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660167/; classtype:trojan-activity;sid:84523267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660168)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660168/; classtype:trojan-activity;sid:84523268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660169)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660169/; classtype:trojan-activity;sid:84523269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660170)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660170/; classtype:trojan-activity;sid:84523270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660171)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660171/; classtype:trojan-activity;sid:84523271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660173)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660173/; classtype:trojan-activity;sid:84523273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660164)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660164/; classtype:trojan-activity;sid:84523264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660165)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660165/; classtype:trojan-activity;sid:84523265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660166)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660166/; classtype:trojan-activity;sid:84523266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660161)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660161/; classtype:trojan-activity;sid:84523261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660162)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660162/; classtype:trojan-activity;sid:84523262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660160)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660160/; classtype:trojan-activity;sid:84523260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660142)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660142/; classtype:trojan-activity;sid:84523242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660143)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660143/; classtype:trojan-activity;sid:84523243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660144)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660144/; classtype:trojan-activity;sid:84523244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660145)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660145/; classtype:trojan-activity;sid:84523245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660146)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660146/; classtype:trojan-activity;sid:84523246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660147)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660147/; classtype:trojan-activity;sid:84523247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660148)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660148/; classtype:trojan-activity;sid:84523248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660149)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660149/; classtype:trojan-activity;sid:84523249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660150)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660150/; classtype:trojan-activity;sid:84523250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660151)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660151/; classtype:trojan-activity;sid:84523251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660152)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660152/; classtype:trojan-activity;sid:84523252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660153)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660153/; classtype:trojan-activity;sid:84523253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660154)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660154/; classtype:trojan-activity;sid:84523254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660155)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660155/; classtype:trojan-activity;sid:84523255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660156)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"beesoft.id.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660156/; classtype:trojan-activity;sid:84523256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660159)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.beesoft.id.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660159/; classtype:trojan-activity;sid:84523259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660131)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660131/; classtype:trojan-activity;sid:84523231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660132)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660132/; classtype:trojan-activity;sid:84523232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660133)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660133/; classtype:trojan-activity;sid:84523233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660134)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660134/; classtype:trojan-activity;sid:84523234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660135)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660135/; classtype:trojan-activity;sid:84523235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660136)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660136/; classtype:trojan-activity;sid:84523236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660137)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660137/; classtype:trojan-activity;sid:84523237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660138)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660138/; classtype:trojan-activity;sid:84523238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660139)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660139/; classtype:trojan-activity;sid:84523239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660140)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cms.hoangddt.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660140/; classtype:trojan-activity;sid:84523240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmb/wealthyblessedman.txt"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"aerconditionat-arges.ro"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660123/; classtype:trojan-activity;sid:84523223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660116)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/ab23%2fdllskyyyyyyyyyyyyyyy.txt|3f|alt=media|7c|26|7c|token=ba6fc66c-551c-42b7-934c-808e6e48e247"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660116/; classtype:trojan-activity;sid:84523216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.230.38.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659881/; classtype:trojan-activity;sid:84522981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.230.38.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659861/; classtype:trojan-activity;sid:84522961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659836)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659836/; classtype:trojan-activity;sid:84522936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659835)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659835/; classtype:trojan-activity;sid:84522935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659834)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659834/; classtype:trojan-activity;sid:84522934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659833)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659833/; classtype:trojan-activity;sid:84522933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659808)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659808/; classtype:trojan-activity;sid:84522908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659805)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659805/; classtype:trojan-activity;sid:84522905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659801)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659801/; classtype:trojan-activity;sid:84522901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659802)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"104.187.164.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659802/; classtype:trojan-activity;sid:84522902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659803)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659803/; classtype:trojan-activity;sid:84522903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659796)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.82.169.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659796/; classtype:trojan-activity;sid:84522896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659797)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.82.169.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659797/; classtype:trojan-activity;sid:84522897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659789)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659789/; classtype:trojan-activity;sid:84522889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659792)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.104.139.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659792/; classtype:trojan-activity;sid:84522892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659779)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659779/; classtype:trojan-activity;sid:84522879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659782)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659782/; classtype:trojan-activity;sid:84522882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659769)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659769/; classtype:trojan-activity;sid:84522869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659766/; classtype:trojan-activity;sid:84522866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659598)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"145.249.186.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659598/; classtype:trojan-activity;sid:84522698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659586)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"184.105.33.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659586/; classtype:trojan-activity;sid:84522686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659570)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659570/; classtype:trojan-activity;sid:84522670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659545)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659545/; classtype:trojan-activity;sid:84522645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659536)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.105.33.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659536/; classtype:trojan-activity;sid:84522636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659511)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.105.33.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659511/; classtype:trojan-activity;sid:84522611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659035/; classtype:trojan-activity;sid:84522135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02102019084433/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659034/; classtype:trojan-activity;sid:84522134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/14092020084207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659033/; classtype:trojan-activity;sid:84522133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26112020085916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659032/; classtype:trojan-activity;sid:84522132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18102019111038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659029/; classtype:trojan-activity;sid:84522129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19122019073250/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659030/; classtype:trojan-activity;sid:84522130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15032020090651/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659031/; classtype:trojan-activity;sid:84522131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659027/; classtype:trojan-activity;sid:84522127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25082019112646/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659028/; classtype:trojan-activity;sid:84522128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659025/; classtype:trojan-activity;sid:84522125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09022020101638/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659026/; classtype:trojan-activity;sid:84522126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16022020064629/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659024/; classtype:trojan-activity;sid:84522124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02122019094630/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659023/; classtype:trojan-activity;sid:84522123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659022/; classtype:trojan-activity;sid:84522122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25082019114000/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659020/; classtype:trojan-activity;sid:84522120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/08102020100008/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659021/; classtype:trojan-activity;sid:84522121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10072020083751/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659019/; classtype:trojan-activity;sid:84522119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23092020092742/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659018/; classtype:trojan-activity;sid:84522118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020073000/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659016/; classtype:trojan-activity;sid:84522116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020104632/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659015/; classtype:trojan-activity;sid:84522115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20022020082433/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659014/; classtype:trojan-activity;sid:84522114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659013/; classtype:trojan-activity;sid:84522113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09112020092547/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659012/; classtype:trojan-activity;sid:84522112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30102019072217/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659011/; classtype:trojan-activity;sid:84522111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659010/; classtype:trojan-activity;sid:84522110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06032020111840/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659009/; classtype:trojan-activity;sid:84522109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020102618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659008/; classtype:trojan-activity;sid:84522108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24102019112253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659007/; classtype:trojan-activity;sid:84522107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13092019073440/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659005/; classtype:trojan-activity;sid:84522105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659004/; classtype:trojan-activity;sid:84522104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659000/; classtype:trojan-activity;sid:84522100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13092019111559/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659001/; classtype:trojan-activity;sid:84522101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020111356/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659002/; classtype:trojan-activity;sid:84522102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658998/; classtype:trojan-activity;sid:84522098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658994/; classtype:trojan-activity;sid:84522094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22052020090422/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658995/; classtype:trojan-activity;sid:84522095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27112019140402/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658993/; classtype:trojan-activity;sid:84522093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658990/; classtype:trojan-activity;sid:84522090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02112019073947/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658988/; classtype:trojan-activity;sid:84522088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658987/; classtype:trojan-activity;sid:84522087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19122019111433/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658984/; classtype:trojan-activity;sid:84522084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17102019111450/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658985/; classtype:trojan-activity;sid:84522085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12022020103210/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658986/; classtype:trojan-activity;sid:84522086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658982/; classtype:trojan-activity;sid:84522082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658980/; classtype:trojan-activity;sid:84522080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16012020081006/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658979/; classtype:trojan-activity;sid:84522079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658978/; classtype:trojan-activity;sid:84522078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658974/; classtype:trojan-activity;sid:84522074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658971/; classtype:trojan-activity;sid:84522071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2025-01-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658970/; classtype:trojan-activity;sid:84522070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30062020084236/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658968/; classtype:trojan-activity;sid:84522068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020073716/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658966/; classtype:trojan-activity;sid:84522066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03082019091209/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658963/; classtype:trojan-activity;sid:84522063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658964/; classtype:trojan-activity;sid:84522064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-10-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658962/; classtype:trojan-activity;sid:84522062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658958/; classtype:trojan-activity;sid:84522058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-09-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658957/; classtype:trojan-activity;sid:84522057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-11-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658954/; classtype:trojan-activity;sid:84522054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04012020075936/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658955/; classtype:trojan-activity;sid:84522055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20122019090429/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658953/; classtype:trojan-activity;sid:84522053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658947/; classtype:trojan-activity;sid:84522047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25012020103314/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658949/; classtype:trojan-activity;sid:84522049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658950/; classtype:trojan-activity;sid:84522050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25092019085125/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658951/; classtype:trojan-activity;sid:84522051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658952/; classtype:trojan-activity;sid:84522052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658943/; classtype:trojan-activity;sid:84522043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658944/; classtype:trojan-activity;sid:84522044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08022020102430/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658942/; classtype:trojan-activity;sid:84522042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24112019093155/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658941/; classtype:trojan-activity;sid:84522041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658938/; classtype:trojan-activity;sid:84522038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26082019085159/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658939/; classtype:trojan-activity;sid:84522039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658937/; classtype:trojan-activity;sid:84522037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20032020103652/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658934/; classtype:trojan-activity;sid:84522034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01022020073820/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658935/; classtype:trojan-activity;sid:84522035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658936/; classtype:trojan-activity;sid:84522036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/25062020092106/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658931/; classtype:trojan-activity;sid:84522031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658932/; classtype:trojan-activity;sid:84522032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10082020083839/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658929/; classtype:trojan-activity;sid:84522029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25112019100904/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658927/; classtype:trojan-activity;sid:84522027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01022020074721/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658923/; classtype:trojan-activity;sid:84522023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658924/; classtype:trojan-activity;sid:84522024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658926/; classtype:trojan-activity;sid:84522026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658921/; classtype:trojan-activity;sid:84522021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658922/; classtype:trojan-activity;sid:84522022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20012020074152/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658917/; classtype:trojan-activity;sid:84522017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658913/; classtype:trojan-activity;sid:84522013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28102019124803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658914/; classtype:trojan-activity;sid:84522014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658905/; classtype:trojan-activity;sid:84522005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07082019085049/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658906/; classtype:trojan-activity;sid:84522006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18122019111713/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658909/; classtype:trojan-activity;sid:84522009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658910/; classtype:trojan-activity;sid:84522010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-07-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658903/; classtype:trojan-activity;sid:84522003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05012020083458/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658904/; classtype:trojan-activity;sid:84522004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07032020103438/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658902/; classtype:trojan-activity;sid:84522002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22062020085933/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658900/; classtype:trojan-activity;sid:84522000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14082019111536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658895/; classtype:trojan-activity;sid:84521995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12082019083210/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658896/; classtype:trojan-activity;sid:84521996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29122019110754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658897/; classtype:trojan-activity;sid:84521997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31012020103024/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658892/; classtype:trojan-activity;sid:84521992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658893/; classtype:trojan-activity;sid:84521993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09102019084351/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658894/; classtype:trojan-activity;sid:84521994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/24082020090253/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658884/; classtype:trojan-activity;sid:84521984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658885/; classtype:trojan-activity;sid:84521985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658886/; classtype:trojan-activity;sid:84521986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658887/; classtype:trojan-activity;sid:84521987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658880/; classtype:trojan-activity;sid:84521980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02082019084250/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658881/; classtype:trojan-activity;sid:84521981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30012020074634/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658882/; classtype:trojan-activity;sid:84521982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22072020095444/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658883/; classtype:trojan-activity;sid:84521983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658878/; classtype:trojan-activity;sid:84521978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658874/; classtype:trojan-activity;sid:84521974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07102020082312/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658875/; classtype:trojan-activity;sid:84521975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658876/; classtype:trojan-activity;sid:84521976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658877/; classtype:trojan-activity;sid:84521977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23012020103306/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658873/; classtype:trojan-activity;sid:84521973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22012020083836/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658872/; classtype:trojan-activity;sid:84521972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16092019081308/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658868/; classtype:trojan-activity;sid:84521968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658870/; classtype:trojan-activity;sid:84521970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658866/; classtype:trojan-activity;sid:84521966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06032020084705/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658862/; classtype:trojan-activity;sid:84521962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658863/; classtype:trojan-activity;sid:84521963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658864/; classtype:trojan-activity;sid:84521964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658865/; classtype:trojan-activity;sid:84521965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03032020101713/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658861/; classtype:trojan-activity;sid:84521961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658859/; classtype:trojan-activity;sid:84521959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31012020141621/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658857/; classtype:trojan-activity;sid:84521957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658856/; classtype:trojan-activity;sid:84521956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/09092020085515/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658854/; classtype:trojan-activity;sid:84521954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658855/; classtype:trojan-activity;sid:84521955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15122019103158/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658852/; classtype:trojan-activity;sid:84521952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658851/; classtype:trojan-activity;sid:84521951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/19112020085207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658847/; classtype:trojan-activity;sid:84521947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15062020104329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658845/; classtype:trojan-activity;sid:84521945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658841/; classtype:trojan-activity;sid:84521941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658836/; classtype:trojan-activity;sid:84521936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658832/; classtype:trojan-activity;sid:84521932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30122019083201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658835/; classtype:trojan-activity;sid:84521935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658825/; classtype:trojan-activity;sid:84521925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/27072020084358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658826/; classtype:trojan-activity;sid:84521926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658828/; classtype:trojan-activity;sid:84521928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658829/; classtype:trojan-activity;sid:84521929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20052020090958/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658821/; classtype:trojan-activity;sid:84521921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11022020102208/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658824/; classtype:trojan-activity;sid:84521924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658813/; classtype:trojan-activity;sid:84521913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24012020083927/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658814/; classtype:trojan-activity;sid:84521914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658816/; classtype:trojan-activity;sid:84521916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/21072020093623/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658817/; classtype:trojan-activity;sid:84521917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658819/; classtype:trojan-activity;sid:84521919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658820/; classtype:trojan-activity;sid:84521920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25122019075053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658810/; classtype:trojan-activity;sid:84521910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20102020083404/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658811/; classtype:trojan-activity;sid:84521911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23092019082104/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658807/; classtype:trojan-activity;sid:84521907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658805/; classtype:trojan-activity;sid:84521905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23022020084448/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658806/; classtype:trojan-activity;sid:84521906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658803/; classtype:trojan-activity;sid:84521903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658801/; classtype:trojan-activity;sid:84521901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658802/; classtype:trojan-activity;sid:84521902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658798/; classtype:trojan-activity;sid:84521898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658789/; classtype:trojan-activity;sid:84521889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25082019111905/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658791/; classtype:trojan-activity;sid:84521891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658793)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21012020083050/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658793/; classtype:trojan-activity;sid:84521893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10032020102753/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658784/; classtype:trojan-activity;sid:84521884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658783/; classtype:trojan-activity;sid:84521883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2023-11-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658778/; classtype:trojan-activity;sid:84521878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/04305539000100/2020-07-06/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658781/; classtype:trojan-activity;sid:84521881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09122019084056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658771/; classtype:trojan-activity;sid:84521871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14022020071643/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658772/; classtype:trojan-activity;sid:84521872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658774/; classtype:trojan-activity;sid:84521874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658775/; classtype:trojan-activity;sid:84521875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20012020111030/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658776/; classtype:trojan-activity;sid:84521876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19092019112515/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658777/; classtype:trojan-activity;sid:84521877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658769/; classtype:trojan-activity;sid:84521869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658768/; classtype:trojan-activity;sid:84521868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/04092020084339/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658767/; classtype:trojan-activity;sid:84521867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658765/; classtype:trojan-activity;sid:84521865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07032020081614/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658759/; classtype:trojan-activity;sid:84521859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658758/; classtype:trojan-activity;sid:84521858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658748/; classtype:trojan-activity;sid:84521848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658749/; classtype:trojan-activity;sid:84521849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019104849/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658750/; classtype:trojan-activity;sid:84521850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658751/; classtype:trojan-activity;sid:84521851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05112019085201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658754/; classtype:trojan-activity;sid:84521854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658755/; classtype:trojan-activity;sid:84521855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22102020084229/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658746/; classtype:trojan-activity;sid:84521846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05062020084755/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658747/; classtype:trojan-activity;sid:84521847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658745/; classtype:trojan-activity;sid:84521845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01042020144319/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658744/; classtype:trojan-activity;sid:84521844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658741/; classtype:trojan-activity;sid:84521841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658743/; classtype:trojan-activity;sid:84521843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14012020083431/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658739/; classtype:trojan-activity;sid:84521839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658735/; classtype:trojan-activity;sid:84521835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27012020110730/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658736/; classtype:trojan-activity;sid:84521836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658737/; classtype:trojan-activity;sid:84521837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27022020082832/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658738/; classtype:trojan-activity;sid:84521838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21112019100237/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658733/; classtype:trojan-activity;sid:84521833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658734/; classtype:trojan-activity;sid:84521834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03112019070517/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658731/; classtype:trojan-activity;sid:84521831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08032020071252/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658732/; classtype:trojan-activity;sid:84521832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658728/; classtype:trojan-activity;sid:84521828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658729/; classtype:trojan-activity;sid:84521829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22092019120500/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658730/; classtype:trojan-activity;sid:84521830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18032020110859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658724/; classtype:trojan-activity;sid:84521824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03082020142629/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658722/; classtype:trojan-activity;sid:84521822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658720/; classtype:trojan-activity;sid:84521820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27082019102541/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658718/; classtype:trojan-activity;sid:84521818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03022020102826/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658719/; classtype:trojan-activity;sid:84521819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14122019072107/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658716/; classtype:trojan-activity;sid:84521816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16032020112426/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658711/; classtype:trojan-activity;sid:84521811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19062020070009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658709/; classtype:trojan-activity;sid:84521809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/14092020083259/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658710/; classtype:trojan-activity;sid:84521810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05112019071742/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658702/; classtype:trojan-activity;sid:84521802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658703/; classtype:trojan-activity;sid:84521803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14112019111430/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658696/; classtype:trojan-activity;sid:84521796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658697/; classtype:trojan-activity;sid:84521797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03082020090003/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658698/; classtype:trojan-activity;sid:84521798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30102019110916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658700/; classtype:trojan-activity;sid:84521800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658690/; classtype:trojan-activity;sid:84521790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11012020084905/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658691/; classtype:trojan-activity;sid:84521791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658693/; classtype:trojan-activity;sid:84521793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658694/; classtype:trojan-activity;sid:84521794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02122019130515/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658688/; classtype:trojan-activity;sid:84521788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14042020090844/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658682/; classtype:trojan-activity;sid:84521782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658683/; classtype:trojan-activity;sid:84521783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30072020090328/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658684/; classtype:trojan-activity;sid:84521784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020073631/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658679/; classtype:trojan-activity;sid:84521779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05022020103349/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658681/; classtype:trojan-activity;sid:84521781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14012020101406/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658678/; classtype:trojan-activity;sid:84521778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05092019101555/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658671/; classtype:trojan-activity;sid:84521771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01032020102326/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658672/; classtype:trojan-activity;sid:84521772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17012020111119/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658674/; classtype:trojan-activity;sid:84521774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658675/; classtype:trojan-activity;sid:84521775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658670/; classtype:trojan-activity;sid:84521770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658666/; classtype:trojan-activity;sid:84521766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11012020064019/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658667/; classtype:trojan-activity;sid:84521767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658668/; classtype:trojan-activity;sid:84521768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658661/; classtype:trojan-activity;sid:84521761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658662/; classtype:trojan-activity;sid:84521762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23082019111824/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658664/; classtype:trojan-activity;sid:84521764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/04305539000100/2020-10-08/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658665/; classtype:trojan-activity;sid:84521765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10092019102851/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658659/; classtype:trojan-activity;sid:84521759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658660/; classtype:trojan-activity;sid:84521760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020102754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658658/; classtype:trojan-activity;sid:84521758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658655/; classtype:trojan-activity;sid:84521755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658656/; classtype:trojan-activity;sid:84521756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658653/; classtype:trojan-activity;sid:84521753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05092019100003/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658650/; classtype:trojan-activity;sid:84521750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14012020084424/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658651/; classtype:trojan-activity;sid:84521751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658652/; classtype:trojan-activity;sid:84521752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13082019110916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658649/; classtype:trojan-activity;sid:84521749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14012020073553/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658646/; classtype:trojan-activity;sid:84521746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30092020084740/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658647/; classtype:trojan-activity;sid:84521747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658648/; classtype:trojan-activity;sid:84521748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658644/; classtype:trojan-activity;sid:84521744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10122019082932/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658637/; classtype:trojan-activity;sid:84521737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06032020142117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658638/; classtype:trojan-activity;sid:84521738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658639/; classtype:trojan-activity;sid:84521739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19082019071713/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658640/; classtype:trojan-activity;sid:84521740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23022020112139/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658641/; classtype:trojan-activity;sid:84521741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658642)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658642/; classtype:trojan-activity;sid:84521742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658636/; classtype:trojan-activity;sid:84521736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658632/; classtype:trojan-activity;sid:84521732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26022020101439/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658633/; classtype:trojan-activity;sid:84521733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658634/; classtype:trojan-activity;sid:84521734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/25092020085034/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658635/; classtype:trojan-activity;sid:84521735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10082019090714/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658626/; classtype:trojan-activity;sid:84521726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28102020084216/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658627/; classtype:trojan-activity;sid:84521727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04032020083309/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658630/; classtype:trojan-activity;sid:84521730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658623/; classtype:trojan-activity;sid:84521723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658624/; classtype:trojan-activity;sid:84521724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28012020111221/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658625/; classtype:trojan-activity;sid:84521725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658622/; classtype:trojan-activity;sid:84521722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658619/; classtype:trojan-activity;sid:84521719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21092019094026/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658620/; classtype:trojan-activity;sid:84521720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02012020080457/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658621/; classtype:trojan-activity;sid:84521721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08072020085529/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658617/; classtype:trojan-activity;sid:84521717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658618/; classtype:trojan-activity;sid:84521718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07082019084803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658611/; classtype:trojan-activity;sid:84521711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/29092020084341/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658613/; classtype:trojan-activity;sid:84521713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/13112020084116/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658614/; classtype:trojan-activity;sid:84521714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05122019085753/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658615/; classtype:trojan-activity;sid:84521715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658609/; classtype:trojan-activity;sid:84521709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658610/; classtype:trojan-activity;sid:84521710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658608/; classtype:trojan-activity;sid:84521708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658607/; classtype:trojan-activity;sid:84521707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20072020091125/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658606/; classtype:trojan-activity;sid:84521706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19112019095338/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658604/; classtype:trojan-activity;sid:84521704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09122019085634/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658598/; classtype:trojan-activity;sid:84521698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658599/; classtype:trojan-activity;sid:84521699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658601/; classtype:trojan-activity;sid:84521701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/04305539000100/2020-07-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658602/; classtype:trojan-activity;sid:84521702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29022020102453/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658603/; classtype:trojan-activity;sid:84521703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658595/; classtype:trojan-activity;sid:84521695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18122019084557/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658596/; classtype:trojan-activity;sid:84521696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24122019100332/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658597/; classtype:trojan-activity;sid:84521697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24092020083048/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658585/; classtype:trojan-activity;sid:84521685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28022020093617/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658586/; classtype:trojan-activity;sid:84521686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658587)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28102019111528/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658587/; classtype:trojan-activity;sid:84521687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658590/; classtype:trojan-activity;sid:84521690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020132401/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658591/; classtype:trojan-activity;sid:84521691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13102019111002/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658592/; classtype:trojan-activity;sid:84521692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26102020075618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658593/; classtype:trojan-activity;sid:84521693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22102019075419/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658583/; classtype:trojan-activity;sid:84521683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14022020084908/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658579/; classtype:trojan-activity;sid:84521679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658580/; classtype:trojan-activity;sid:84521680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/inutiliza%c3%a7%c3%a3o/2020-08-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658576/; classtype:trojan-activity;sid:84521676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658571/; classtype:trojan-activity;sid:84521671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658572/; classtype:trojan-activity;sid:84521672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658573/; classtype:trojan-activity;sid:84521673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-03-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658568/; classtype:trojan-activity;sid:84521668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02032020080301/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658569/; classtype:trojan-activity;sid:84521669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20022020080010/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658570/; classtype:trojan-activity;sid:84521670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658567/; classtype:trojan-activity;sid:84521667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07022020104647/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658562/; classtype:trojan-activity;sid:84521662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658563/; classtype:trojan-activity;sid:84521663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658561/; classtype:trojan-activity;sid:84521661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24022020071045/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658560/; classtype:trojan-activity;sid:84521660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658558/; classtype:trojan-activity;sid:84521658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-07-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658555/; classtype:trojan-activity;sid:84521655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658556/; classtype:trojan-activity;sid:84521656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05022020083919/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658552/; classtype:trojan-activity;sid:84521652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658553/; classtype:trojan-activity;sid:84521653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658554/; classtype:trojan-activity;sid:84521654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658550/; classtype:trojan-activity;sid:84521650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658548/; classtype:trojan-activity;sid:84521648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658546/; classtype:trojan-activity;sid:84521646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658544/; classtype:trojan-activity;sid:84521644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23102019112124/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658541/; classtype:trojan-activity;sid:84521641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658539/; classtype:trojan-activity;sid:84521639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658535/; classtype:trojan-activity;sid:84521635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29102019111414/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658536/; classtype:trojan-activity;sid:84521636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19082019065142/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658531/; classtype:trojan-activity;sid:84521631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658533/; classtype:trojan-activity;sid:84521633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/29062020084258/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658527/; classtype:trojan-activity;sid:84521627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26122019110920/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658526/; classtype:trojan-activity;sid:84521626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658523/; classtype:trojan-activity;sid:84521623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15032020110206/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658521/; classtype:trojan-activity;sid:84521621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31082019074602/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658522/; classtype:trojan-activity;sid:84521622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03022020083538/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658514/; classtype:trojan-activity;sid:84521614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658515/; classtype:trojan-activity;sid:84521615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15012020084147/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658513/; classtype:trojan-activity;sid:84521613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20012020111328/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658511/; classtype:trojan-activity;sid:84521611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658512/; classtype:trojan-activity;sid:84521612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019103340/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658505/; classtype:trojan-activity;sid:84521605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658509/; classtype:trojan-activity;sid:84521609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29082019090120/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658510/; classtype:trojan-activity;sid:84521610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658503/; classtype:trojan-activity;sid:84521603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658502/; classtype:trojan-activity;sid:84521602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03092020084050/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658499/; classtype:trojan-activity;sid:84521599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15012020111529/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658500/; classtype:trojan-activity;sid:84521600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658501)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658501/; classtype:trojan-activity;sid:84521601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658496/; classtype:trojan-activity;sid:84521596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03092020083612/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658497/; classtype:trojan-activity;sid:84521597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28102019124413/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658498/; classtype:trojan-activity;sid:84521598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658495/; classtype:trojan-activity;sid:84521595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658493/; classtype:trojan-activity;sid:84521593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658492/; classtype:trojan-activity;sid:84521592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658491/; classtype:trojan-activity;sid:84521591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/29102020082344/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658489/; classtype:trojan-activity;sid:84521589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658486/; classtype:trojan-activity;sid:84521586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658487/; classtype:trojan-activity;sid:84521587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28092019074335/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658488/; classtype:trojan-activity;sid:84521588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03032020092739/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658485/; classtype:trojan-activity;sid:84521585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658482/; classtype:trojan-activity;sid:84521582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/04305539000100/2020-10-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658483/; classtype:trojan-activity;sid:84521583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658484/; classtype:trojan-activity;sid:84521584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658477)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658477/; classtype:trojan-activity;sid:84521577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658478/; classtype:trojan-activity;sid:84521578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07112019072436/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658479/; classtype:trojan-activity;sid:84521579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28092020084800/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658474/; classtype:trojan-activity;sid:84521574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-11-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658470/; classtype:trojan-activity;sid:84521570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658469/; classtype:trojan-activity;sid:84521569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12022020073843/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658466/; classtype:trojan-activity;sid:84521566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658460/; classtype:trojan-activity;sid:84521560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658461/; classtype:trojan-activity;sid:84521561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/01-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658462/; classtype:trojan-activity;sid:84521562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658463/; classtype:trojan-activity;sid:84521563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658458/; classtype:trojan-activity;sid:84521558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29082019110839/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658459/; classtype:trojan-activity;sid:84521559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15082019112133/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658454/; classtype:trojan-activity;sid:84521554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05032020100611/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658452/; classtype:trojan-activity;sid:84521552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658451/; classtype:trojan-activity;sid:84521551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31012020084259/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658443/; classtype:trojan-activity;sid:84521543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658444/; classtype:trojan-activity;sid:84521544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658445/; classtype:trojan-activity;sid:84521545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08112019085706/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658439/; classtype:trojan-activity;sid:84521539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-12-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658437/; classtype:trojan-activity;sid:84521537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658435/; classtype:trojan-activity;sid:84521535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658436/; classtype:trojan-activity;sid:84521536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15012020084835/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658426/; classtype:trojan-activity;sid:84521526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20012020073942/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658427/; classtype:trojan-activity;sid:84521527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658428/; classtype:trojan-activity;sid:84521528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658429/; classtype:trojan-activity;sid:84521529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658430/; classtype:trojan-activity;sid:84521530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05022020084858/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658431/; classtype:trojan-activity;sid:84521531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658433/; classtype:trojan-activity;sid:84521533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07102019120718/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658424/; classtype:trojan-activity;sid:84521524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658425/; classtype:trojan-activity;sid:84521525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26012020110837/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658419/; classtype:trojan-activity;sid:84521519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658421/; classtype:trojan-activity;sid:84521521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658414/; classtype:trojan-activity;sid:84521514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04092019101034/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658416/; classtype:trojan-activity;sid:84521516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10022020141618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658412/; classtype:trojan-activity;sid:84521512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08092019091937/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658407/; classtype:trojan-activity;sid:84521507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/23112020080135/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658408/; classtype:trojan-activity;sid:84521508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658411/; classtype:trojan-activity;sid:84521511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658403/; classtype:trojan-activity;sid:84521503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15102020075415/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658402/; classtype:trojan-activity;sid:84521502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658401/; classtype:trojan-activity;sid:84521501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27092019112351/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658399/; classtype:trojan-activity;sid:84521499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11012020064612/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658400/; classtype:trojan-activity;sid:84521500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10012020082528/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658397/; classtype:trojan-activity;sid:84521497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658396/; classtype:trojan-activity;sid:84521496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019100156/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658395/; classtype:trojan-activity;sid:84521495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658394/; classtype:trojan-activity;sid:84521494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03022020084036/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658392/; classtype:trojan-activity;sid:84521492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658388/; classtype:trojan-activity;sid:84521488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22092019110544/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658386/; classtype:trojan-activity;sid:84521486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658387/; classtype:trojan-activity;sid:84521487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03112020080201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658384/; classtype:trojan-activity;sid:84521484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02092019084045/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658382/; classtype:trojan-activity;sid:84521482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658383/; classtype:trojan-activity;sid:84521483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09122019111725/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658380/; classtype:trojan-activity;sid:84521480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/25082020083620/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658377/; classtype:trojan-activity;sid:84521477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28092020085505/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658376/; classtype:trojan-activity;sid:84521476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04112019111207/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658375/; classtype:trojan-activity;sid:84521475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658372/; classtype:trojan-activity;sid:84521472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658374/; classtype:trojan-activity;sid:84521474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19032020110736/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658370/; classtype:trojan-activity;sid:84521470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07012020081506/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658371/; classtype:trojan-activity;sid:84521471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658367/; classtype:trojan-activity;sid:84521467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07102019080820/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658368/; classtype:trojan-activity;sid:84521468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658369/; classtype:trojan-activity;sid:84521469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658366/; classtype:trojan-activity;sid:84521466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658360/; classtype:trojan-activity;sid:84521460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658361)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27082019072537/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658361/; classtype:trojan-activity;sid:84521461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/01-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658363/; classtype:trojan-activity;sid:84521463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020102110/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658364/; classtype:trojan-activity;sid:84521464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05012020072533/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658358/; classtype:trojan-activity;sid:84521458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658356/; classtype:trojan-activity;sid:84521456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658350)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15092020084622/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658350/; classtype:trojan-activity;sid:84521450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658352/; classtype:trojan-activity;sid:84521452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658353/; classtype:trojan-activity;sid:84521453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19032020103217/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658354/; classtype:trojan-activity;sid:84521454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658348/; classtype:trojan-activity;sid:84521448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658346/; classtype:trojan-activity;sid:84521446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658347/; classtype:trojan-activity;sid:84521447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658341/; classtype:trojan-activity;sid:84521441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658342/; classtype:trojan-activity;sid:84521442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658345/; classtype:trojan-activity;sid:84521445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658340/; classtype:trojan-activity;sid:84521440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27092019083316/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658338/; classtype:trojan-activity;sid:84521438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658339)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658339/; classtype:trojan-activity;sid:84521439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23092019111516/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658336/; classtype:trojan-activity;sid:84521436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658330/; classtype:trojan-activity;sid:84521430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12122019101814/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658331/; classtype:trojan-activity;sid:84521431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658324)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16092019110740/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658324/; classtype:trojan-activity;sid:84521424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658325/; classtype:trojan-activity;sid:84521425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658322)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11102019085631/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658322/; classtype:trojan-activity;sid:84521422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09092019083927/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658317/; classtype:trojan-activity;sid:84521417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05082019090424/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658318/; classtype:trojan-activity;sid:84521418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658321/; classtype:trojan-activity;sid:84521421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658315)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658315/; classtype:trojan-activity;sid:84521415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658316/; classtype:trojan-activity;sid:84521416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658309/; classtype:trojan-activity;sid:84521409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658312/; classtype:trojan-activity;sid:84521412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19112019082902/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658313/; classtype:trojan-activity;sid:84521413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06012020084127/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658308/; classtype:trojan-activity;sid:84521408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18022020110839/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658307/; classtype:trojan-activity;sid:84521407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12082019111048/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658305/; classtype:trojan-activity;sid:84521405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31012020112230/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658303/; classtype:trojan-activity;sid:84521403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21052020090420/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658301/; classtype:trojan-activity;sid:84521401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08092019082357/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658299/; classtype:trojan-activity;sid:84521399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17112019105427/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658294/; classtype:trojan-activity;sid:84521394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658288/; classtype:trojan-activity;sid:84521388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658290/; classtype:trojan-activity;sid:84521390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16082019084628/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658291/; classtype:trojan-activity;sid:84521391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04092019080057/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658293/; classtype:trojan-activity;sid:84521393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21102019084527/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658285/; classtype:trojan-activity;sid:84521385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658282/; classtype:trojan-activity;sid:84521382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658284/; classtype:trojan-activity;sid:84521384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658276/; classtype:trojan-activity;sid:84521376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658277/; classtype:trojan-activity;sid:84521377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658278/; classtype:trojan-activity;sid:84521378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658279/; classtype:trojan-activity;sid:84521379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658280/; classtype:trojan-activity;sid:84521380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658274/; classtype:trojan-activity;sid:84521374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658273/; classtype:trojan-activity;sid:84521373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658265/; classtype:trojan-activity;sid:84521365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04062020080054/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658266/; classtype:trojan-activity;sid:84521366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11092019084025/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658267/; classtype:trojan-activity;sid:84521367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07082019112547/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658263/; classtype:trojan-activity;sid:84521363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658262/; classtype:trojan-activity;sid:84521362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658261/; classtype:trojan-activity;sid:84521361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658254/; classtype:trojan-activity;sid:84521354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20012020102439/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658255/; classtype:trojan-activity;sid:84521355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658256/; classtype:trojan-activity;sid:84521356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658258/; classtype:trojan-activity;sid:84521358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08022020071901/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658259/; classtype:trojan-activity;sid:84521359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26102020075115/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658260/; classtype:trojan-activity;sid:84521360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658252/; classtype:trojan-activity;sid:84521352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020111428/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658253/; classtype:trojan-activity;sid:84521353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658247/; classtype:trojan-activity;sid:84521347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019110019/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658249/; classtype:trojan-activity;sid:84521349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658243/; classtype:trojan-activity;sid:84521343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658244/; classtype:trojan-activity;sid:84521344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658240/; classtype:trojan-activity;sid:84521340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19022020074049/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658242/; classtype:trojan-activity;sid:84521342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658235/; classtype:trojan-activity;sid:84521335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12092019100052/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658236/; classtype:trojan-activity;sid:84521336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11122019085114/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658237/; classtype:trojan-activity;sid:84521337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658238/; classtype:trojan-activity;sid:84521338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30122019103005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658239/; classtype:trojan-activity;sid:84521339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02092019135755/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658233/; classtype:trojan-activity;sid:84521333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29012020110926/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658234/; classtype:trojan-activity;sid:84521334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020074337/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658229/; classtype:trojan-activity;sid:84521329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12092019112032/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658231/; classtype:trojan-activity;sid:84521331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658228/; classtype:trojan-activity;sid:84521328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04032020102908/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658220/; classtype:trojan-activity;sid:84521320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658222/; classtype:trojan-activity;sid:84521322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16012020111550/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658224/; classtype:trojan-activity;sid:84521324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14022020140803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658225/; classtype:trojan-activity;sid:84521325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658217/; classtype:trojan-activity;sid:84521317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658218/; classtype:trojan-activity;sid:84521318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658219/; classtype:trojan-activity;sid:84521319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/24112020081613/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658214/; classtype:trojan-activity;sid:84521314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/25112020083758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658211/; classtype:trojan-activity;sid:84521311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22122019072721/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658212/; classtype:trojan-activity;sid:84521312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658213/; classtype:trojan-activity;sid:84521313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07102019075325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658209/; classtype:trojan-activity;sid:84521309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658202)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/31072020085247/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658202/; classtype:trojan-activity;sid:84521302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17032020092647/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658203/; classtype:trojan-activity;sid:84521303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21122019075441/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658204/; classtype:trojan-activity;sid:84521304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12122019082453/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658205/; classtype:trojan-activity;sid:84521305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020075032/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658206/; classtype:trojan-activity;sid:84521306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658207/; classtype:trojan-activity;sid:84521307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658199)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658199/; classtype:trojan-activity;sid:84521299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03102019081724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658200/; classtype:trojan-activity;sid:84521300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/inutiliza%c3%a7%c3%a3o/2019-08-26/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658198/; classtype:trojan-activity;sid:84521298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02092020090343/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658190/; classtype:trojan-activity;sid:84521290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03022020102546/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658191/; classtype:trojan-activity;sid:84521291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658192/; classtype:trojan-activity;sid:84521292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658194/; classtype:trojan-activity;sid:84521294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22112019114331/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658195/; classtype:trojan-activity;sid:84521295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03082020091156/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658185/; classtype:trojan-activity;sid:84521285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14072020084319/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658186/; classtype:trojan-activity;sid:84521286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02092019074951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658175/; classtype:trojan-activity;sid:84521275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15122019113205/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658176/; classtype:trojan-activity;sid:84521276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658178/; classtype:trojan-activity;sid:84521278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18112019111421/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658179/; classtype:trojan-activity;sid:84521279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658168/; classtype:trojan-activity;sid:84521268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16012020102944/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658169/; classtype:trojan-activity;sid:84521269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28082019110944/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658172/; classtype:trojan-activity;sid:84521272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-12-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658173/; classtype:trojan-activity;sid:84521273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658174/; classtype:trojan-activity;sid:84521274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658165/; classtype:trojan-activity;sid:84521265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020083934/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658166/; classtype:trojan-activity;sid:84521266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658164/; classtype:trojan-activity;sid:84521264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658161/; classtype:trojan-activity;sid:84521261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2022-04-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658159/; classtype:trojan-activity;sid:84521259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658158/; classtype:trojan-activity;sid:84521258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17022020125714/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658157/; classtype:trojan-activity;sid:84521257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25012020105422/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658156/; classtype:trojan-activity;sid:84521256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17032020111050/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658151/; classtype:trojan-activity;sid:84521251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658152/; classtype:trojan-activity;sid:84521252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21112019085250/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658153/; classtype:trojan-activity;sid:84521253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19092019113551/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658154/; classtype:trojan-activity;sid:84521254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10012020081934/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658155/; classtype:trojan-activity;sid:84521255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658147/; classtype:trojan-activity;sid:84521247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658148/; classtype:trojan-activity;sid:84521248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16062020071846/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658149/; classtype:trojan-activity;sid:84521249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658150/; classtype:trojan-activity;sid:84521250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658143/; classtype:trojan-activity;sid:84521243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28022020102447/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658146/; classtype:trojan-activity;sid:84521246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658142/; classtype:trojan-activity;sid:84521242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020091641/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658140/; classtype:trojan-activity;sid:84521240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658141/; classtype:trojan-activity;sid:84521241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658138/; classtype:trojan-activity;sid:84521238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658135/; classtype:trojan-activity;sid:84521235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658137/; classtype:trojan-activity;sid:84521237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19012020111047/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658132/; classtype:trojan-activity;sid:84521232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15122019122429/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658133/; classtype:trojan-activity;sid:84521233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658134/; classtype:trojan-activity;sid:84521234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19112019082650/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658130/; classtype:trojan-activity;sid:84521230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658131/; classtype:trojan-activity;sid:84521231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658129/; classtype:trojan-activity;sid:84521229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03122019122626/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658126/; classtype:trojan-activity;sid:84521226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15102019084429/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658127/; classtype:trojan-activity;sid:84521227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658123/; classtype:trojan-activity;sid:84521223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658125/; classtype:trojan-activity;sid:84521225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/29072020093540/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658121/; classtype:trojan-activity;sid:84521221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12092019104436/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658120/; classtype:trojan-activity;sid:84521220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658117/; classtype:trojan-activity;sid:84521217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658116/; classtype:trojan-activity;sid:84521216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18082019111227/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658114/; classtype:trojan-activity;sid:84521214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658110/; classtype:trojan-activity;sid:84521210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/04305539000100/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658112/; classtype:trojan-activity;sid:84521212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658107/; classtype:trojan-activity;sid:84521207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658106/; classtype:trojan-activity;sid:84521206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658101/; classtype:trojan-activity;sid:84521201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658102/; classtype:trojan-activity;sid:84521202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05022020085221/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658103/; classtype:trojan-activity;sid:84521203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658105/; classtype:trojan-activity;sid:84521205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658098/; classtype:trojan-activity;sid:84521198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18082019114144/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658096/; classtype:trojan-activity;sid:84521196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16022020092958/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658097/; classtype:trojan-activity;sid:84521197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18032020083606/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658092/; classtype:trojan-activity;sid:84521192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21102019084320/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658093/; classtype:trojan-activity;sid:84521193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658094/; classtype:trojan-activity;sid:84521194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04012020085315/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658095/; classtype:trojan-activity;sid:84521195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31012020090045/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658090/; classtype:trojan-activity;sid:84521190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-12-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658091/; classtype:trojan-activity;sid:84521191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658087/; classtype:trojan-activity;sid:84521187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658088/; classtype:trojan-activity;sid:84521188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20032020110739/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658080/; classtype:trojan-activity;sid:84521180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23062020085151/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658082/; classtype:trojan-activity;sid:84521182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29102019072415/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658070/; classtype:trojan-activity;sid:84521170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020083637/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658072/; classtype:trojan-activity;sid:84521172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020080720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658065/; classtype:trojan-activity;sid:84521165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-08-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658061/; classtype:trojan-activity;sid:84521161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657834)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/3tokfoi.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657834/; classtype:trojan-activity;sid:84520934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657781)"; flow:established,from_client; content:"GET"; http_method; content:"/file/pdf24creator.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657781/; classtype:trojan-activity;sid:84520881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657779)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/bj4bgb6.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657779/; classtype:trojan-activity;sid:84520879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657775)"; flow:established,from_client; content:"GET"; http_method; content:"/file/sourcetree.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657775/; classtype:trojan-activity;sid:84520875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657745)"; flow:established,from_client; content:"GET"; http_method; content:"/file/fontdrvhost.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657745/; classtype:trojan-activity;sid:84520845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657582)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/reklamortak-hub/tmlaa@main/chromeguncelleme.apk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657582/; classtype:trojan-activity;sid:84520682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657583)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/reklamortak-hub/axma@main/chromeguncelleme.apk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657583/; classtype:trojan-activity;sid:84520683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657580)"; flow:established,from_client; content:"GET"; http_method; content:"/excel.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bmh-global.myfirewall.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657580/; classtype:trojan-activity;sid:84520680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657581)"; flow:established,from_client; content:"GET"; http_method; content:"/voucherwonderland.js"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"js-storage.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657581/; classtype:trojan-activity;sid:84520681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657572)"; flow:established,from_client; content:"GET"; http_method; content:"/log/ce574991.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"178.16.52.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657572/; classtype:trojan-activity;sid:84520672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657567)"; flow:established,from_client; content:"GET"; http_method; content:"/taqumn21pwtffka.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657567/; classtype:trojan-activity;sid:84520667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657563)"; flow:established,from_client; content:"GET"; http_method; content:"/lrcnaco7v7vkgmm.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657563/; classtype:trojan-activity;sid:84520663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657561)"; flow:established,from_client; content:"GET"; http_method; content:"/e55gjjtfitxysh4.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657561/; classtype:trojan-activity;sid:84520661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657562)"; flow:established,from_client; content:"GET"; http_method; content:"/umn21taqpwtaffk.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657562/; classtype:trojan-activity;sid:84520662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.226.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657392/; classtype:trojan-activity;sid:84520492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657289/; classtype:trojan-activity;sid:84520389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657137/; classtype:trojan-activity;sid:84520237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656729)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656729/; classtype:trojan-activity;sid:84519829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656728)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656728/; classtype:trojan-activity;sid:84519828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656727)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656727/; classtype:trojan-activity;sid:84519827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656726)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656726/; classtype:trojan-activity;sid:84519826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656725)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.96.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656725/; classtype:trojan-activity;sid:84519825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656720)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656720/; classtype:trojan-activity;sid:84519820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656721)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656721/; classtype:trojan-activity;sid:84519821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656717)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656717/; classtype:trojan-activity;sid:84519817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656718/; classtype:trojan-activity;sid:84519818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656708)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656708/; classtype:trojan-activity;sid:84519808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656709)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656709/; classtype:trojan-activity;sid:84519809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656710)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656710/; classtype:trojan-activity;sid:84519810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656707/; classtype:trojan-activity;sid:84519807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656705)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656705/; classtype:trojan-activity;sid:84519805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656704/; classtype:trojan-activity;sid:84519804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656702)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656702/; classtype:trojan-activity;sid:84519802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656703)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656703/; classtype:trojan-activity;sid:84519803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656701)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656701/; classtype:trojan-activity;sid:84519801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656696)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656696/; classtype:trojan-activity;sid:84519796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656697)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656697/; classtype:trojan-activity;sid:84519797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656693)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656693/; classtype:trojan-activity;sid:84519793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656689)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656689/; classtype:trojan-activity;sid:84519789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656690)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656690/; classtype:trojan-activity;sid:84519790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656692)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656692/; classtype:trojan-activity;sid:84519792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656685)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656685/; classtype:trojan-activity;sid:84519785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656679)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656679/; classtype:trojan-activity;sid:84519779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656677)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656677/; classtype:trojan-activity;sid:84519777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656671)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.224.70.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656671/; classtype:trojan-activity;sid:84519771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656672)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656672/; classtype:trojan-activity;sid:84519772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656674)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656674/; classtype:trojan-activity;sid:84519774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656666)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.76.153.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656666/; classtype:trojan-activity;sid:84519766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656667)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656667/; classtype:trojan-activity;sid:84519767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656665)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656665/; classtype:trojan-activity;sid:84519765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656662)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656662/; classtype:trojan-activity;sid:84519762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656663)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656663/; classtype:trojan-activity;sid:84519763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656660)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656660/; classtype:trojan-activity;sid:84519760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656661)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656661/; classtype:trojan-activity;sid:84519761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656658)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656658/; classtype:trojan-activity;sid:84519758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656656)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656656/; classtype:trojan-activity;sid:84519756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656649)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656649/; classtype:trojan-activity;sid:84519749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656652)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656652/; classtype:trojan-activity;sid:84519752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656654)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656654/; classtype:trojan-activity;sid:84519754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656647)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656647/; classtype:trojan-activity;sid:84519747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656648)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656648/; classtype:trojan-activity;sid:84519748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656645)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656645/; classtype:trojan-activity;sid:84519745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656646)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656646/; classtype:trojan-activity;sid:84519746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656643)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656643/; classtype:trojan-activity;sid:84519743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656641)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"119.45.161.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656641/; classtype:trojan-activity;sid:84519741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656638)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656638/; classtype:trojan-activity;sid:84519738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656639)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656639/; classtype:trojan-activity;sid:84519739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656640/; classtype:trojan-activity;sid:84519740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656637)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"216.221.70.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656637/; classtype:trojan-activity;sid:84519737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656634)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656634/; classtype:trojan-activity;sid:84519734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656635)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656635/; classtype:trojan-activity;sid:84519735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656636)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.224.70.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656636/; classtype:trojan-activity;sid:84519736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656632)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656632/; classtype:trojan-activity;sid:84519732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656630)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656630/; classtype:trojan-activity;sid:84519730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656629)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656629/; classtype:trojan-activity;sid:84519729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656627)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656627/; classtype:trojan-activity;sid:84519727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656628)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656628/; classtype:trojan-activity;sid:84519728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656621)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656621/; classtype:trojan-activity;sid:84519721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656618)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656618/; classtype:trojan-activity;sid:84519718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656614)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656614/; classtype:trojan-activity;sid:84519714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656611)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656611/; classtype:trojan-activity;sid:84519711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656607)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656607/; classtype:trojan-activity;sid:84519707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656608)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656608/; classtype:trojan-activity;sid:84519708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656609)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656609/; classtype:trojan-activity;sid:84519709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656610)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656610/; classtype:trojan-activity;sid:84519710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656605)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656605/; classtype:trojan-activity;sid:84519705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656598)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656598/; classtype:trojan-activity;sid:84519698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656600)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656600/; classtype:trojan-activity;sid:84519700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656601)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656601/; classtype:trojan-activity;sid:84519701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656602)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656602/; classtype:trojan-activity;sid:84519702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656597)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656597/; classtype:trojan-activity;sid:84519697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656592)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656592/; classtype:trojan-activity;sid:84519692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656594)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656594/; classtype:trojan-activity;sid:84519694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656595)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656595/; classtype:trojan-activity;sid:84519695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656589)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656589/; classtype:trojan-activity;sid:84519689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656581)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656581/; classtype:trojan-activity;sid:84519681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656584)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656584/; classtype:trojan-activity;sid:84519684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656579)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656579/; classtype:trojan-activity;sid:84519679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656577)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656577/; classtype:trojan-activity;sid:84519677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656574)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.130.209.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656574/; classtype:trojan-activity;sid:84519674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656575)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656575/; classtype:trojan-activity;sid:84519675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656572)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656572/; classtype:trojan-activity;sid:84519672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656568)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656568/; classtype:trojan-activity;sid:84519668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656569)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656569/; classtype:trojan-activity;sid:84519669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656570)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656570/; classtype:trojan-activity;sid:84519670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656564)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656564/; classtype:trojan-activity;sid:84519664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656566)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.118.38.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656566/; classtype:trojan-activity;sid:84519666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656559)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656559/; classtype:trojan-activity;sid:84519659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656560)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.132.96.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656560/; classtype:trojan-activity;sid:84519660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656561)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656561/; classtype:trojan-activity;sid:84519661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656562)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.46.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656562/; classtype:trojan-activity;sid:84519662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656563)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656563/; classtype:trojan-activity;sid:84519663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656552)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656552/; classtype:trojan-activity;sid:84519652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656555)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656555/; classtype:trojan-activity;sid:84519655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656551)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.128.74.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656551/; classtype:trojan-activity;sid:84519651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656503/; classtype:trojan-activity;sid:84519603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656456/; classtype:trojan-activity;sid:84519556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656398/; classtype:trojan-activity;sid:84519498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656345)"; flow:established,from_client; content:"GET"; http_method; content:"/139assicc.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.157.70.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656345/; classtype:trojan-activity;sid:84519445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.190.212.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656200/; classtype:trojan-activity;sid:84519300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.118.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656154/; classtype:trojan-activity;sid:84519254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656140)"; flow:established,from_client; content:"GET"; http_method; content:"/christian%20cg17042021%20xpanel.c3prj/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656140/; classtype:trojan-activity;sid:84519240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656061/; classtype:trojan-activity;sid:84519161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656060/; classtype:trojan-activity;sid:84519160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656059/; classtype:trojan-activity;sid:84519159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656058)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656058/; classtype:trojan-activity;sid:84519158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656056/; classtype:trojan-activity;sid:84519156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656054/; classtype:trojan-activity;sid:84519154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656051/; classtype:trojan-activity;sid:84519151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656049)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656049/; classtype:trojan-activity;sid:84519149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656050)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656050/; classtype:trojan-activity;sid:84519150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656048)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656048/; classtype:trojan-activity;sid:84519148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656044)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656044/; classtype:trojan-activity;sid:84519144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656045)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656045/; classtype:trojan-activity;sid:84519145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656046)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230518-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656046/; classtype:trojan-activity;sid:84519146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656041)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656041/; classtype:trojan-activity;sid:84519141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656043)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656043/; classtype:trojan-activity;sid:84519143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656035)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656035/; classtype:trojan-activity;sid:84519135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656036)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656036/; classtype:trojan-activity;sid:84519136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656037/; classtype:trojan-activity;sid:84519137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656039)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656039/; classtype:trojan-activity;sid:84519139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656040)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656040/; classtype:trojan-activity;sid:84519140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656032/; classtype:trojan-activity;sid:84519132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656033)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250308-120/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656033/; classtype:trojan-activity;sid:84519133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656027)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656027/; classtype:trojan-activity;sid:84519127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656028)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656028/; classtype:trojan-activity;sid:84519128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656025)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656025/; classtype:trojan-activity;sid:84519125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656026)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656026/; classtype:trojan-activity;sid:84519126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656021)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656021/; classtype:trojan-activity;sid:84519121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656022)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/x86/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656022/; classtype:trojan-activity;sid:84519122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656023)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656023/; classtype:trojan-activity;sid:84519123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656020)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656020/; classtype:trojan-activity;sid:84519120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656019/; classtype:trojan-activity;sid:84519119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656011)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656011/; classtype:trojan-activity;sid:84519111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656012)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656012/; classtype:trojan-activity;sid:84519112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656013)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656013/; classtype:trojan-activity;sid:84519113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231101-141/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656014/; classtype:trojan-activity;sid:84519114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656004)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656004/; classtype:trojan-activity;sid:84519104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656005)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656005/; classtype:trojan-activity;sid:84519105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656006)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656006/; classtype:trojan-activity;sid:84519106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656007)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656007/; classtype:trojan-activity;sid:84519107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656009)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656009/; classtype:trojan-activity;sid:84519109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655993)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655993/; classtype:trojan-activity;sid:84519093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655994)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655994/; classtype:trojan-activity;sid:84519094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655995)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221110-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655995/; classtype:trojan-activity;sid:84519095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655996)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655996/; classtype:trojan-activity;sid:84519096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655998)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655998/; classtype:trojan-activity;sid:84519098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656000/; classtype:trojan-activity;sid:84519100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656001)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/js/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656001/; classtype:trojan-activity;sid:84519101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656002)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656002/; classtype:trojan-activity;sid:84519102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655990)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655990/; classtype:trojan-activity;sid:84519090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655991)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655991/; classtype:trojan-activity;sid:84519091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655992)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655992/; classtype:trojan-activity;sid:84519092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655986)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655986/; classtype:trojan-activity;sid:84519086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655987)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655987/; classtype:trojan-activity;sid:84519087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655988)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia-kancha/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655988/; classtype:trojan-activity;sid:84519088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655989)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/ia64/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655989/; classtype:trojan-activity;sid:84519089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655982)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655982/; classtype:trojan-activity;sid:84519082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655983)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250429-119/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655983/; classtype:trojan-activity;sid:84519083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655984)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655984/; classtype:trojan-activity;sid:84519084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655980)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655980/; classtype:trojan-activity;sid:84519080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655981)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655981/; classtype:trojan-activity;sid:84519081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655977)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655977/; classtype:trojan-activity;sid:84519077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-12-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655975/; classtype:trojan-activity;sid:84519075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655976)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655976/; classtype:trojan-activity;sid:84519076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655973)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.43.45.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655973/; classtype:trojan-activity;sid:84519073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655969)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655969/; classtype:trojan-activity;sid:84519069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655970)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655970/; classtype:trojan-activity;sid:84519070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655966)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655966/; classtype:trojan-activity;sid:84519066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655954)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655954/; classtype:trojan-activity;sid:84519054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655955)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655955/; classtype:trojan-activity;sid:84519055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655956)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655956/; classtype:trojan-activity;sid:84519056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655961)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655961/; classtype:trojan-activity;sid:84519061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655963)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655963/; classtype:trojan-activity;sid:84519063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655941)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655941/; classtype:trojan-activity;sid:84519041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655942)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655942/; classtype:trojan-activity;sid:84519042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655943)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655943/; classtype:trojan-activity;sid:84519043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655944)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655944/; classtype:trojan-activity;sid:84519044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655945)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655945/; classtype:trojan-activity;sid:84519045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655946)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655946/; classtype:trojan-activity;sid:84519046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655947)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655947/; classtype:trojan-activity;sid:84519047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655948)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655948/; classtype:trojan-activity;sid:84519048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655949)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655949/; classtype:trojan-activity;sid:84519049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655950)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655950/; classtype:trojan-activity;sid:84519050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655951)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655951/; classtype:trojan-activity;sid:84519051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655952)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655952/; classtype:trojan-activity;sid:84519052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655953)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655953/; classtype:trojan-activity;sid:84519053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655928)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655928/; classtype:trojan-activity;sid:84519028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655929)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655929/; classtype:trojan-activity;sid:84519029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655931)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655931/; classtype:trojan-activity;sid:84519031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655932)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655932/; classtype:trojan-activity;sid:84519032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655934)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655934/; classtype:trojan-activity;sid:84519034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655935)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240918-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655935/; classtype:trojan-activity;sid:84519035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655936)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655936/; classtype:trojan-activity;sid:84519036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655937)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250219-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655937/; classtype:trojan-activity;sid:84519037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655938)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655938/; classtype:trojan-activity;sid:84519038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655939)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655939/; classtype:trojan-activity;sid:84519039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655940)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655940/; classtype:trojan-activity;sid:84519040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655922)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/famen/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655922/; classtype:trojan-activity;sid:84519022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655923)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655923/; classtype:trojan-activity;sid:84519023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655924)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655924/; classtype:trojan-activity;sid:84519024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655925)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/catalog/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655925/; classtype:trojan-activity;sid:84519025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655926)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655926/; classtype:trojan-activity;sid:84519026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655927)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/update/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655927/; classtype:trojan-activity;sid:84519027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655919)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655919/; classtype:trojan-activity;sid:84519019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655920)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655920/; classtype:trojan-activity;sid:84519020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655917)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655917/; classtype:trojan-activity;sid:84519017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655918)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655918/; classtype:trojan-activity;sid:84519018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655916)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/en/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655916/; classtype:trojan-activity;sid:84519016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655912)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655912/; classtype:trojan-activity;sid:84519012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655910)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/e3ee6be74f9a/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655910/; classtype:trojan-activity;sid:84519010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655911)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655911/; classtype:trojan-activity;sid:84519011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655908)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655908/; classtype:trojan-activity;sid:84519008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655905)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655905/; classtype:trojan-activity;sid:84519005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655904)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240711-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655904/; classtype:trojan-activity;sid:84519004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655903)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655903/; classtype:trojan-activity;sid:84519003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655901)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655901/; classtype:trojan-activity;sid:84519001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655899)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655899/; classtype:trojan-activity;sid:84518999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655896)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655896/; classtype:trojan-activity;sid:84518996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655894)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655894/; classtype:trojan-activity;sid:84518994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655895)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655895/; classtype:trojan-activity;sid:84518995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655891)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240403-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655891/; classtype:trojan-activity;sid:84518991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655892)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655892/; classtype:trojan-activity;sid:84518992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655893)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655893/; classtype:trojan-activity;sid:84518993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655890)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655890/; classtype:trojan-activity;sid:84518990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655889)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655889/; classtype:trojan-activity;sid:84518989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655888)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655888/; classtype:trojan-activity;sid:84518988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655887/; classtype:trojan-activity;sid:84518987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655881/; classtype:trojan-activity;sid:84518981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655880/; classtype:trojan-activity;sid:84518980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655879)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655879/; classtype:trojan-activity;sid:84518979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655876)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655876/; classtype:trojan-activity;sid:84518976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655877)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655877/; classtype:trojan-activity;sid:84518977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655875)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655875/; classtype:trojan-activity;sid:84518975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655872)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655872/; classtype:trojan-activity;sid:84518972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655873)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655873/; classtype:trojan-activity;sid:84518973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655870)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655870/; classtype:trojan-activity;sid:84518970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655867/; classtype:trojan-activity;sid:84518967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655868)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1150/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655868/; classtype:trojan-activity;sid:84518968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655866)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655866/; classtype:trojan-activity;sid:84518966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655864)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655864/; classtype:trojan-activity;sid:84518964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655862/; classtype:trojan-activity;sid:84518962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655860/; classtype:trojan-activity;sid:84518960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655861)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655861/; classtype:trojan-activity;sid:84518961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655859)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655859/; classtype:trojan-activity;sid:84518959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655855)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655855/; classtype:trojan-activity;sid:84518955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655851)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655851/; classtype:trojan-activity;sid:84518951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655849)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655849/; classtype:trojan-activity;sid:84518949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655848)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655848/; classtype:trojan-activity;sid:84518948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655846)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655846/; classtype:trojan-activity;sid:84518946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655844/; classtype:trojan-activity;sid:84518944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655845/; classtype:trojan-activity;sid:84518945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655843)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655843/; classtype:trojan-activity;sid:84518943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655842)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655842/; classtype:trojan-activity;sid:84518942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655838/; classtype:trojan-activity;sid:84518938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655837)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655837/; classtype:trojan-activity;sid:84518937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655835)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250214-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655835/; classtype:trojan-activity;sid:84518935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655834)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655834/; classtype:trojan-activity;sid:84518934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655832)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/demo/helpers/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655832/; classtype:trojan-activity;sid:84518932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231024-129/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655830/; classtype:trojan-activity;sid:84518930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655828)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655828/; classtype:trojan-activity;sid:84518928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655829/; classtype:trojan-activity;sid:84518929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655827)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655827/; classtype:trojan-activity;sid:84518927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655824/; classtype:trojan-activity;sid:84518924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655823)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655823/; classtype:trojan-activity;sid:84518923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655822)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655822/; classtype:trojan-activity;sid:84518922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655819)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1200/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655819/; classtype:trojan-activity;sid:84518919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655817)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655817/; classtype:trojan-activity;sid:84518917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655816)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655816/; classtype:trojan-activity;sid:84518916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655812/; classtype:trojan-activity;sid:84518912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655807)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655807/; classtype:trojan-activity;sid:84518907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655808)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655808/; classtype:trojan-activity;sid:84518908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655809/; classtype:trojan-activity;sid:84518909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655810)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655810/; classtype:trojan-activity;sid:84518910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655806/; classtype:trojan-activity;sid:84518906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-01-31/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655803/; classtype:trojan-activity;sid:84518903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655801/; classtype:trojan-activity;sid:84518901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655799/; classtype:trojan-activity;sid:84518899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655797/; classtype:trojan-activity;sid:84518897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655794)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655794/; classtype:trojan-activity;sid:84518894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655792)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655792/; classtype:trojan-activity;sid:84518892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655790)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655790/; classtype:trojan-activity;sid:84518890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655791/; classtype:trojan-activity;sid:84518891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655789)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655789/; classtype:trojan-activity;sid:84518889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655786)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655786/; classtype:trojan-activity;sid:84518886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-02/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655787/; classtype:trojan-activity;sid:84518887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655784)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655784/; classtype:trojan-activity;sid:84518884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655782/; classtype:trojan-activity;sid:84518882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655783)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655783/; classtype:trojan-activity;sid:84518883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655781)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655781/; classtype:trojan-activity;sid:84518881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655778)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655778/; classtype:trojan-activity;sid:84518878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655775/; classtype:trojan-activity;sid:84518875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655774)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655774/; classtype:trojan-activity;sid:84518874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655770/; classtype:trojan-activity;sid:84518870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655766/; classtype:trojan-activity;sid:84518866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655763)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655763/; classtype:trojan-activity;sid:84518863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655761/; classtype:trojan-activity;sid:84518861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655757)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655757/; classtype:trojan-activity;sid:84518857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655756)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655756/; classtype:trojan-activity;sid:84518856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655754/; classtype:trojan-activity;sid:84518854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655752)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655752/; classtype:trojan-activity;sid:84518852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655751)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655751/; classtype:trojan-activity;sid:84518851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655750)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655750/; classtype:trojan-activity;sid:84518850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655748)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655748/; classtype:trojan-activity;sid:84518848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655749)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655749/; classtype:trojan-activity;sid:84518849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655746)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655746/; classtype:trojan-activity;sid:84518846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655747)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655747/; classtype:trojan-activity;sid:84518847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655743/; classtype:trojan-activity;sid:84518843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655744)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655744/; classtype:trojan-activity;sid:84518844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655745)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655745/; classtype:trojan-activity;sid:84518845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655738)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655738/; classtype:trojan-activity;sid:84518838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655739)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655739/; classtype:trojan-activity;sid:84518839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655740)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655740/; classtype:trojan-activity;sid:84518840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655741)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655741/; classtype:trojan-activity;sid:84518841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655742)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231228-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655742/; classtype:trojan-activity;sid:84518842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655735)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655735/; classtype:trojan-activity;sid:84518835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655736)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655736/; classtype:trojan-activity;sid:84518836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655731)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655731/; classtype:trojan-activity;sid:84518831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655732)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655732/; classtype:trojan-activity;sid:84518832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655730)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655730/; classtype:trojan-activity;sid:84518830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655726)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655726/; classtype:trojan-activity;sid:84518826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655728)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655728/; classtype:trojan-activity;sid:84518828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655724)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655724/; classtype:trojan-activity;sid:84518824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655722)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pic/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655722/; classtype:trojan-activity;sid:84518822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655719)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655719/; classtype:trojan-activity;sid:84518819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655720)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655720/; classtype:trojan-activity;sid:84518820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655718/; classtype:trojan-activity;sid:84518818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655717/; classtype:trojan-activity;sid:84518817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655713)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp64/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655713/; classtype:trojan-activity;sid:84518813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655714)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655714/; classtype:trojan-activity;sid:84518814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655715)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655715/; classtype:trojan-activity;sid:84518815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655711)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655711/; classtype:trojan-activity;sid:84518811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-12-01/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655712/; classtype:trojan-activity;sid:84518812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655706)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655706/; classtype:trojan-activity;sid:84518806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655707)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655707/; classtype:trojan-activity;sid:84518807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655699)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655699/; classtype:trojan-activity;sid:84518799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655701)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655701/; classtype:trojan-activity;sid:84518801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655703)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655703/; classtype:trojan-activity;sid:84518803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655704)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655704/; classtype:trojan-activity;sid:84518804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655705)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655705/; classtype:trojan-activity;sid:84518805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655697)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655697/; classtype:trojan-activity;sid:84518797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655698)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230817-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655698/; classtype:trojan-activity;sid:84518798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655690)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655690/; classtype:trojan-activity;sid:84518790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655691)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655691/; classtype:trojan-activity;sid:84518791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655692)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655692/; classtype:trojan-activity;sid:84518792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655693)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655693/; classtype:trojan-activity;sid:84518793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655689)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655689/; classtype:trojan-activity;sid:84518789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655686)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655686/; classtype:trojan-activity;sid:84518786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655687)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655687/; classtype:trojan-activity;sid:84518787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655688)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655688/; classtype:trojan-activity;sid:84518788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655682)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655682/; classtype:trojan-activity;sid:84518782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655685)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655685/; classtype:trojan-activity;sid:84518785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655673)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655673/; classtype:trojan-activity;sid:84518773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655674)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655674/; classtype:trojan-activity;sid:84518774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655675)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655675/; classtype:trojan-activity;sid:84518775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655676)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655676/; classtype:trojan-activity;sid:84518776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655670)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655670/; classtype:trojan-activity;sid:84518770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655671/; classtype:trojan-activity;sid:84518771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655672)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655672/; classtype:trojan-activity;sid:84518772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655668)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655668/; classtype:trojan-activity;sid:84518768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655662)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655662/; classtype:trojan-activity;sid:84518762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655663)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655663/; classtype:trojan-activity;sid:84518763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655664)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655664/; classtype:trojan-activity;sid:84518764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655665)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655665/; classtype:trojan-activity;sid:84518765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655657)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655657/; classtype:trojan-activity;sid:84518757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655658)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655658/; classtype:trojan-activity;sid:84518758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655659)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/2052/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655659/; classtype:trojan-activity;sid:84518759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655660)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655660/; classtype:trojan-activity;sid:84518760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655654)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655654/; classtype:trojan-activity;sid:84518754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655655)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655655/; classtype:trojan-activity;sid:84518755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655648)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655648/; classtype:trojan-activity;sid:84518748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655649)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655649/; classtype:trojan-activity;sid:84518749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655651/; classtype:trojan-activity;sid:84518751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655641)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655641/; classtype:trojan-activity;sid:84518741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655642)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655642/; classtype:trojan-activity;sid:84518742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655645)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655645/; classtype:trojan-activity;sid:84518745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655646/; classtype:trojan-activity;sid:84518746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655647)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/remoteblobstore/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655647/; classtype:trojan-activity;sid:84518747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655638)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655638/; classtype:trojan-activity;sid:84518738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655633)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655633/; classtype:trojan-activity;sid:84518733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655634)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655634/; classtype:trojan-activity;sid:84518734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655635)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655635/; classtype:trojan-activity;sid:84518735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655631)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655631/; classtype:trojan-activity;sid:84518731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655626)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655626/; classtype:trojan-activity;sid:84518726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655627)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655627/; classtype:trojan-activity;sid:84518727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655630)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655630/; classtype:trojan-activity;sid:84518730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655623)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655623/; classtype:trojan-activity;sid:84518723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655624)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655624/; classtype:trojan-activity;sid:84518724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655625)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655625/; classtype:trojan-activity;sid:84518725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655621)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655621/; classtype:trojan-activity;sid:84518721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655618)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240831-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655618/; classtype:trojan-activity;sid:84518718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655619)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655619/; classtype:trojan-activity;sid:84518719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655620/; classtype:trojan-activity;sid:84518720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655614)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655614/; classtype:trojan-activity;sid:84518714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655616)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250310-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655616/; classtype:trojan-activity;sid:84518716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655617)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655617/; classtype:trojan-activity;sid:84518717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655610)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655610/; classtype:trojan-activity;sid:84518710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655606)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655606/; classtype:trojan-activity;sid:84518706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655607)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655607/; classtype:trojan-activity;sid:84518707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655608)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655608/; classtype:trojan-activity;sid:84518708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655603/; classtype:trojan-activity;sid:84518703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655601)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655601/; classtype:trojan-activity;sid:84518701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655597)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655597/; classtype:trojan-activity;sid:84518697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655596)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655596/; classtype:trojan-activity;sid:84518696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655592)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655592/; classtype:trojan-activity;sid:84518692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655593)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655593/; classtype:trojan-activity;sid:84518693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655594)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655594/; classtype:trojan-activity;sid:84518694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655595)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655595/; classtype:trojan-activity;sid:84518695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655590)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655590/; classtype:trojan-activity;sid:84518690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655587)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655587/; classtype:trojan-activity;sid:84518687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655588)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655588/; classtype:trojan-activity;sid:84518688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655589)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655589/; classtype:trojan-activity;sid:84518689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655581)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655581/; classtype:trojan-activity;sid:84518681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655583)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655583/; classtype:trojan-activity;sid:84518683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-29/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655586/; classtype:trojan-activity;sid:84518686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655579)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655579/; classtype:trojan-activity;sid:84518679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655580)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655580/; classtype:trojan-activity;sid:84518680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655565)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655565/; classtype:trojan-activity;sid:84518665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655566)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655566/; classtype:trojan-activity;sid:84518666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655567)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655567/; classtype:trojan-activity;sid:84518667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655568)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250709-032/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655568/; classtype:trojan-activity;sid:84518668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655572)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655572/; classtype:trojan-activity;sid:84518672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655574)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655574/; classtype:trojan-activity;sid:84518674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655576)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655576/; classtype:trojan-activity;sid:84518676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655577)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655577/; classtype:trojan-activity;sid:84518677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655578)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655578/; classtype:trojan-activity;sid:84518678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655561/; classtype:trojan-activity;sid:84518661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655562)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655562/; classtype:trojan-activity;sid:84518662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655563)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/js/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655563/; classtype:trojan-activity;sid:84518663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655560)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655560/; classtype:trojan-activity;sid:84518660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655556/; classtype:trojan-activity;sid:84518656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655557)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655557/; classtype:trojan-activity;sid:84518657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655558)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655558/; classtype:trojan-activity;sid:84518658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655559)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655559/; classtype:trojan-activity;sid:84518659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655553)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655553/; classtype:trojan-activity;sid:84518653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655547)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655547/; classtype:trojan-activity;sid:84518647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655541)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655541/; classtype:trojan-activity;sid:84518641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655542/; classtype:trojan-activity;sid:84518642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655543)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655543/; classtype:trojan-activity;sid:84518643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655544)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655544/; classtype:trojan-activity;sid:84518644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655545)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655545/; classtype:trojan-activity;sid:84518645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655529)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655529/; classtype:trojan-activity;sid:84518629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655530)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655530/; classtype:trojan-activity;sid:84518630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655531)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655531/; classtype:trojan-activity;sid:84518631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655532)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655532/; classtype:trojan-activity;sid:84518632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655534)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655534/; classtype:trojan-activity;sid:84518634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655535)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655535/; classtype:trojan-activity;sid:84518635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655538)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655538/; classtype:trojan-activity;sid:84518638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655539)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655539/; classtype:trojan-activity;sid:84518639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655521)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655521/; classtype:trojan-activity;sid:84518621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655522)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655522/; classtype:trojan-activity;sid:84518622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655523)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655523/; classtype:trojan-activity;sid:84518623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655524)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655524/; classtype:trojan-activity;sid:84518624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655525)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655525/; classtype:trojan-activity;sid:84518625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655526)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655526/; classtype:trojan-activity;sid:84518626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655527)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655527/; classtype:trojan-activity;sid:84518627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655528)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655528/; classtype:trojan-activity;sid:84518628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655513)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250715-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655513/; classtype:trojan-activity;sid:84518613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655514)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655514/; classtype:trojan-activity;sid:84518614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655515)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655515/; classtype:trojan-activity;sid:84518615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655516)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655516/; classtype:trojan-activity;sid:84518616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655517)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655517/; classtype:trojan-activity;sid:84518617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655519)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655519/; classtype:trojan-activity;sid:84518619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655520)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655520/; classtype:trojan-activity;sid:84518620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655509)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655509/; classtype:trojan-activity;sid:84518609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655510/; classtype:trojan-activity;sid:84518610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655511)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250715-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655511/; classtype:trojan-activity;sid:84518611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655507)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655507/; classtype:trojan-activity;sid:84518607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655505)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655505/; classtype:trojan-activity;sid:84518605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655503/; classtype:trojan-activity;sid:84518603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655504)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655504/; classtype:trojan-activity;sid:84518604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655502)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655502/; classtype:trojan-activity;sid:84518602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655501)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655501/; classtype:trojan-activity;sid:84518601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655499)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655499/; classtype:trojan-activity;sid:84518599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655498)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655498/; classtype:trojan-activity;sid:84518598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655497)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655497/; classtype:trojan-activity;sid:84518597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655495/; classtype:trojan-activity;sid:84518595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655496)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655496/; classtype:trojan-activity;sid:84518596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655493)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655493/; classtype:trojan-activity;sid:84518593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655492)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655492/; classtype:trojan-activity;sid:84518592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655491)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655491/; classtype:trojan-activity;sid:84518591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655490/; classtype:trojan-activity;sid:84518590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655489)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655489/; classtype:trojan-activity;sid:84518589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655482)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655482/; classtype:trojan-activity;sid:84518582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655483)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655483/; classtype:trojan-activity;sid:84518583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655479)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655479/; classtype:trojan-activity;sid:84518579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655476)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655476/; classtype:trojan-activity;sid:84518576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655474)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655474/; classtype:trojan-activity;sid:84518574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655471/; classtype:trojan-activity;sid:84518571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655468)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655468/; classtype:trojan-activity;sid:84518568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655469)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655469/; classtype:trojan-activity;sid:84518569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655464)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655464/; classtype:trojan-activity;sid:84518564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655466)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655466/; classtype:trojan-activity;sid:84518566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655467)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655467/; classtype:trojan-activity;sid:84518567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655462)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655462/; classtype:trojan-activity;sid:84518562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655461)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655461/; classtype:trojan-activity;sid:84518561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655458)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655458/; classtype:trojan-activity;sid:84518558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655459)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655459/; classtype:trojan-activity;sid:84518559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655453)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655453/; classtype:trojan-activity;sid:84518553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655447/; classtype:trojan-activity;sid:84518547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655440)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655440/; classtype:trojan-activity;sid:84518540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655441)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655441/; classtype:trojan-activity;sid:84518541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655442/; classtype:trojan-activity;sid:84518542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655443/; classtype:trojan-activity;sid:84518543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655430)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655430/; classtype:trojan-activity;sid:84518530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655436)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655436/; classtype:trojan-activity;sid:84518536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655426)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655426/; classtype:trojan-activity;sid:84518526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655421/; classtype:trojan-activity;sid:84518521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655422)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655422/; classtype:trojan-activity;sid:84518522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655420)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655420/; classtype:trojan-activity;sid:84518520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655418)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655418/; classtype:trojan-activity;sid:84518518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655417)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655417/; classtype:trojan-activity;sid:84518517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655413/; classtype:trojan-activity;sid:84518513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655414)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655414/; classtype:trojan-activity;sid:84518514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655412)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655412/; classtype:trojan-activity;sid:84518512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655410)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655410/; classtype:trojan-activity;sid:84518510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655408)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655408/; classtype:trojan-activity;sid:84518508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655407)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655407/; classtype:trojan-activity;sid:84518507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655406)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655406/; classtype:trojan-activity;sid:84518506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655403)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655403/; classtype:trojan-activity;sid:84518503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655404)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655404/; classtype:trojan-activity;sid:84518504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655405)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp64/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655405/; classtype:trojan-activity;sid:84518505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655402)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655402/; classtype:trojan-activity;sid:84518502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655398)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655398/; classtype:trojan-activity;sid:84518498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655399)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655399/; classtype:trojan-activity;sid:84518499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655396)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241021-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655396/; classtype:trojan-activity;sid:84518496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655395)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655395/; classtype:trojan-activity;sid:84518495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655392)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/sysdll/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655392/; classtype:trojan-activity;sid:84518492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655389)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655389/; classtype:trojan-activity;sid:84518489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655390)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655390/; classtype:trojan-activity;sid:84518490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655388)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655388/; classtype:trojan-activity;sid:84518488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655387/; classtype:trojan-activity;sid:84518487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655385)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655385/; classtype:trojan-activity;sid:84518485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655383)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655383/; classtype:trojan-activity;sid:84518483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-10-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655384/; classtype:trojan-activity;sid:84518484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655382)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240413-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655382/; classtype:trojan-activity;sid:84518482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655380)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655380/; classtype:trojan-activity;sid:84518480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655379)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655379/; classtype:trojan-activity;sid:84518479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655378/; classtype:trojan-activity;sid:84518478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655377)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0606/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655377/; classtype:trojan-activity;sid:84518477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655376)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655376/; classtype:trojan-activity;sid:84518476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655373/; classtype:trojan-activity;sid:84518473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655374)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655374/; classtype:trojan-activity;sid:84518474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655371)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655371/; classtype:trojan-activity;sid:84518471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655368/; classtype:trojan-activity;sid:84518468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-05-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655367/; classtype:trojan-activity;sid:84518467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655365)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655365/; classtype:trojan-activity;sid:84518465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655362)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655362/; classtype:trojan-activity;sid:84518462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655359)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655359/; classtype:trojan-activity;sid:84518459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655360)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0505/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655360/; classtype:trojan-activity;sid:84518460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655361)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655361/; classtype:trojan-activity;sid:84518461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655358)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655358/; classtype:trojan-activity;sid:84518458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655357)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655357/; classtype:trojan-activity;sid:84518457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655356)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655356/; classtype:trojan-activity;sid:84518456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655354)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655354/; classtype:trojan-activity;sid:84518454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655353/; classtype:trojan-activity;sid:84518453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655350)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655350/; classtype:trojan-activity;sid:84518450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655348)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655348/; classtype:trojan-activity;sid:84518448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655347)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655347/; classtype:trojan-activity;sid:84518447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655346)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655346/; classtype:trojan-activity;sid:84518446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-02-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655345/; classtype:trojan-activity;sid:84518445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655343)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655343/; classtype:trojan-activity;sid:84518443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655342)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655342/; classtype:trojan-activity;sid:84518442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655341)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655341/; classtype:trojan-activity;sid:84518441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655340)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/2052/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655340/; classtype:trojan-activity;sid:84518440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655339/; classtype:trojan-activity;sid:84518439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655338)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655338/; classtype:trojan-activity;sid:84518438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655335)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655335/; classtype:trojan-activity;sid:84518435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655334)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655334/; classtype:trojan-activity;sid:84518434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655332)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655332/; classtype:trojan-activity;sid:84518432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655330/; classtype:trojan-activity;sid:84518430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655331/; classtype:trojan-activity;sid:84518431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655329/; classtype:trojan-activity;sid:84518429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655324)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240423-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655324/; classtype:trojan-activity;sid:84518424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655322)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655322/; classtype:trojan-activity;sid:84518422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655323)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655323/; classtype:trojan-activity;sid:84518423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655321/; classtype:trojan-activity;sid:84518421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655318)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/2052/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655318/; classtype:trojan-activity;sid:84518418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655319)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655319/; classtype:trojan-activity;sid:84518419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655317)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655317/; classtype:trojan-activity;sid:84518417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655315)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655315/; classtype:trojan-activity;sid:84518415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655312)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655312/; classtype:trojan-activity;sid:84518412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655313)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655313/; classtype:trojan-activity;sid:84518413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655314/; classtype:trojan-activity;sid:84518414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655311/; classtype:trojan-activity;sid:84518411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655309)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655309/; classtype:trojan-activity;sid:84518409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655310)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655310/; classtype:trojan-activity;sid:84518410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655303)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655303/; classtype:trojan-activity;sid:84518403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655302)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655302/; classtype:trojan-activity;sid:84518402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655300/; classtype:trojan-activity;sid:84518400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655297)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655297/; classtype:trojan-activity;sid:84518397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655295)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655295/; classtype:trojan-activity;sid:84518395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655296)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655296/; classtype:trojan-activity;sid:84518396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655294)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655294/; classtype:trojan-activity;sid:84518394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655293/; classtype:trojan-activity;sid:84518393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655292)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655292/; classtype:trojan-activity;sid:84518392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655290)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655290/; classtype:trojan-activity;sid:84518390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655291/; classtype:trojan-activity;sid:84518391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655288)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655288/; classtype:trojan-activity;sid:84518388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655285)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655285/; classtype:trojan-activity;sid:84518385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655286/; classtype:trojan-activity;sid:84518386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655284)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655284/; classtype:trojan-activity;sid:84518384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655280)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655280/; classtype:trojan-activity;sid:84518380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655278)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655278/; classtype:trojan-activity;sid:84518378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655279)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655279/; classtype:trojan-activity;sid:84518379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-02-28/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655274/; classtype:trojan-activity;sid:84518374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655275)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655275/; classtype:trojan-activity;sid:84518375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655276)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655276/; classtype:trojan-activity;sid:84518376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655273)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655273/; classtype:trojan-activity;sid:84518373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655271)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655271/; classtype:trojan-activity;sid:84518371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655272)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655272/; classtype:trojan-activity;sid:84518372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655267)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655267/; classtype:trojan-activity;sid:84518367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655269)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw70/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655269/; classtype:trojan-activity;sid:84518369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655266)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655266/; classtype:trojan-activity;sid:84518366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655265)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655265/; classtype:trojan-activity;sid:84518365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655262)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655262/; classtype:trojan-activity;sid:84518362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655260)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655260/; classtype:trojan-activity;sid:84518360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655259)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655259/; classtype:trojan-activity;sid:84518359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655257/; classtype:trojan-activity;sid:84518357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655258)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655258/; classtype:trojan-activity;sid:84518358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655255)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/document/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655255/; classtype:trojan-activity;sid:84518355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655256)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655256/; classtype:trojan-activity;sid:84518356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655252)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655252/; classtype:trojan-activity;sid:84518352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655253)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655253/; classtype:trojan-activity;sid:84518353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655254)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655254/; classtype:trojan-activity;sid:84518354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655249)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655249/; classtype:trojan-activity;sid:84518349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655250)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655250/; classtype:trojan-activity;sid:84518350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655248)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655248/; classtype:trojan-activity;sid:84518348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655244)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655244/; classtype:trojan-activity;sid:84518344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655245/; classtype:trojan-activity;sid:84518345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655243)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655243/; classtype:trojan-activity;sid:84518343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655237)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655237/; classtype:trojan-activity;sid:84518337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655238)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655238/; classtype:trojan-activity;sid:84518338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655239)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655239/; classtype:trojan-activity;sid:84518339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655236)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655236/; classtype:trojan-activity;sid:84518336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655234)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655234/; classtype:trojan-activity;sid:84518334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655229)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/fonts/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655229/; classtype:trojan-activity;sid:84518329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655230)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655230/; classtype:trojan-activity;sid:84518330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655231/; classtype:trojan-activity;sid:84518331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655228)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655228/; classtype:trojan-activity;sid:84518328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655222)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655222/; classtype:trojan-activity;sid:84518322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655223)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655223/; classtype:trojan-activity;sid:84518323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655221)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655221/; classtype:trojan-activity;sid:84518321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655218)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655218/; classtype:trojan-activity;sid:84518318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655219)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655219/; classtype:trojan-activity;sid:84518319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655212)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655212/; classtype:trojan-activity;sid:84518312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655213/; classtype:trojan-activity;sid:84518313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655211)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655211/; classtype:trojan-activity;sid:84518311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655204)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655204/; classtype:trojan-activity;sid:84518304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655205)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655205/; classtype:trojan-activity;sid:84518305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655206)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/catalog/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655206/; classtype:trojan-activity;sid:84518306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655207)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655207/; classtype:trojan-activity;sid:84518307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655208)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655208/; classtype:trojan-activity;sid:84518308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655202)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655202/; classtype:trojan-activity;sid:84518302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655203)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655203/; classtype:trojan-activity;sid:84518303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655201)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655201/; classtype:trojan-activity;sid:84518301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655200)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655200/; classtype:trojan-activity;sid:84518300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655199)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655199/; classtype:trojan-activity;sid:84518299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655198)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655198/; classtype:trojan-activity;sid:84518298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655197)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655197/; classtype:trojan-activity;sid:84518297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655196)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655196/; classtype:trojan-activity;sid:84518296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655192)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655192/; classtype:trojan-activity;sid:84518292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655193)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655193/; classtype:trojan-activity;sid:84518293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655194)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655194/; classtype:trojan-activity;sid:84518294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655191/; classtype:trojan-activity;sid:84518291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655190)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655190/; classtype:trojan-activity;sid:84518290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655188)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/ia64/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655188/; classtype:trojan-activity;sid:84518288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655187/; classtype:trojan-activity;sid:84518287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655185)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655185/; classtype:trojan-activity;sid:84518285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655184)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655184/; classtype:trojan-activity;sid:84518284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655181)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230424-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655181/; classtype:trojan-activity;sid:84518281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655179/; classtype:trojan-activity;sid:84518279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655174)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655174/; classtype:trojan-activity;sid:84518274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655172)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655172/; classtype:trojan-activity;sid:84518272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655169)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655169/; classtype:trojan-activity;sid:84518269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655170/; classtype:trojan-activity;sid:84518270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655168)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655168/; classtype:trojan-activity;sid:84518268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655164)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655164/; classtype:trojan-activity;sid:84518264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655162)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655162/; classtype:trojan-activity;sid:84518262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655161)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/2052/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655161/; classtype:trojan-activity;sid:84518261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655160)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655160/; classtype:trojan-activity;sid:84518260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655157)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/ia64/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655157/; classtype:trojan-activity;sid:84518257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655158)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655158/; classtype:trojan-activity;sid:84518258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655159)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655159/; classtype:trojan-activity;sid:84518259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655156)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/catalog/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655156/; classtype:trojan-activity;sid:84518256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655155)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655155/; classtype:trojan-activity;sid:84518255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655154)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655154/; classtype:trojan-activity;sid:84518254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655153)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655153/; classtype:trojan-activity;sid:84518253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655152)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655152/; classtype:trojan-activity;sid:84518252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655149)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655149/; classtype:trojan-activity;sid:84518249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655148)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655148/; classtype:trojan-activity;sid:84518248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655146)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655146/; classtype:trojan-activity;sid:84518246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655144)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655144/; classtype:trojan-activity;sid:84518244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655140)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655140/; classtype:trojan-activity;sid:84518240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655138)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240726-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655138/; classtype:trojan-activity;sid:84518238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655139)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655139/; classtype:trojan-activity;sid:84518239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655137)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655137/; classtype:trojan-activity;sid:84518237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655130)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655130/; classtype:trojan-activity;sid:84518230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655131)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655131/; classtype:trojan-activity;sid:84518231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655132)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655132/; classtype:trojan-activity;sid:84518232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655128)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655128/; classtype:trojan-activity;sid:84518228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655127)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655127/; classtype:trojan-activity;sid:84518227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655125)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655125/; classtype:trojan-activity;sid:84518225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655126)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655126/; classtype:trojan-activity;sid:84518226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655124)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655124/; classtype:trojan-activity;sid:84518224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655119)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250721-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655119/; classtype:trojan-activity;sid:84518219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655118)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655118/; classtype:trojan-activity;sid:84518218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655117)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655117/; classtype:trojan-activity;sid:84518217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655116)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655116/; classtype:trojan-activity;sid:84518216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655115)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655115/; classtype:trojan-activity;sid:84518215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655111)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250104-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655111/; classtype:trojan-activity;sid:84518211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655110)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655110/; classtype:trojan-activity;sid:84518210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655109)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655109/; classtype:trojan-activity;sid:84518209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655107)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pdffactory_pro_setup/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655107/; classtype:trojan-activity;sid:84518207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655104)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655104/; classtype:trojan-activity;sid:84518204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655105)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/demo/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655105/; classtype:trojan-activity;sid:84518205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655102)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655102/; classtype:trojan-activity;sid:84518202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655098)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655098/; classtype:trojan-activity;sid:84518198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655099/; classtype:trojan-activity;sid:84518199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655100)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655100/; classtype:trojan-activity;sid:84518200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655097)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655097/; classtype:trojan-activity;sid:84518197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655096)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655096/; classtype:trojan-activity;sid:84518196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655095)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655095/; classtype:trojan-activity;sid:84518195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655093)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655093/; classtype:trojan-activity;sid:84518193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655094)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655094/; classtype:trojan-activity;sid:84518194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655089)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655089/; classtype:trojan-activity;sid:84518189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655090)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655090/; classtype:trojan-activity;sid:84518190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655091)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250606-148/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655091/; classtype:trojan-activity;sid:84518191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655088/; classtype:trojan-activity;sid:84518188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2025-01-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655085/; classtype:trojan-activity;sid:84518185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655086)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655086/; classtype:trojan-activity;sid:84518186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655084)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655084/; classtype:trojan-activity;sid:84518184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655082)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250328-154/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655082/; classtype:trojan-activity;sid:84518182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655081)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655081/; classtype:trojan-activity;sid:84518181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655077)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655077/; classtype:trojan-activity;sid:84518177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655078)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655078/; classtype:trojan-activity;sid:84518178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655074)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655074/; classtype:trojan-activity;sid:84518174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655075)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250613-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655075/; classtype:trojan-activity;sid:84518175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655076)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655076/; classtype:trojan-activity;sid:84518176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655073)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655073/; classtype:trojan-activity;sid:84518173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655072)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655072/; classtype:trojan-activity;sid:84518172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655070)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655070/; classtype:trojan-activity;sid:84518170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655068)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655068/; classtype:trojan-activity;sid:84518168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655065/; classtype:trojan-activity;sid:84518165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655064)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655064/; classtype:trojan-activity;sid:84518164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655061/; classtype:trojan-activity;sid:84518161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655060)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655060/; classtype:trojan-activity;sid:84518160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655059)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655059/; classtype:trojan-activity;sid:84518159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655057)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655057/; classtype:trojan-activity;sid:84518157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655053)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655053/; classtype:trojan-activity;sid:84518153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655054)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655054/; classtype:trojan-activity;sid:84518154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655051)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655051/; classtype:trojan-activity;sid:84518151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655052)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655052/; classtype:trojan-activity;sid:84518152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655049)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655049/; classtype:trojan-activity;sid:84518149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655048)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655048/; classtype:trojan-activity;sid:84518148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655045)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655045/; classtype:trojan-activity;sid:84518145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655043)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655043/; classtype:trojan-activity;sid:84518143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655044/; classtype:trojan-activity;sid:84518144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655039)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655039/; classtype:trojan-activity;sid:84518139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655037)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655037/; classtype:trojan-activity;sid:84518137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655038)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655038/; classtype:trojan-activity;sid:84518138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655036)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655036/; classtype:trojan-activity;sid:84518136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655035/; classtype:trojan-activity;sid:84518135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655034/; classtype:trojan-activity;sid:84518134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655033)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240531-121/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655033/; classtype:trojan-activity;sid:84518133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655029)"; flow:established,from_client; content:"GET"; http_method; content:"/arm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655029/; classtype:trojan-activity;sid:84518129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655031)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655031/; classtype:trojan-activity;sid:84518131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655032/; classtype:trojan-activity;sid:84518132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655028/; classtype:trojan-activity;sid:84518128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/0011/28082019084303/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655026/; classtype:trojan-activity;sid:84518126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655025)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655025/; classtype:trojan-activity;sid:84518125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655024)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655024/; classtype:trojan-activity;sid:84518124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655023)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/windows%20installer/x64/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655023/; classtype:trojan-activity;sid:84518123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655021)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655021/; classtype:trojan-activity;sid:84518121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655019)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655019/; classtype:trojan-activity;sid:84518119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655020)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655020/; classtype:trojan-activity;sid:84518120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655015)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655015/; classtype:trojan-activity;sid:84518115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655016)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655016/; classtype:trojan-activity;sid:84518116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655013)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655013/; classtype:trojan-activity;sid:84518113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655010)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655010/; classtype:trojan-activity;sid:84518110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655008)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655008/; classtype:trojan-activity;sid:84518108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655006)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655006/; classtype:trojan-activity;sid:84518106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655007)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655007/; classtype:trojan-activity;sid:84518107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655005)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655005/; classtype:trojan-activity;sid:84518105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655004)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655004/; classtype:trojan-activity;sid:84518104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655000)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655000/; classtype:trojan-activity;sid:84518100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654999)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654999/; classtype:trojan-activity;sid:84518099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654998)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654998/; classtype:trojan-activity;sid:84518098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654997)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654997/; classtype:trojan-activity;sid:84518097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654996)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654996/; classtype:trojan-activity;sid:84518096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654994)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654994/; classtype:trojan-activity;sid:84518094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654992/; classtype:trojan-activity;sid:84518092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654991)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654991/; classtype:trojan-activity;sid:84518091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654989)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654989/; classtype:trojan-activity;sid:84518089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654985/; classtype:trojan-activity;sid:84518085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654986)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654986/; classtype:trojan-activity;sid:84518086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654981/; classtype:trojan-activity;sid:84518081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654982)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654982/; classtype:trojan-activity;sid:84518082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654977)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654977/; classtype:trojan-activity;sid:84518077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654975)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654975/; classtype:trojan-activity;sid:84518075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654976)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240905-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654976/; classtype:trojan-activity;sid:84518076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654973/; classtype:trojan-activity;sid:84518073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654971)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654971/; classtype:trojan-activity;sid:84518071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654969)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654969/; classtype:trojan-activity;sid:84518069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654967)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654967/; classtype:trojan-activity;sid:84518067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654966/; classtype:trojan-activity;sid:84518066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654964)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654964/; classtype:trojan-activity;sid:84518064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654963)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654963/; classtype:trojan-activity;sid:84518063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654962)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654962/; classtype:trojan-activity;sid:84518062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654960)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654960/; classtype:trojan-activity;sid:84518060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654958)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654958/; classtype:trojan-activity;sid:84518058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654957)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654957/; classtype:trojan-activity;sid:84518057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654953)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654953/; classtype:trojan-activity;sid:84518053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654948)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654948/; classtype:trojan-activity;sid:84518048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654946)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654946/; classtype:trojan-activity;sid:84518046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654942)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654942/; classtype:trojan-activity;sid:84518042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654941)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654941/; classtype:trojan-activity;sid:84518041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654938)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654938/; classtype:trojan-activity;sid:84518038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654940/; classtype:trojan-activity;sid:84518040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654937)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654937/; classtype:trojan-activity;sid:84518037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654936)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654936/; classtype:trojan-activity;sid:84518036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654935)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654935/; classtype:trojan-activity;sid:84518035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654934)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/2052/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654934/; classtype:trojan-activity;sid:84518034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654932)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654932/; classtype:trojan-activity;sid:84518032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654931)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654931/; classtype:trojan-activity;sid:84518031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654928)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654928/; classtype:trojan-activity;sid:84518028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654926)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654926/; classtype:trojan-activity;sid:84518026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654925)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654925/; classtype:trojan-activity;sid:84518025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654922)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654922/; classtype:trojan-activity;sid:84518022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654923)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654923/; classtype:trojan-activity;sid:84518023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654921/; classtype:trojan-activity;sid:84518021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654920)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654920/; classtype:trojan-activity;sid:84518020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654917)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654917/; classtype:trojan-activity;sid:84518017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654912)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654912/; classtype:trojan-activity;sid:84518012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654902)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654902/; classtype:trojan-activity;sid:84518002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654904)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654904/; classtype:trojan-activity;sid:84518004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654905)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654905/; classtype:trojan-activity;sid:84518005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654901)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654901/; classtype:trojan-activity;sid:84518001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654898)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654898/; classtype:trojan-activity;sid:84517998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654899)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654899/; classtype:trojan-activity;sid:84517999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654900)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654900/; classtype:trojan-activity;sid:84518000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654896/; classtype:trojan-activity;sid:84517996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654893)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654893/; classtype:trojan-activity;sid:84517993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654894/; classtype:trojan-activity;sid:84517994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654892)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654892/; classtype:trojan-activity;sid:84517992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654889)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654889/; classtype:trojan-activity;sid:84517989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654885)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250211-096/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654885/; classtype:trojan-activity;sid:84517985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654883)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/sdk/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654883/; classtype:trojan-activity;sid:84517983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654884)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654884/; classtype:trojan-activity;sid:84517984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654882/; classtype:trojan-activity;sid:84517982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654878)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654878/; classtype:trojan-activity;sid:84517978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654877)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/fonts/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654877/; classtype:trojan-activity;sid:84517977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654874)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654874/; classtype:trojan-activity;sid:84517974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654876)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654876/; classtype:trojan-activity;sid:84517976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654870)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654870/; classtype:trojan-activity;sid:84517970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654871)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654871/; classtype:trojan-activity;sid:84517971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654868)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654868/; classtype:trojan-activity;sid:84517968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654865)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654865/; classtype:trojan-activity;sid:84517965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654866)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654866/; classtype:trojan-activity;sid:84517966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654862)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654862/; classtype:trojan-activity;sid:84517962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654863)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654863/; classtype:trojan-activity;sid:84517963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654859)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654859/; classtype:trojan-activity;sid:84517959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654860/; classtype:trojan-activity;sid:84517960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654857)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654857/; classtype:trojan-activity;sid:84517957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654858)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654858/; classtype:trojan-activity;sid:84517958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654854)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.155.237.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654854/; classtype:trojan-activity;sid:84517954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654855)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654855/; classtype:trojan-activity;sid:84517955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654853/; classtype:trojan-activity;sid:84517953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654852)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654852/; classtype:trojan-activity;sid:84517952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654851)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250603-136/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654851/; classtype:trojan-activity;sid:84517951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654850)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654850/; classtype:trojan-activity;sid:84517950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654849)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654849/; classtype:trojan-activity;sid:84517949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654848)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654848/; classtype:trojan-activity;sid:84517948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654844)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654844/; classtype:trojan-activity;sid:84517944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654842)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.251.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654842/; classtype:trojan-activity;sid:84517942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654836)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654836/; classtype:trojan-activity;sid:84517936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654834)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654834/; classtype:trojan-activity;sid:84517934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654829)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654829/; classtype:trojan-activity;sid:84517929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654826)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654826/; classtype:trojan-activity;sid:84517926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654820)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654820/; classtype:trojan-activity;sid:84517920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654818)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654818/; classtype:trojan-activity;sid:84517918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654817)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654817/; classtype:trojan-activity;sid:84517917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654814/; classtype:trojan-activity;sid:84517914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654813)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654813/; classtype:trojan-activity;sid:84517913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654812)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654812/; classtype:trojan-activity;sid:84517912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654811)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654811/; classtype:trojan-activity;sid:84517911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654810)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654810/; classtype:trojan-activity;sid:84517910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654808)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654808/; classtype:trojan-activity;sid:84517908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654809/; classtype:trojan-activity;sid:84517909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654807)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654807/; classtype:trojan-activity;sid:84517907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654806/; classtype:trojan-activity;sid:84517906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654804/; classtype:trojan-activity;sid:84517904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654803)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654803/; classtype:trojan-activity;sid:84517903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654799)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654799/; classtype:trojan-activity;sid:84517899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654796/; classtype:trojan-activity;sid:84517896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654797)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654797/; classtype:trojan-activity;sid:84517897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654791)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654791/; classtype:trojan-activity;sid:84517891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654792)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240328-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654792/; classtype:trojan-activity;sid:84517892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654793)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654793/; classtype:trojan-activity;sid:84517893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654788)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654788/; classtype:trojan-activity;sid:84517888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654783)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654783/; classtype:trojan-activity;sid:84517883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654781/; classtype:trojan-activity;sid:84517881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654776)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654776/; classtype:trojan-activity;sid:84517876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654775)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654775/; classtype:trojan-activity;sid:84517875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654769)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654769/; classtype:trojan-activity;sid:84517869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654770)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654770/; classtype:trojan-activity;sid:84517870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654771)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654771/; classtype:trojan-activity;sid:84517871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654772)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654772/; classtype:trojan-activity;sid:84517872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654773)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654773/; classtype:trojan-activity;sid:84517873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654768)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw60/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654768/; classtype:trojan-activity;sid:84517868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654767)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654767/; classtype:trojan-activity;sid:84517867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654766)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/x64/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654766/; classtype:trojan-activity;sid:84517866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654765)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1250/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654765/; classtype:trojan-activity;sid:84517865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654763)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654763/; classtype:trojan-activity;sid:84517863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654762/; classtype:trojan-activity;sid:84517862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654761)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654761/; classtype:trojan-activity;sid:84517861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654760)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654760/; classtype:trojan-activity;sid:84517860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654758)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654758/; classtype:trojan-activity;sid:84517858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654757)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw70/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654757/; classtype:trojan-activity;sid:84517857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654756)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654756/; classtype:trojan-activity;sid:84517856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654755)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654755/; classtype:trojan-activity;sid:84517855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654753/; classtype:trojan-activity;sid:84517853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654751)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654751/; classtype:trojan-activity;sid:84517851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654750)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654750/; classtype:trojan-activity;sid:84517850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654748)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654748/; classtype:trojan-activity;sid:84517848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654747)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654747/; classtype:trojan-activity;sid:84517847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654746)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654746/; classtype:trojan-activity;sid:84517846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654743)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654743/; classtype:trojan-activity;sid:84517843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654745/; classtype:trojan-activity;sid:84517845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654742)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654742/; classtype:trojan-activity;sid:84517842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654740)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654740/; classtype:trojan-activity;sid:84517840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654738)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654738/; classtype:trojan-activity;sid:84517838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654736)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654736/; classtype:trojan-activity;sid:84517836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654734)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654734/; classtype:trojan-activity;sid:84517834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654732/; classtype:trojan-activity;sid:84517832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654731)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654731/; classtype:trojan-activity;sid:84517831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-02-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654729/; classtype:trojan-activity;sid:84517829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654730)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654730/; classtype:trojan-activity;sid:84517830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654728)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654728/; classtype:trojan-activity;sid:84517828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654725)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia-tuzhi/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654725/; classtype:trojan-activity;sid:84517825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654726/; classtype:trojan-activity;sid:84517826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654721)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654721/; classtype:trojan-activity;sid:84517821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654720)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654720/; classtype:trojan-activity;sid:84517820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654719)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654719/; classtype:trojan-activity;sid:84517819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654718)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250416-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654718/; classtype:trojan-activity;sid:84517818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654717)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654717/; classtype:trojan-activity;sid:84517817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654716)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654716/; classtype:trojan-activity;sid:84517816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31082019084149/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654715/; classtype:trojan-activity;sid:84517815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654714/; classtype:trojan-activity;sid:84517814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654710)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654710/; classtype:trojan-activity;sid:84517810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654708)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654708/; classtype:trojan-activity;sid:84517808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654706)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654706/; classtype:trojan-activity;sid:84517806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654702)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654702/; classtype:trojan-activity;sid:84517802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654703)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654703/; classtype:trojan-activity;sid:84517803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654701)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240111-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654701/; classtype:trojan-activity;sid:84517801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654699)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654699/; classtype:trojan-activity;sid:84517799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654697)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654697/; classtype:trojan-activity;sid:84517797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654694/; classtype:trojan-activity;sid:84517794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654695/; classtype:trojan-activity;sid:84517795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654693)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654693/; classtype:trojan-activity;sid:84517793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654692)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654692/; classtype:trojan-activity;sid:84517792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654691)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654691/; classtype:trojan-activity;sid:84517791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654687/; classtype:trojan-activity;sid:84517787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654688)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654688/; classtype:trojan-activity;sid:84517788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654686)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654686/; classtype:trojan-activity;sid:84517786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654685)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241211-068/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654685/; classtype:trojan-activity;sid:84517785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654684)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654684/; classtype:trojan-activity;sid:84517784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654683)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654683/; classtype:trojan-activity;sid:84517783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654682/; classtype:trojan-activity;sid:84517782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654679)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654679/; classtype:trojan-activity;sid:84517779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654677/; classtype:trojan-activity;sid:84517777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654678/; classtype:trojan-activity;sid:84517778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654673)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654673/; classtype:trojan-activity;sid:84517773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654674/; classtype:trojan-activity;sid:84517774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654672/; classtype:trojan-activity;sid:84517772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654671/; classtype:trojan-activity;sid:84517771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654668/; classtype:trojan-activity;sid:84517768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654670)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/1033/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654670/; classtype:trojan-activity;sid:84517770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654665/; classtype:trojan-activity;sid:84517765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654663)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654663/; classtype:trojan-activity;sid:84517763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654662)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250718-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654662/; classtype:trojan-activity;sid:84517762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654661)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654661/; classtype:trojan-activity;sid:84517761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654659)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654659/; classtype:trojan-activity;sid:84517759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654658)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654658/; classtype:trojan-activity;sid:84517758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654657)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654657/; classtype:trojan-activity;sid:84517757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654655/; classtype:trojan-activity;sid:84517755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654652)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654652/; classtype:trojan-activity;sid:84517752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654653)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654653/; classtype:trojan-activity;sid:84517753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654654)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654654/; classtype:trojan-activity;sid:84517754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654651/; classtype:trojan-activity;sid:84517751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654649)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654649/; classtype:trojan-activity;sid:84517749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654647)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654647/; classtype:trojan-activity;sid:84517747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654643/; classtype:trojan-activity;sid:84517743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654642)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654642/; classtype:trojan-activity;sid:84517742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654641)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654641/; classtype:trojan-activity;sid:84517741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654640)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654640/; classtype:trojan-activity;sid:84517740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654638)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654638/; classtype:trojan-activity;sid:84517738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654634)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654634/; classtype:trojan-activity;sid:84517734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654632)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/office64.pt-br/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654632/; classtype:trojan-activity;sid:84517732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654629)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654629/; classtype:trojan-activity;sid:84517729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654630/; classtype:trojan-activity;sid:84517730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654626)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654626/; classtype:trojan-activity;sid:84517726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654625)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654625/; classtype:trojan-activity;sid:84517725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654621)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654621/; classtype:trojan-activity;sid:84517721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654622/; classtype:trojan-activity;sid:84517722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654619)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654619/; classtype:trojan-activity;sid:84517719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654620/; classtype:trojan-activity;sid:84517720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654618)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654618/; classtype:trojan-activity;sid:84517718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654615)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654615/; classtype:trojan-activity;sid:84517715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654610/; classtype:trojan-activity;sid:84517710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654611)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654611/; classtype:trojan-activity;sid:84517711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654612)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654612/; classtype:trojan-activity;sid:84517712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654609)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654609/; classtype:trojan-activity;sid:84517709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654608/; classtype:trojan-activity;sid:84517708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654606)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654606/; classtype:trojan-activity;sid:84517706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654604)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654604/; classtype:trojan-activity;sid:84517704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654600)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654600/; classtype:trojan-activity;sid:84517700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654599)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654599/; classtype:trojan-activity;sid:84517699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654596)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654596/; classtype:trojan-activity;sid:84517696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654595)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250717-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654595/; classtype:trojan-activity;sid:84517695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654593/; classtype:trojan-activity;sid:84517693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654592)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654592/; classtype:trojan-activity;sid:84517692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654590)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250208-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654590/; classtype:trojan-activity;sid:84517690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654591)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654591/; classtype:trojan-activity;sid:84517691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654588)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654588/; classtype:trojan-activity;sid:84517688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654589)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654589/; classtype:trojan-activity;sid:84517689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654582)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221207-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654582/; classtype:trojan-activity;sid:84517682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654583)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654583/; classtype:trojan-activity;sid:84517683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654581)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw80/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654581/; classtype:trojan-activity;sid:84517681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654579)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654579/; classtype:trojan-activity;sid:84517679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654577)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654577/; classtype:trojan-activity;sid:84517677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654575/; classtype:trojan-activity;sid:84517675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654574)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/watson/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654574/; classtype:trojan-activity;sid:84517674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654573)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654573/; classtype:trojan-activity;sid:84517673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654571)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654571/; classtype:trojan-activity;sid:84517671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654570)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654570/; classtype:trojan-activity;sid:84517670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654568)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654568/; classtype:trojan-activity;sid:84517668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654567)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654567/; classtype:trojan-activity;sid:84517667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654565)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654565/; classtype:trojan-activity;sid:84517665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654566)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654566/; classtype:trojan-activity;sid:84517666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654562)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241113-091/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654562/; classtype:trojan-activity;sid:84517662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654560)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654560/; classtype:trojan-activity;sid:84517660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654558)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654558/; classtype:trojan-activity;sid:84517658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654557)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241114-115/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654557/; classtype:trojan-activity;sid:84517657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654556)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654556/; classtype:trojan-activity;sid:84517656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654555)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654555/; classtype:trojan-activity;sid:84517655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654553)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654553/; classtype:trojan-activity;sid:84517653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654551)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654551/; classtype:trojan-activity;sid:84517651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654549)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654549/; classtype:trojan-activity;sid:84517649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654548)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654548/; classtype:trojan-activity;sid:84517648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654547)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654547/; classtype:trojan-activity;sid:84517647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654546/; classtype:trojan-activity;sid:84517646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654543)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654543/; classtype:trojan-activity;sid:84517643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654545)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654545/; classtype:trojan-activity;sid:84517645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654541)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654541/; classtype:trojan-activity;sid:84517641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654539)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654539/; classtype:trojan-activity;sid:84517639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654538)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654538/; classtype:trojan-activity;sid:84517638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654536)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654536/; classtype:trojan-activity;sid:84517636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654537)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654537/; classtype:trojan-activity;sid:84517637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654533)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654533/; classtype:trojan-activity;sid:84517633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654534)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654534/; classtype:trojan-activity;sid:84517634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654531)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654531/; classtype:trojan-activity;sid:84517631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654530)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654530/; classtype:trojan-activity;sid:84517630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654529)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654529/; classtype:trojan-activity;sid:84517629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654528)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654528/; classtype:trojan-activity;sid:84517628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654526/; classtype:trojan-activity;sid:84517626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654525)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654525/; classtype:trojan-activity;sid:84517625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654522/; classtype:trojan-activity;sid:84517622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654519)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654519/; classtype:trojan-activity;sid:84517619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654517)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654517/; classtype:trojan-activity;sid:84517617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654518)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654518/; classtype:trojan-activity;sid:84517618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654513)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654513/; classtype:trojan-activity;sid:84517613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654514/; classtype:trojan-activity;sid:84517614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654511)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1050/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654511/; classtype:trojan-activity;sid:84517611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654510)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654510/; classtype:trojan-activity;sid:84517610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654509/; classtype:trojan-activity;sid:84517609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654508)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654508/; classtype:trojan-activity;sid:84517608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654507/; classtype:trojan-activity;sid:84517607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654506)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654506/; classtype:trojan-activity;sid:84517606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654504)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654504/; classtype:trojan-activity;sid:84517604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654499)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654499/; classtype:trojan-activity;sid:84517599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654500)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"145.249.186.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654500/; classtype:trojan-activity;sid:84517600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654501)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654501/; classtype:trojan-activity;sid:84517601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654502)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654502/; classtype:trojan-activity;sid:84517602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654503)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654503/; classtype:trojan-activity;sid:84517603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654498)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654498/; classtype:trojan-activity;sid:84517598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654494)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654494/; classtype:trojan-activity;sid:84517594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654495)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654495/; classtype:trojan-activity;sid:84517595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654496)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654496/; classtype:trojan-activity;sid:84517596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654497)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654497/; classtype:trojan-activity;sid:84517597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654493)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654493/; classtype:trojan-activity;sid:84517593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654491/; classtype:trojan-activity;sid:84517591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654490)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654490/; classtype:trojan-activity;sid:84517590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654488/; classtype:trojan-activity;sid:84517588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654489)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654489/; classtype:trojan-activity;sid:84517589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654486)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/setup/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654486/; classtype:trojan-activity;sid:84517586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654487)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654487/; classtype:trojan-activity;sid:84517587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654483)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/1033/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654483/; classtype:trojan-activity;sid:84517583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654484)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654484/; classtype:trojan-activity;sid:84517584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654481)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654481/; classtype:trojan-activity;sid:84517581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654478)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654478/; classtype:trojan-activity;sid:84517578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654477/; classtype:trojan-activity;sid:84517577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654475)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/2052/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654475/; classtype:trojan-activity;sid:84517575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654476)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654476/; classtype:trojan-activity;sid:84517576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654474)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654474/; classtype:trojan-activity;sid:84517574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654473)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654473/; classtype:trojan-activity;sid:84517573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654472)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654472/; classtype:trojan-activity;sid:84517572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654470)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654470/; classtype:trojan-activity;sid:84517570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654464)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.108.238.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654464/; classtype:trojan-activity;sid:84517564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654465)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654465/; classtype:trojan-activity;sid:84517565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654467)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654467/; classtype:trojan-activity;sid:84517567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654469)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654469/; classtype:trojan-activity;sid:84517569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654460)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654460/; classtype:trojan-activity;sid:84517560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654461)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654461/; classtype:trojan-activity;sid:84517561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654462)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654462/; classtype:trojan-activity;sid:84517562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654457)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654457/; classtype:trojan-activity;sid:84517557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654452)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654452/; classtype:trojan-activity;sid:84517552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654451)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654451/; classtype:trojan-activity;sid:84517551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654450)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654450/; classtype:trojan-activity;sid:84517550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654449)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/fonts/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654449/; classtype:trojan-activity;sid:84517549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654448)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654448/; classtype:trojan-activity;sid:84517548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654447/; classtype:trojan-activity;sid:84517547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654442)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654442/; classtype:trojan-activity;sid:84517542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654437)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654437/; classtype:trojan-activity;sid:84517537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654438)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654438/; classtype:trojan-activity;sid:84517538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654439)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654439/; classtype:trojan-activity;sid:84517539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654435)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654435/; classtype:trojan-activity;sid:84517535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654434)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654434/; classtype:trojan-activity;sid:84517534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654433)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654433/; classtype:trojan-activity;sid:84517533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654431)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/1033/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654431/; classtype:trojan-activity;sid:84517531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654429)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654429/; classtype:trojan-activity;sid:84517529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654427)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654427/; classtype:trojan-activity;sid:84517527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654428/; classtype:trojan-activity;sid:84517528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654424)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654424/; classtype:trojan-activity;sid:84517524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654425)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654425/; classtype:trojan-activity;sid:84517525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654423)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654423/; classtype:trojan-activity;sid:84517523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654416)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654416/; classtype:trojan-activity;sid:84517516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654415)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654415/; classtype:trojan-activity;sid:84517515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654412)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654412/; classtype:trojan-activity;sid:84517512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654409)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654409/; classtype:trojan-activity;sid:84517509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654410)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654410/; classtype:trojan-activity;sid:84517510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654411)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654411/; classtype:trojan-activity;sid:84517511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654408/; classtype:trojan-activity;sid:84517508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654404)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654404/; classtype:trojan-activity;sid:84517504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654405)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654405/; classtype:trojan-activity;sid:84517505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654401)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654401/; classtype:trojan-activity;sid:84517501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654399)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654399/; classtype:trojan-activity;sid:84517499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654397)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/90/shared/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654397/; classtype:trojan-activity;sid:84517497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654395)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240425-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654395/; classtype:trojan-activity;sid:84517495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654392)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654392/; classtype:trojan-activity;sid:84517492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654390)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654390/; classtype:trojan-activity;sid:84517490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654391/; classtype:trojan-activity;sid:84517491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654387)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654387/; classtype:trojan-activity;sid:84517487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654388)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654388/; classtype:trojan-activity;sid:84517488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654385)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654385/; classtype:trojan-activity;sid:84517485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654383)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654383/; classtype:trojan-activity;sid:84517483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654384)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654384/; classtype:trojan-activity;sid:84517484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654381)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654381/; classtype:trojan-activity;sid:84517481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654380)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654380/; classtype:trojan-activity;sid:84517480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654378)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654378/; classtype:trojan-activity;sid:84517478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654375)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654375/; classtype:trojan-activity;sid:84517475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654376)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654376/; classtype:trojan-activity;sid:84517476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654377)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654377/; classtype:trojan-activity;sid:84517477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654372/; classtype:trojan-activity;sid:84517472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654373)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0800/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654373/; classtype:trojan-activity;sid:84517473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654371)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654371/; classtype:trojan-activity;sid:84517471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654365)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654365/; classtype:trojan-activity;sid:84517465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654364)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654364/; classtype:trojan-activity;sid:84517464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654362)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654362/; classtype:trojan-activity;sid:84517462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654361)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654361/; classtype:trojan-activity;sid:84517461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654359)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654359/; classtype:trojan-activity;sid:84517459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654357)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw80/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654357/; classtype:trojan-activity;sid:84517457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654356)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654356/; classtype:trojan-activity;sid:84517456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654355)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/otherup/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654355/; classtype:trojan-activity;sid:84517455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654354)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654354/; classtype:trojan-activity;sid:84517454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654353)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/syswow64/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654353/; classtype:trojan-activity;sid:84517453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654351)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654351/; classtype:trojan-activity;sid:84517451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654352)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654352/; classtype:trojan-activity;sid:84517452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654349)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654349/; classtype:trojan-activity;sid:84517449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654347)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654347/; classtype:trojan-activity;sid:84517447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654345)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654345/; classtype:trojan-activity;sid:84517445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654342)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654342/; classtype:trojan-activity;sid:84517442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654341)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/binn/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654341/; classtype:trojan-activity;sid:84517441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654340)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654340/; classtype:trojan-activity;sid:84517440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654338)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654338/; classtype:trojan-activity;sid:84517438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654339/; classtype:trojan-activity;sid:84517439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654336/; classtype:trojan-activity;sid:84517436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654337)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654337/; classtype:trojan-activity;sid:84517437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654334/; classtype:trojan-activity;sid:84517434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654333)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654333/; classtype:trojan-activity;sid:84517433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654332)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654332/; classtype:trojan-activity;sid:84517432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654331/; classtype:trojan-activity;sid:84517431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654327)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240521-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654327/; classtype:trojan-activity;sid:84517427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654326)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654326/; classtype:trojan-activity;sid:84517426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654324)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654324/; classtype:trojan-activity;sid:84517424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654325)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654325/; classtype:trojan-activity;sid:84517425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654322)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654322/; classtype:trojan-activity;sid:84517422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654321/; classtype:trojan-activity;sid:84517421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654320)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654320/; classtype:trojan-activity;sid:84517420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654318)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654318/; classtype:trojan-activity;sid:84517418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654317)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654317/; classtype:trojan-activity;sid:84517417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654316)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654316/; classtype:trojan-activity;sid:84517416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654314)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240830-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654314/; classtype:trojan-activity;sid:84517414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-31/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654311/; classtype:trojan-activity;sid:84517411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654309)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654309/; classtype:trojan-activity;sid:84517409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654308/; classtype:trojan-activity;sid:84517408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654304)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654304/; classtype:trojan-activity;sid:84517404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654303)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654303/; classtype:trojan-activity;sid:84517403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654302)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654302/; classtype:trojan-activity;sid:84517402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654299/; classtype:trojan-activity;sid:84517399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654298)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654298/; classtype:trojan-activity;sid:84517398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654297)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654297/; classtype:trojan-activity;sid:84517397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654292/; classtype:trojan-activity;sid:84517392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654293)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230317-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654293/; classtype:trojan-activity;sid:84517393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654288)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654288/; classtype:trojan-activity;sid:84517388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654289)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654289/; classtype:trojan-activity;sid:84517389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654285)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654285/; classtype:trojan-activity;sid:84517385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654284)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654284/; classtype:trojan-activity;sid:84517384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654283/; classtype:trojan-activity;sid:84517383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654279)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654279/; classtype:trojan-activity;sid:84517379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654280)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654280/; classtype:trojan-activity;sid:84517380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654277)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654277/; classtype:trojan-activity;sid:84517377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654276)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654276/; classtype:trojan-activity;sid:84517376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654275)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654275/; classtype:trojan-activity;sid:84517375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654272)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654272/; classtype:trojan-activity;sid:84517372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654270/; classtype:trojan-activity;sid:84517370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654268)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654268/; classtype:trojan-activity;sid:84517368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654267)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654267/; classtype:trojan-activity;sid:84517367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654266/; classtype:trojan-activity;sid:84517366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654264)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654264/; classtype:trojan-activity;sid:84517364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654261)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654261/; classtype:trojan-activity;sid:84517361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654259)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654259/; classtype:trojan-activity;sid:84517359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654258)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654258/; classtype:trojan-activity;sid:84517358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654257)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654257/; classtype:trojan-activity;sid:84517357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654256)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654256/; classtype:trojan-activity;sid:84517356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654255)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654255/; classtype:trojan-activity;sid:84517355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654252)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654252/; classtype:trojan-activity;sid:84517352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654253)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654253/; classtype:trojan-activity;sid:84517353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654250)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654250/; classtype:trojan-activity;sid:84517350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654246)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654246/; classtype:trojan-activity;sid:84517346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654247/; classtype:trojan-activity;sid:84517347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654244)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654244/; classtype:trojan-activity;sid:84517344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654243)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654243/; classtype:trojan-activity;sid:84517343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654242)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654242/; classtype:trojan-activity;sid:84517342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654241)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654241/; classtype:trojan-activity;sid:84517341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654239/; classtype:trojan-activity;sid:84517339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654237/; classtype:trojan-activity;sid:84517337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654235)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654235/; classtype:trojan-activity;sid:84517335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654234)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654234/; classtype:trojan-activity;sid:84517334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654233/; classtype:trojan-activity;sid:84517333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654230)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654230/; classtype:trojan-activity;sid:84517330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654229)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654229/; classtype:trojan-activity;sid:84517329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654225)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654225/; classtype:trojan-activity;sid:84517325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654226)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654226/; classtype:trojan-activity;sid:84517326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654221)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654221/; classtype:trojan-activity;sid:84517321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654222)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654222/; classtype:trojan-activity;sid:84517322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654223)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654223/; classtype:trojan-activity;sid:84517323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654218)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654218/; classtype:trojan-activity;sid:84517318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654219)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654219/; classtype:trojan-activity;sid:84517319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654220)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654220/; classtype:trojan-activity;sid:84517320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654215)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654215/; classtype:trojan-activity;sid:84517315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654216/; classtype:trojan-activity;sid:84517316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654213)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654213/; classtype:trojan-activity;sid:84517313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654208)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654208/; classtype:trojan-activity;sid:84517308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654209/; classtype:trojan-activity;sid:84517309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654205)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654205/; classtype:trojan-activity;sid:84517305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654203)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654203/; classtype:trojan-activity;sid:84517303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654204)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654204/; classtype:trojan-activity;sid:84517304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654201)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654201/; classtype:trojan-activity;sid:84517301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654202)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654202/; classtype:trojan-activity;sid:84517302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654200)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654200/; classtype:trojan-activity;sid:84517300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654197)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654197/; classtype:trojan-activity;sid:84517297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654194)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654194/; classtype:trojan-activity;sid:84517294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654192)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654192/; classtype:trojan-activity;sid:84517292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654193)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654193/; classtype:trojan-activity;sid:84517293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-10-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654187/; classtype:trojan-activity;sid:84517287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654183)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654183/; classtype:trojan-activity;sid:84517283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654185)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654185/; classtype:trojan-activity;sid:84517285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654181)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654181/; classtype:trojan-activity;sid:84517281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654177)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654177/; classtype:trojan-activity;sid:84517277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654167)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654167/; classtype:trojan-activity;sid:84517267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654165)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654165/; classtype:trojan-activity;sid:84517265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654161)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654161/; classtype:trojan-activity;sid:84517261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654153)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654153/; classtype:trojan-activity;sid:84517253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654154)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654154/; classtype:trojan-activity;sid:84517254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654155)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654155/; classtype:trojan-activity;sid:84517255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654152)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654152/; classtype:trojan-activity;sid:84517252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654151)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654151/; classtype:trojan-activity;sid:84517251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654150)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654150/; classtype:trojan-activity;sid:84517250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654149)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654149/; classtype:trojan-activity;sid:84517249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654148)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1000/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654148/; classtype:trojan-activity;sid:84517248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654146)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654146/; classtype:trojan-activity;sid:84517246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654147)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654147/; classtype:trojan-activity;sid:84517247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654145)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654145/; classtype:trojan-activity;sid:84517245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654144)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654144/; classtype:trojan-activity;sid:84517244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654143)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654143/; classtype:trojan-activity;sid:84517243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654141)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654141/; classtype:trojan-activity;sid:84517241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654139)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240828-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654139/; classtype:trojan-activity;sid:84517239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654140)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654140/; classtype:trojan-activity;sid:84517240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654137)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654137/; classtype:trojan-activity;sid:84517237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654134)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654134/; classtype:trojan-activity;sid:84517234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654133)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654133/; classtype:trojan-activity;sid:84517233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654126)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1040/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654126/; classtype:trojan-activity;sid:84517226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654127)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654127/; classtype:trojan-activity;sid:84517227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654122)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654122/; classtype:trojan-activity;sid:84517222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654123)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654123/; classtype:trojan-activity;sid:84517223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654121)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654121/; classtype:trojan-activity;sid:84517221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654120)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.190.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654120/; classtype:trojan-activity;sid:84517220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654119/; classtype:trojan-activity;sid:84517219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654118)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654118/; classtype:trojan-activity;sid:84517218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654116)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654116/; classtype:trojan-activity;sid:84517216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654117)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654117/; classtype:trojan-activity;sid:84517217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654113)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654113/; classtype:trojan-activity;sid:84517213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654114)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654114/; classtype:trojan-activity;sid:84517214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654110)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654110/; classtype:trojan-activity;sid:84517210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654108)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654108/; classtype:trojan-activity;sid:84517208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654109)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654109/; classtype:trojan-activity;sid:84517209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654103)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654103/; classtype:trojan-activity;sid:84517203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654104)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654104/; classtype:trojan-activity;sid:84517204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654105)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654105/; classtype:trojan-activity;sid:84517205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654107)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654107/; classtype:trojan-activity;sid:84517207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654101)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654101/; classtype:trojan-activity;sid:84517201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654100)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654100/; classtype:trojan-activity;sid:84517200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654098)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654098/; classtype:trojan-activity;sid:84517198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654099)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240807-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654099/; classtype:trojan-activity;sid:84517199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654097)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654097/; classtype:trojan-activity;sid:84517197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654095)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654095/; classtype:trojan-activity;sid:84517195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654096)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250315-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654096/; classtype:trojan-activity;sid:84517196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654093)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654093/; classtype:trojan-activity;sid:84517193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654091)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654091/; classtype:trojan-activity;sid:84517191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654089)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654089/; classtype:trojan-activity;sid:84517189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654090)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654090/; classtype:trojan-activity;sid:84517190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654088/; classtype:trojan-activity;sid:84517188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654087)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654087/; classtype:trojan-activity;sid:84517187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654085)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654085/; classtype:trojan-activity;sid:84517185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654083)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654083/; classtype:trojan-activity;sid:84517183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654082)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654082/; classtype:trojan-activity;sid:84517182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654081)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654081/; classtype:trojan-activity;sid:84517181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654080)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0505/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654080/; classtype:trojan-activity;sid:84517180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654079)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654079/; classtype:trojan-activity;sid:84517179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654078)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654078/; classtype:trojan-activity;sid:84517178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654077)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654077/; classtype:trojan-activity;sid:84517177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654076)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654076/; classtype:trojan-activity;sid:84517176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654073)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654073/; classtype:trojan-activity;sid:84517173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654074)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654074/; classtype:trojan-activity;sid:84517174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654070)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654070/; classtype:trojan-activity;sid:84517170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654071)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654071/; classtype:trojan-activity;sid:84517171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654069)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654069/; classtype:trojan-activity;sid:84517169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654068)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654068/; classtype:trojan-activity;sid:84517168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654067)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654067/; classtype:trojan-activity;sid:84517167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654066)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250305-083/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654066/; classtype:trojan-activity;sid:84517166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654065)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654065/; classtype:trojan-activity;sid:84517165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654059)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654059/; classtype:trojan-activity;sid:84517159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654062)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654062/; classtype:trojan-activity;sid:84517162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654058)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654058/; classtype:trojan-activity;sid:84517158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654055)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654055/; classtype:trojan-activity;sid:84517155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654057)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654057/; classtype:trojan-activity;sid:84517157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654053)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654053/; classtype:trojan-activity;sid:84517153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654054)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654054/; classtype:trojan-activity;sid:84517154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654052)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654052/; classtype:trojan-activity;sid:84517152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654051)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654051/; classtype:trojan-activity;sid:84517151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08102019085104/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654049/; classtype:trojan-activity;sid:84517149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654050)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654050/; classtype:trojan-activity;sid:84517150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654047)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654047/; classtype:trojan-activity;sid:84517147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654048)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654048/; classtype:trojan-activity;sid:84517148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654046)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654046/; classtype:trojan-activity;sid:84517146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654045)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230909-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654045/; classtype:trojan-activity;sid:84517145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654044)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654044/; classtype:trojan-activity;sid:84517144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654042)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654042/; classtype:trojan-activity;sid:84517142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654040)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654040/; classtype:trojan-activity;sid:84517140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654039)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654039/; classtype:trojan-activity;sid:84517139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654038)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654038/; classtype:trojan-activity;sid:84517138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654037)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654037/; classtype:trojan-activity;sid:84517137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654035)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654035/; classtype:trojan-activity;sid:84517135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654036)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240127-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654036/; classtype:trojan-activity;sid:84517136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654034/; classtype:trojan-activity;sid:84517134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654033/; classtype:trojan-activity;sid:84517133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654032)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654032/; classtype:trojan-activity;sid:84517132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654031)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654031/; classtype:trojan-activity;sid:84517131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654030)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654030/; classtype:trojan-activity;sid:84517130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654029)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654029/; classtype:trojan-activity;sid:84517129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654028)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250724-113/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654028/; classtype:trojan-activity;sid:84517128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654026)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654026/; classtype:trojan-activity;sid:84517126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654025/; classtype:trojan-activity;sid:84517125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654024)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654024/; classtype:trojan-activity;sid:84517124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654023/; classtype:trojan-activity;sid:84517123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654022)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654022/; classtype:trojan-activity;sid:84517122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654021/; classtype:trojan-activity;sid:84517121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654019/; classtype:trojan-activity;sid:84517119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654020)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654020/; classtype:trojan-activity;sid:84517120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654018)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654018/; classtype:trojan-activity;sid:84517118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654015)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654015/; classtype:trojan-activity;sid:84517115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654014/; classtype:trojan-activity;sid:84517114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654012)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654012/; classtype:trojan-activity;sid:84517112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654013)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654013/; classtype:trojan-activity;sid:84517113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654011/; classtype:trojan-activity;sid:84517111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654010)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654010/; classtype:trojan-activity;sid:84517110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654009)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654009/; classtype:trojan-activity;sid:84517109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654007)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654007/; classtype:trojan-activity;sid:84517107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654008)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654008/; classtype:trojan-activity;sid:84517108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654006)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250701-032/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654006/; classtype:trojan-activity;sid:84517106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654005/; classtype:trojan-activity;sid:84517105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654003/; classtype:trojan-activity;sid:84517103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654002)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654002/; classtype:trojan-activity;sid:84517102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654001)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654001/; classtype:trojan-activity;sid:84517101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654000)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654000/; classtype:trojan-activity;sid:84517100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653999)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653999/; classtype:trojan-activity;sid:84517099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653998)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653998/; classtype:trojan-activity;sid:84517098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653997)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653997/; classtype:trojan-activity;sid:84517097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653994)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240617-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653994/; classtype:trojan-activity;sid:84517094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653995)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653995/; classtype:trojan-activity;sid:84517095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653996)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653996/; classtype:trojan-activity;sid:84517096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653992/; classtype:trojan-activity;sid:84517092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653991)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653991/; classtype:trojan-activity;sid:84517091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653990)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/3082/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653990/; classtype:trojan-activity;sid:84517090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653988/; classtype:trojan-activity;sid:84517088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653986)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653986/; classtype:trojan-activity;sid:84517086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653985)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653985/; classtype:trojan-activity;sid:84517085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653982)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653982/; classtype:trojan-activity;sid:84517082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653983)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653983/; classtype:trojan-activity;sid:84517083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653981)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/system32/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653981/; classtype:trojan-activity;sid:84517081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653980)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653980/; classtype:trojan-activity;sid:84517080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653979)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653979/; classtype:trojan-activity;sid:84517079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653978)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653978/; classtype:trojan-activity;sid:84517078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653977)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653977/; classtype:trojan-activity;sid:84517077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653976)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653976/; classtype:trojan-activity;sid:84517076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653973)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653973/; classtype:trojan-activity;sid:84517073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653972/; classtype:trojan-activity;sid:84517072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653967)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653967/; classtype:trojan-activity;sid:84517067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653968)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653968/; classtype:trojan-activity;sid:84517068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653965)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653965/; classtype:trojan-activity;sid:84517065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653966)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653966/; classtype:trojan-activity;sid:84517066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653964)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653964/; classtype:trojan-activity;sid:84517064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653963)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653963/; classtype:trojan-activity;sid:84517063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653961)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653961/; classtype:trojan-activity;sid:84517061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653962)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653962/; classtype:trojan-activity;sid:84517062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653958)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653958/; classtype:trojan-activity;sid:84517058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653956)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653956/; classtype:trojan-activity;sid:84517056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653957)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653957/; classtype:trojan-activity;sid:84517057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653955)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653955/; classtype:trojan-activity;sid:84517055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653953)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250208-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653953/; classtype:trojan-activity;sid:84517053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653954)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653954/; classtype:trojan-activity;sid:84517054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653949)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653949/; classtype:trojan-activity;sid:84517049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653948)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653948/; classtype:trojan-activity;sid:84517048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653947)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653947/; classtype:trojan-activity;sid:84517047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653945)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653945/; classtype:trojan-activity;sid:84517045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653944)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653944/; classtype:trojan-activity;sid:84517044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653941)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653941/; classtype:trojan-activity;sid:84517041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653943/; classtype:trojan-activity;sid:84517043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653939)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653939/; classtype:trojan-activity;sid:84517039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653940)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/x86/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653940/; classtype:trojan-activity;sid:84517040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653938)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653938/; classtype:trojan-activity;sid:84517038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653936)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653936/; classtype:trojan-activity;sid:84517036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653933)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250301-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653933/; classtype:trojan-activity;sid:84517033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653930)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653930/; classtype:trojan-activity;sid:84517030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653929)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653929/; classtype:trojan-activity;sid:84517029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653926)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653926/; classtype:trojan-activity;sid:84517026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653927)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653927/; classtype:trojan-activity;sid:84517027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653928/; classtype:trojan-activity;sid:84517028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653925)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/2052/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653925/; classtype:trojan-activity;sid:84517025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653924)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653924/; classtype:trojan-activity;sid:84517024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653922)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653922/; classtype:trojan-activity;sid:84517022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653920)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653920/; classtype:trojan-activity;sid:84517020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653917)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653917/; classtype:trojan-activity;sid:84517017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653918)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653918/; classtype:trojan-activity;sid:84517018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653915)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653915/; classtype:trojan-activity;sid:84517015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653916)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653916/; classtype:trojan-activity;sid:84517016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653914/; classtype:trojan-activity;sid:84517014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653913)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653913/; classtype:trojan-activity;sid:84517013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653911)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653911/; classtype:trojan-activity;sid:84517011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653912)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653912/; classtype:trojan-activity;sid:84517012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653908)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653908/; classtype:trojan-activity;sid:84517008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653909)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653909/; classtype:trojan-activity;sid:84517009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653905)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653905/; classtype:trojan-activity;sid:84517005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653904)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653904/; classtype:trojan-activity;sid:84517004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653903)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653903/; classtype:trojan-activity;sid:84517003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653901)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653901/; classtype:trojan-activity;sid:84517001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653900)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653900/; classtype:trojan-activity;sid:84517000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653898)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241123-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653898/; classtype:trojan-activity;sid:84516998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653896)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240523-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653896/; classtype:trojan-activity;sid:84516996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653895)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653895/; classtype:trojan-activity;sid:84516995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653892/; classtype:trojan-activity;sid:84516992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653893)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653893/; classtype:trojan-activity;sid:84516993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653891)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653891/; classtype:trojan-activity;sid:84516991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653890)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653890/; classtype:trojan-activity;sid:84516990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653889)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653889/; classtype:trojan-activity;sid:84516989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653888)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653888/; classtype:trojan-activity;sid:84516988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653887)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240724-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653887/; classtype:trojan-activity;sid:84516987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653885)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653885/; classtype:trojan-activity;sid:84516985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653882/; classtype:trojan-activity;sid:84516982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653884)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653884/; classtype:trojan-activity;sid:84516984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653881)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653881/; classtype:trojan-activity;sid:84516981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653878)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.118.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653878/; classtype:trojan-activity;sid:84516978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653875/; classtype:trojan-activity;sid:84516975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653874)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653874/; classtype:trojan-activity;sid:84516974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653871)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653871/; classtype:trojan-activity;sid:84516971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653872)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653872/; classtype:trojan-activity;sid:84516972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653869)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653869/; classtype:trojan-activity;sid:84516969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653870)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653870/; classtype:trojan-activity;sid:84516970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653867)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653867/; classtype:trojan-activity;sid:84516967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653864/; classtype:trojan-activity;sid:84516964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653865)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240417-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653865/; classtype:trojan-activity;sid:84516965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653863/; classtype:trojan-activity;sid:84516963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653862)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653862/; classtype:trojan-activity;sid:84516962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653861/; classtype:trojan-activity;sid:84516961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653859)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653859/; classtype:trojan-activity;sid:84516959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653860)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231206-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653860/; classtype:trojan-activity;sid:84516960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653858)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653858/; classtype:trojan-activity;sid:84516958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653857)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653857/; classtype:trojan-activity;sid:84516957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653856/; classtype:trojan-activity;sid:84516956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653855)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/watson/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653855/; classtype:trojan-activity;sid:84516955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653854)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.200.95.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653854/; classtype:trojan-activity;sid:84516954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653853)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653853/; classtype:trojan-activity;sid:84516953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653851)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653851/; classtype:trojan-activity;sid:84516951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653848)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653848/; classtype:trojan-activity;sid:84516948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653849/; classtype:trojan-activity;sid:84516949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653847)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653847/; classtype:trojan-activity;sid:84516947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653842/; classtype:trojan-activity;sid:84516942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653844)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653844/; classtype:trojan-activity;sid:84516944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-06-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653841/; classtype:trojan-activity;sid:84516941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653840)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653840/; classtype:trojan-activity;sid:84516940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653839/; classtype:trojan-activity;sid:84516939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653837)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/_pb%20decompiler%20dws/bjgl.pbd/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653837/; classtype:trojan-activity;sid:84516937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653836/; classtype:trojan-activity;sid:84516936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653834)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653834/; classtype:trojan-activity;sid:84516934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653833)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/zh-chs/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653833/; classtype:trojan-activity;sid:84516933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653832)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653832/; classtype:trojan-activity;sid:84516932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653831/; classtype:trojan-activity;sid:84516931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653830/; classtype:trojan-activity;sid:84516930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653829)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653829/; classtype:trojan-activity;sid:84516929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653828)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653828/; classtype:trojan-activity;sid:84516928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653827)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653827/; classtype:trojan-activity;sid:84516927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653826/; classtype:trojan-activity;sid:84516926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653824)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653824/; classtype:trojan-activity;sid:84516924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653825)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653825/; classtype:trojan-activity;sid:84516925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653823/; classtype:trojan-activity;sid:84516923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653822)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653822/; classtype:trojan-activity;sid:84516922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653820)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pdffactory_pro_setup/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653820/; classtype:trojan-activity;sid:84516920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653818/; classtype:trojan-activity;sid:84516918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653819/; classtype:trojan-activity;sid:84516919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653815)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653815/; classtype:trojan-activity;sid:84516915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653814)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.239.7.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653814/; classtype:trojan-activity;sid:84516914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653813)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653813/; classtype:trojan-activity;sid:84516913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653809/; classtype:trojan-activity;sid:84516909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653806/; classtype:trojan-activity;sid:84516906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653804)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653804/; classtype:trojan-activity;sid:84516904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653805)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653805/; classtype:trojan-activity;sid:84516905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653803)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653803/; classtype:trojan-activity;sid:84516903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653802)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653802/; classtype:trojan-activity;sid:84516902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653799)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653799/; classtype:trojan-activity;sid:84516899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653800)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653800/; classtype:trojan-activity;sid:84516900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653796)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231113-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653796/; classtype:trojan-activity;sid:84516896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653798)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653798/; classtype:trojan-activity;sid:84516898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653794/; classtype:trojan-activity;sid:84516894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653795)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250630-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653795/; classtype:trojan-activity;sid:84516895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653792/; classtype:trojan-activity;sid:84516892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653793)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250301-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653793/; classtype:trojan-activity;sid:84516893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653791)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653791/; classtype:trojan-activity;sid:84516891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653790/; classtype:trojan-activity;sid:84516890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653788)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653788/; classtype:trojan-activity;sid:84516888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653784)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240903-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653784/; classtype:trojan-activity;sid:84516884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653785/; classtype:trojan-activity;sid:84516885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653786)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653786/; classtype:trojan-activity;sid:84516886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653783/; classtype:trojan-activity;sid:84516883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653782/; classtype:trojan-activity;sid:84516882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653781)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653781/; classtype:trojan-activity;sid:84516881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653780/; classtype:trojan-activity;sid:84516880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653777)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653777/; classtype:trojan-activity;sid:84516877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653778)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653778/; classtype:trojan-activity;sid:84516878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653775)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653775/; classtype:trojan-activity;sid:84516875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653774/; classtype:trojan-activity;sid:84516874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653772)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653772/; classtype:trojan-activity;sid:84516872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653768)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653768/; classtype:trojan-activity;sid:84516868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653769)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241219-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653769/; classtype:trojan-activity;sid:84516869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653770)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653770/; classtype:trojan-activity;sid:84516870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653767)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653767/; classtype:trojan-activity;sid:84516867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653763)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653763/; classtype:trojan-activity;sid:84516863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653764)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653764/; classtype:trojan-activity;sid:84516864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653761/; classtype:trojan-activity;sid:84516861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653759)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653759/; classtype:trojan-activity;sid:84516859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653760)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653760/; classtype:trojan-activity;sid:84516860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653758/; classtype:trojan-activity;sid:84516858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653756)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653756/; classtype:trojan-activity;sid:84516856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653755)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653755/; classtype:trojan-activity;sid:84516855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653752)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0800/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653752/; classtype:trojan-activity;sid:84516852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653753/; classtype:trojan-activity;sid:84516853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653751/; classtype:trojan-activity;sid:84516851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653749)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653749/; classtype:trojan-activity;sid:84516849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653748)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653748/; classtype:trojan-activity;sid:84516848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653747)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653747/; classtype:trojan-activity;sid:84516847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653746)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653746/; classtype:trojan-activity;sid:84516846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653745)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653745/; classtype:trojan-activity;sid:84516845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653744)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653744/; classtype:trojan-activity;sid:84516844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653743)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653743/; classtype:trojan-activity;sid:84516843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653742)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653742/; classtype:trojan-activity;sid:84516842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653741/; classtype:trojan-activity;sid:84516841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653740)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tx/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653740/; classtype:trojan-activity;sid:84516840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653739)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653739/; classtype:trojan-activity;sid:84516839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653737/; classtype:trojan-activity;sid:84516837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653738)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653738/; classtype:trojan-activity;sid:84516838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653735)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653735/; classtype:trojan-activity;sid:84516835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653734/; classtype:trojan-activity;sid:84516834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653733)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653733/; classtype:trojan-activity;sid:84516833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653732/; classtype:trojan-activity;sid:84516832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653730/; classtype:trojan-activity;sid:84516830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653729)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653729/; classtype:trojan-activity;sid:84516829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653728/; classtype:trojan-activity;sid:84516828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653725/; classtype:trojan-activity;sid:84516825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653724)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653724/; classtype:trojan-activity;sid:84516824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653720)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653720/; classtype:trojan-activity;sid:84516820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653721)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653721/; classtype:trojan-activity;sid:84516821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653719)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653719/; classtype:trojan-activity;sid:84516819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653717)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653717/; classtype:trojan-activity;sid:84516817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653716)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653716/; classtype:trojan-activity;sid:84516816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653715)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653715/; classtype:trojan-activity;sid:84516815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653713)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653713/; classtype:trojan-activity;sid:84516813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653714)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653714/; classtype:trojan-activity;sid:84516814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653712)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653712/; classtype:trojan-activity;sid:84516812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653709)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653709/; classtype:trojan-activity;sid:84516809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653708)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/x64/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653708/; classtype:trojan-activity;sid:84516808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653707/; classtype:trojan-activity;sid:84516807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653705)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653705/; classtype:trojan-activity;sid:84516805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653706)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240131-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653706/; classtype:trojan-activity;sid:84516806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653704/; classtype:trojan-activity;sid:84516804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653703)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653703/; classtype:trojan-activity;sid:84516803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653702/; classtype:trojan-activity;sid:84516802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653701)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653701/; classtype:trojan-activity;sid:84516801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653698)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653698/; classtype:trojan-activity;sid:84516798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653697)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653697/; classtype:trojan-activity;sid:84516797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653696/; classtype:trojan-activity;sid:84516796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653695/; classtype:trojan-activity;sid:84516795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653694)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653694/; classtype:trojan-activity;sid:84516794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653693/; classtype:trojan-activity;sid:84516793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653690)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653690/; classtype:trojan-activity;sid:84516790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653686)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653686/; classtype:trojan-activity;sid:84516786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653687)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653687/; classtype:trojan-activity;sid:84516787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653685/; classtype:trojan-activity;sid:84516785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653684)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653684/; classtype:trojan-activity;sid:84516784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653681/; classtype:trojan-activity;sid:84516781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653682)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240726-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653682/; classtype:trojan-activity;sid:84516782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653680)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653680/; classtype:trojan-activity;sid:84516780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653679)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653679/; classtype:trojan-activity;sid:84516779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653676)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653676/; classtype:trojan-activity;sid:84516776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653675/; classtype:trojan-activity;sid:84516775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653674)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653674/; classtype:trojan-activity;sid:84516774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653672)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653672/; classtype:trojan-activity;sid:84516772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653670)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653670/; classtype:trojan-activity;sid:84516770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653671/; classtype:trojan-activity;sid:84516771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653669)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653669/; classtype:trojan-activity;sid:84516769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653664)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653664/; classtype:trojan-activity;sid:84516764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653665/; classtype:trojan-activity;sid:84516765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653666)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653666/; classtype:trojan-activity;sid:84516766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653662)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653662/; classtype:trojan-activity;sid:84516762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653663)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653663/; classtype:trojan-activity;sid:84516763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653661)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653661/; classtype:trojan-activity;sid:84516761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653660)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653660/; classtype:trojan-activity;sid:84516760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653659)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653659/; classtype:trojan-activity;sid:84516759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653656)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653656/; classtype:trojan-activity;sid:84516756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653658)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653658/; classtype:trojan-activity;sid:84516758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653655)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653655/; classtype:trojan-activity;sid:84516755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653653)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653653/; classtype:trojan-activity;sid:84516753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653654)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653654/; classtype:trojan-activity;sid:84516754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653649/; classtype:trojan-activity;sid:84516749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653650/; classtype:trojan-activity;sid:84516750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653652)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653652/; classtype:trojan-activity;sid:84516752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653647)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653647/; classtype:trojan-activity;sid:84516747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653648)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/famen/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653648/; classtype:trojan-activity;sid:84516748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653644)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653644/; classtype:trojan-activity;sid:84516744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653645)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653645/; classtype:trojan-activity;sid:84516745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653640/; classtype:trojan-activity;sid:84516740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653636/; classtype:trojan-activity;sid:84516736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653637)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653637/; classtype:trojan-activity;sid:84516737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653638)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653638/; classtype:trojan-activity;sid:84516738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653634)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653634/; classtype:trojan-activity;sid:84516734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653632)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653632/; classtype:trojan-activity;sid:84516732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653629)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653629/; classtype:trojan-activity;sid:84516729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653627)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653627/; classtype:trojan-activity;sid:84516727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653628)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.38.185.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653628/; classtype:trojan-activity;sid:84516728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653620/; classtype:trojan-activity;sid:84516720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653621)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653621/; classtype:trojan-activity;sid:84516721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653622)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653622/; classtype:trojan-activity;sid:84516722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653615/; classtype:trojan-activity;sid:84516715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653616/; classtype:trojan-activity;sid:84516716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653613/; classtype:trojan-activity;sid:84516713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653614/; classtype:trojan-activity;sid:84516714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653610)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.228.75.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653610/; classtype:trojan-activity;sid:84516710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653611)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653611/; classtype:trojan-activity;sid:84516711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653612)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653612/; classtype:trojan-activity;sid:84516712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653606/; classtype:trojan-activity;sid:84516706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653607)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653607/; classtype:trojan-activity;sid:84516707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653605/; classtype:trojan-activity;sid:84516705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653603/; classtype:trojan-activity;sid:84516703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653602/; classtype:trojan-activity;sid:84516702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653599/; classtype:trojan-activity;sid:84516699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653600)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653600/; classtype:trojan-activity;sid:84516700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653598/; classtype:trojan-activity;sid:84516698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653597)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250421-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653597/; classtype:trojan-activity;sid:84516697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653596)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653596/; classtype:trojan-activity;sid:84516696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653595/; classtype:trojan-activity;sid:84516695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653594)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653594/; classtype:trojan-activity;sid:84516694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-12-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653593/; classtype:trojan-activity;sid:84516693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653592)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250211-041/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653592/; classtype:trojan-activity;sid:84516692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653589)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/90/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653589/; classtype:trojan-activity;sid:84516689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653588)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653588/; classtype:trojan-activity;sid:84516688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653586/; classtype:trojan-activity;sid:84516686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653585/; classtype:trojan-activity;sid:84516685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653584)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653584/; classtype:trojan-activity;sid:84516684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653580)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653580/; classtype:trojan-activity;sid:84516680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653581)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653581/; classtype:trojan-activity;sid:84516681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653582)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653582/; classtype:trojan-activity;sid:84516682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653579)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653579/; classtype:trojan-activity;sid:84516679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653578/; classtype:trojan-activity;sid:84516678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653577/; classtype:trojan-activity;sid:84516677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653576)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653576/; classtype:trojan-activity;sid:84516676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653575)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653575/; classtype:trojan-activity;sid:84516675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653573)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653573/; classtype:trojan-activity;sid:84516673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653574)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653574/; classtype:trojan-activity;sid:84516674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653571)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241007-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653571/; classtype:trojan-activity;sid:84516671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653572)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653572/; classtype:trojan-activity;sid:84516672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653570)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653570/; classtype:trojan-activity;sid:84516670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653569)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653569/; classtype:trojan-activity;sid:84516669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653567)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241008-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653567/; classtype:trojan-activity;sid:84516667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653568)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653568/; classtype:trojan-activity;sid:84516668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653566)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653566/; classtype:trojan-activity;sid:84516666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653565)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653565/; classtype:trojan-activity;sid:84516665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653564)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia-tuzhi/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653564/; classtype:trojan-activity;sid:84516664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653563)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653563/; classtype:trojan-activity;sid:84516663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653562)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653562/; classtype:trojan-activity;sid:84516662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653560)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653560/; classtype:trojan-activity;sid:84516660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653561)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250616-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653561/; classtype:trojan-activity;sid:84516661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653559)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653559/; classtype:trojan-activity;sid:84516659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653558)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653558/; classtype:trojan-activity;sid:84516658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653556)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653556/; classtype:trojan-activity;sid:84516656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653557)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653557/; classtype:trojan-activity;sid:84516657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653555/; classtype:trojan-activity;sid:84516655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653554)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653554/; classtype:trojan-activity;sid:84516654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653553)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653553/; classtype:trojan-activity;sid:84516653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653551)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653551/; classtype:trojan-activity;sid:84516651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653552)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/ppw0200/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653552/; classtype:trojan-activity;sid:84516652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653550/; classtype:trojan-activity;sid:84516650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653548)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653548/; classtype:trojan-activity;sid:84516648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653547/; classtype:trojan-activity;sid:84516647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653546/; classtype:trojan-activity;sid:84516646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653544)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241130-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653544/; classtype:trojan-activity;sid:84516644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653545)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653545/; classtype:trojan-activity;sid:84516645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653543)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653543/; classtype:trojan-activity;sid:84516643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653538)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653538/; classtype:trojan-activity;sid:84516638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653539)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653539/; classtype:trojan-activity;sid:84516639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653540)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653540/; classtype:trojan-activity;sid:84516640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653537/; classtype:trojan-activity;sid:84516637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653536)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653536/; classtype:trojan-activity;sid:84516636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653532)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653532/; classtype:trojan-activity;sid:84516632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653533)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653533/; classtype:trojan-activity;sid:84516633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653530/; classtype:trojan-activity;sid:84516630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653531)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653531/; classtype:trojan-activity;sid:84516631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653529)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653529/; classtype:trojan-activity;sid:84516629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653528)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653528/; classtype:trojan-activity;sid:84516628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653525/; classtype:trojan-activity;sid:84516625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653526/; classtype:trojan-activity;sid:84516626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653523)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653523/; classtype:trojan-activity;sid:84516623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653522)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653522/; classtype:trojan-activity;sid:84516622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653521)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653521/; classtype:trojan-activity;sid:84516621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653519)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653519/; classtype:trojan-activity;sid:84516619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653518/; classtype:trojan-activity;sid:84516618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653517)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653517/; classtype:trojan-activity;sid:84516617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653515)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653515/; classtype:trojan-activity;sid:84516615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653514)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653514/; classtype:trojan-activity;sid:84516614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653513)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653513/; classtype:trojan-activity;sid:84516613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653509)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/2052/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653509/; classtype:trojan-activity;sid:84516609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653510)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653510/; classtype:trojan-activity;sid:84516610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653511)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653511/; classtype:trojan-activity;sid:84516611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653506)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653506/; classtype:trojan-activity;sid:84516606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653507)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653507/; classtype:trojan-activity;sid:84516607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653508/; classtype:trojan-activity;sid:84516608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653505)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653505/; classtype:trojan-activity;sid:84516605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653504)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653504/; classtype:trojan-activity;sid:84516604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653503)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/zh-chs/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653503/; classtype:trojan-activity;sid:84516603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653502/; classtype:trojan-activity;sid:84516602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653500/; classtype:trojan-activity;sid:84516600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653501)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653501/; classtype:trojan-activity;sid:84516601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653497)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653497/; classtype:trojan-activity;sid:84516597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653496)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653496/; classtype:trojan-activity;sid:84516596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653495/; classtype:trojan-activity;sid:84516595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653494/; classtype:trojan-activity;sid:84516594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653493)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653493/; classtype:trojan-activity;sid:84516593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653492/; classtype:trojan-activity;sid:84516592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653490)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653490/; classtype:trojan-activity;sid:84516590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653489/; classtype:trojan-activity;sid:84516589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653487/; classtype:trojan-activity;sid:84516587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653486)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653486/; classtype:trojan-activity;sid:84516586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653485/; classtype:trojan-activity;sid:84516585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653484)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653484/; classtype:trojan-activity;sid:84516584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653482/; classtype:trojan-activity;sid:84516582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653481)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653481/; classtype:trojan-activity;sid:84516581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653480)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/syswow64/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653480/; classtype:trojan-activity;sid:84516580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653479/; classtype:trojan-activity;sid:84516579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653478)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653478/; classtype:trojan-activity;sid:84516578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653477)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653477/; classtype:trojan-activity;sid:84516577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653476)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250110-100/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653476/; classtype:trojan-activity;sid:84516576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653474)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653474/; classtype:trojan-activity;sid:84516574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653473/; classtype:trojan-activity;sid:84516573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653470)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653470/; classtype:trojan-activity;sid:84516570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653471)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653471/; classtype:trojan-activity;sid:84516571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653468)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653468/; classtype:trojan-activity;sid:84516568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653469)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653469/; classtype:trojan-activity;sid:84516569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653467)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653467/; classtype:trojan-activity;sid:84516567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653465/; classtype:trojan-activity;sid:84516565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653466/; classtype:trojan-activity;sid:84516566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653464/; classtype:trojan-activity;sid:84516564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653463)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0900/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653463/; classtype:trojan-activity;sid:84516563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653460)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/saomiao/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653460/; classtype:trojan-activity;sid:84516560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653461)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653461/; classtype:trojan-activity;sid:84516561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653462)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653462/; classtype:trojan-activity;sid:84516562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653459)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653459/; classtype:trojan-activity;sid:84516559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653457)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653457/; classtype:trojan-activity;sid:84516557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653454)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653454/; classtype:trojan-activity;sid:84516554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653455)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/fonts/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653455/; classtype:trojan-activity;sid:84516555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653456)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241019-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653456/; classtype:trojan-activity;sid:84516556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653451)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653451/; classtype:trojan-activity;sid:84516551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653452)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653452/; classtype:trojan-activity;sid:84516552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653450)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653450/; classtype:trojan-activity;sid:84516550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653448)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653448/; classtype:trojan-activity;sid:84516548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653449)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653449/; classtype:trojan-activity;sid:84516549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653445)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653445/; classtype:trojan-activity;sid:84516545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653446)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1050/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653446/; classtype:trojan-activity;sid:84516546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653447)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653447/; classtype:trojan-activity;sid:84516547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653444)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653444/; classtype:trojan-activity;sid:84516544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653443)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653443/; classtype:trojan-activity;sid:84516543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653442)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653442/; classtype:trojan-activity;sid:84516542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653440/; classtype:trojan-activity;sid:84516540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653441)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653441/; classtype:trojan-activity;sid:84516541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653438)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653438/; classtype:trojan-activity;sid:84516538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653435)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653435/; classtype:trojan-activity;sid:84516535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653436)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653436/; classtype:trojan-activity;sid:84516536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653437)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653437/; classtype:trojan-activity;sid:84516537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653434)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653434/; classtype:trojan-activity;sid:84516534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653431)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653431/; classtype:trojan-activity;sid:84516531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653433)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653433/; classtype:trojan-activity;sid:84516533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653428)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653428/; classtype:trojan-activity;sid:84516528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653429)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653429/; classtype:trojan-activity;sid:84516529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653430)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653430/; classtype:trojan-activity;sid:84516530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653426)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653426/; classtype:trojan-activity;sid:84516526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653425)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653425/; classtype:trojan-activity;sid:84516525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653422)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653422/; classtype:trojan-activity;sid:84516522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653423)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653423/; classtype:trojan-activity;sid:84516523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653424)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653424/; classtype:trojan-activity;sid:84516524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653419)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653419/; classtype:trojan-activity;sid:84516519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653420)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/powershell/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653420/; classtype:trojan-activity;sid:84516520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653421)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653421/; classtype:trojan-activity;sid:84516521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653416)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250331-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653416/; classtype:trojan-activity;sid:84516516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653418)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653418/; classtype:trojan-activity;sid:84516518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653415)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653415/; classtype:trojan-activity;sid:84516515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653412)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653412/; classtype:trojan-activity;sid:84516512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653413)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653413/; classtype:trojan-activity;sid:84516513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653414)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241105-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653414/; classtype:trojan-activity;sid:84516514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653411)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653411/; classtype:trojan-activity;sid:84516511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653409)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653409/; classtype:trojan-activity;sid:84516509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653410)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653410/; classtype:trojan-activity;sid:84516510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653408/; classtype:trojan-activity;sid:84516508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653401)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/scd/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653401/; classtype:trojan-activity;sid:84516501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653402)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653402/; classtype:trojan-activity;sid:84516502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653404)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653404/; classtype:trojan-activity;sid:84516504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653406)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653406/; classtype:trojan-activity;sid:84516506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653400/; classtype:trojan-activity;sid:84516500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653397)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0700/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653397/; classtype:trojan-activity;sid:84516497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653394)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653394/; classtype:trojan-activity;sid:84516494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653395)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653395/; classtype:trojan-activity;sid:84516495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653396)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653396/; classtype:trojan-activity;sid:84516496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653390)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653390/; classtype:trojan-activity;sid:84516490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-25/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653391/; classtype:trojan-activity;sid:84516491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653385)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653385/; classtype:trojan-activity;sid:84516485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653386)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653386/; classtype:trojan-activity;sid:84516486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653388)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653388/; classtype:trojan-activity;sid:84516488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653382)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653382/; classtype:trojan-activity;sid:84516482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653383/; classtype:trojan-activity;sid:84516483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653380/; classtype:trojan-activity;sid:84516480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653381)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653381/; classtype:trojan-activity;sid:84516481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653377)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653377/; classtype:trojan-activity;sid:84516477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653378)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653378/; classtype:trojan-activity;sid:84516478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653379)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653379/; classtype:trojan-activity;sid:84516479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653375)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241225-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653375/; classtype:trojan-activity;sid:84516475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653376)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653376/; classtype:trojan-activity;sid:84516476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653373)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653373/; classtype:trojan-activity;sid:84516473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653372)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241230-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653372/; classtype:trojan-activity;sid:84516472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653370/; classtype:trojan-activity;sid:84516470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653367)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653367/; classtype:trojan-activity;sid:84516467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653368)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/ylcgd/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653368/; classtype:trojan-activity;sid:84516468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653369)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653369/; classtype:trojan-activity;sid:84516469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653366/; classtype:trojan-activity;sid:84516466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653365/; classtype:trojan-activity;sid:84516465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653363/; classtype:trojan-activity;sid:84516463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653364)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653364/; classtype:trojan-activity;sid:84516464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653358)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653358/; classtype:trojan-activity;sid:84516458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653359)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653359/; classtype:trojan-activity;sid:84516459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653360)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653360/; classtype:trojan-activity;sid:84516460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653361)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653361/; classtype:trojan-activity;sid:84516461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653362)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653362/; classtype:trojan-activity;sid:84516462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653357)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653357/; classtype:trojan-activity;sid:84516457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653354)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653354/; classtype:trojan-activity;sid:84516454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653355)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653355/; classtype:trojan-activity;sid:84516455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653356)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653356/; classtype:trojan-activity;sid:84516456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653353)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/ppw0200/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653353/; classtype:trojan-activity;sid:84516453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653352/; classtype:trojan-activity;sid:84516452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653350)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653350/; classtype:trojan-activity;sid:84516450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653349/; classtype:trojan-activity;sid:84516449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653348)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653348/; classtype:trojan-activity;sid:84516448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653344)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653344/; classtype:trojan-activity;sid:84516444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653345)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/gac_32/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653345/; classtype:trojan-activity;sid:84516445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653346)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653346/; classtype:trojan-activity;sid:84516446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653347/; classtype:trojan-activity;sid:84516447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653343/; classtype:trojan-activity;sid:84516443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653336)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653336/; classtype:trojan-activity;sid:84516436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653337)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653337/; classtype:trojan-activity;sid:84516437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653338)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653338/; classtype:trojan-activity;sid:84516438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653340)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653340/; classtype:trojan-activity;sid:84516440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653341)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653341/; classtype:trojan-activity;sid:84516441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653334)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653334/; classtype:trojan-activity;sid:84516434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653335)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653335/; classtype:trojan-activity;sid:84516435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653333/; classtype:trojan-activity;sid:84516433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653328)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653328/; classtype:trojan-activity;sid:84516428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653329)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230327-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653329/; classtype:trojan-activity;sid:84516429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653330)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653330/; classtype:trojan-activity;sid:84516430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653331)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653331/; classtype:trojan-activity;sid:84516431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653332)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240708-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653332/; classtype:trojan-activity;sid:84516432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653327)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653327/; classtype:trojan-activity;sid:84516427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653326)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653326/; classtype:trojan-activity;sid:84516426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653325)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653325/; classtype:trojan-activity;sid:84516425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653324)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/language/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653324/; classtype:trojan-activity;sid:84516424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653321)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653321/; classtype:trojan-activity;sid:84516421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653322)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653322/; classtype:trojan-activity;sid:84516422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653323/; classtype:trojan-activity;sid:84516423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653320)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653320/; classtype:trojan-activity;sid:84516420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653319)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250617-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653319/; classtype:trojan-activity;sid:84516419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653317)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653317/; classtype:trojan-activity;sid:84516417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653318)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653318/; classtype:trojan-activity;sid:84516418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653316)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241017-114/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653316/; classtype:trojan-activity;sid:84516416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653315)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653315/; classtype:trojan-activity;sid:84516415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653310/; classtype:trojan-activity;sid:84516410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653311/; classtype:trojan-activity;sid:84516411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653312)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653312/; classtype:trojan-activity;sid:84516412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653308)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653308/; classtype:trojan-activity;sid:84516408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653309)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653309/; classtype:trojan-activity;sid:84516409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653306)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0700/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653306/; classtype:trojan-activity;sid:84516406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653307)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653307/; classtype:trojan-activity;sid:84516407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653303/; classtype:trojan-activity;sid:84516403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653304/; classtype:trojan-activity;sid:84516404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-09-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653302/; classtype:trojan-activity;sid:84516402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653301/; classtype:trojan-activity;sid:84516401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653295)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653295/; classtype:trojan-activity;sid:84516395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653296)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653296/; classtype:trojan-activity;sid:84516396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653298)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653298/; classtype:trojan-activity;sid:84516398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653299)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653299/; classtype:trojan-activity;sid:84516399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653293/; classtype:trojan-activity;sid:84516393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653294)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653294/; classtype:trojan-activity;sid:84516394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653292)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653292/; classtype:trojan-activity;sid:84516392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653291)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230904-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653291/; classtype:trojan-activity;sid:84516391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653290/; classtype:trojan-activity;sid:84516390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653289/; classtype:trojan-activity;sid:84516389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653287)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653287/; classtype:trojan-activity;sid:84516387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653288/; classtype:trojan-activity;sid:84516388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653283)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/powershell/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653283/; classtype:trojan-activity;sid:84516383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653284)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653284/; classtype:trojan-activity;sid:84516384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653285)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653285/; classtype:trojan-activity;sid:84516385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653286)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/2052/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653286/; classtype:trojan-activity;sid:84516386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653281/; classtype:trojan-activity;sid:84516381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653282)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653282/; classtype:trojan-activity;sid:84516382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-09-03/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653279/; classtype:trojan-activity;sid:84516379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653280)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653280/; classtype:trojan-activity;sid:84516380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653278/; classtype:trojan-activity;sid:84516378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653273)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653273/; classtype:trojan-activity;sid:84516373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653275)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653275/; classtype:trojan-activity;sid:84516375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653276)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250628-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653276/; classtype:trojan-activity;sid:84516376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653277)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240914-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653277/; classtype:trojan-activity;sid:84516377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653271/; classtype:trojan-activity;sid:84516371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653269)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653269/; classtype:trojan-activity;sid:84516369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653270)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653270/; classtype:trojan-activity;sid:84516370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653268)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653268/; classtype:trojan-activity;sid:84516368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653265)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653265/; classtype:trojan-activity;sid:84516365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653266)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653266/; classtype:trojan-activity;sid:84516366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653264/; classtype:trojan-activity;sid:84516364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653262)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653262/; classtype:trojan-activity;sid:84516362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653263)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241017-088/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653263/; classtype:trojan-activity;sid:84516363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653261)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653261/; classtype:trojan-activity;sid:84516361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653259)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653259/; classtype:trojan-activity;sid:84516359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653258)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653258/; classtype:trojan-activity;sid:84516358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653256)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653256/; classtype:trojan-activity;sid:84516356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653255)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/windows%20installer/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653255/; classtype:trojan-activity;sid:84516355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653253)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653253/; classtype:trojan-activity;sid:84516353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653254)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/powershell/ia64/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653254/; classtype:trojan-activity;sid:84516354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653252)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653252/; classtype:trojan-activity;sid:84516352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653251)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653251/; classtype:trojan-activity;sid:84516351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653247)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653247/; classtype:trojan-activity;sid:84516347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653248/; classtype:trojan-activity;sid:84516348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653250/; classtype:trojan-activity;sid:84516350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653245)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250610-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653245/; classtype:trojan-activity;sid:84516345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653246)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653246/; classtype:trojan-activity;sid:84516346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653242)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653242/; classtype:trojan-activity;sid:84516342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653243/; classtype:trojan-activity;sid:84516343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653241)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240913-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653241/; classtype:trojan-activity;sid:84516341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653240)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653240/; classtype:trojan-activity;sid:84516340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653239)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653239/; classtype:trojan-activity;sid:84516339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653238/; classtype:trojan-activity;sid:84516338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653235)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653235/; classtype:trojan-activity;sid:84516335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653236)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653236/; classtype:trojan-activity;sid:84516336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653237)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/language/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653237/; classtype:trojan-activity;sid:84516337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653232)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653232/; classtype:trojan-activity;sid:84516332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653233)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653233/; classtype:trojan-activity;sid:84516333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653234/; classtype:trojan-activity;sid:84516334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653230)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653230/; classtype:trojan-activity;sid:84516330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653231)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653231/; classtype:trojan-activity;sid:84516331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653229)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653229/; classtype:trojan-activity;sid:84516329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653228)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653228/; classtype:trojan-activity;sid:84516328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653226)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653226/; classtype:trojan-activity;sid:84516326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653227)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653227/; classtype:trojan-activity;sid:84516327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653225)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241031-080/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653225/; classtype:trojan-activity;sid:84516325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653218)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653218/; classtype:trojan-activity;sid:84516318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653219)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653219/; classtype:trojan-activity;sid:84516319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653220)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653220/; classtype:trojan-activity;sid:84516320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653221)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653221/; classtype:trojan-activity;sid:84516321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653222)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653222/; classtype:trojan-activity;sid:84516322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653216)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653216/; classtype:trojan-activity;sid:84516316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653217)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653217/; classtype:trojan-activity;sid:84516317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653214)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653214/; classtype:trojan-activity;sid:84516314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653212)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240111-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653212/; classtype:trojan-activity;sid:84516312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653213)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/gac_32/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653213/; classtype:trojan-activity;sid:84516313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653210)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/upgrade%20advisor/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653210/; classtype:trojan-activity;sid:84516310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653211)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw90/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653211/; classtype:trojan-activity;sid:84516311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653208/; classtype:trojan-activity;sid:84516308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653209)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653209/; classtype:trojan-activity;sid:84516309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653205/; classtype:trojan-activity;sid:84516305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653204/; classtype:trojan-activity;sid:84516304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653203)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653203/; classtype:trojan-activity;sid:84516303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653199)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653199/; classtype:trojan-activity;sid:84516299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653200)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240131-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653200/; classtype:trojan-activity;sid:84516300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653201)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653201/; classtype:trojan-activity;sid:84516301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653202)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653202/; classtype:trojan-activity;sid:84516302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653198)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653198/; classtype:trojan-activity;sid:84516298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653195)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653195/; classtype:trojan-activity;sid:84516295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653192)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241029-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653192/; classtype:trojan-activity;sid:84516292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653193)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653193/; classtype:trojan-activity;sid:84516293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653194)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653194/; classtype:trojan-activity;sid:84516294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653190)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231116-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653190/; classtype:trojan-activity;sid:84516290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653191)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653191/; classtype:trojan-activity;sid:84516291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653189)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653189/; classtype:trojan-activity;sid:84516289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653187)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653187/; classtype:trojan-activity;sid:84516287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653188)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653188/; classtype:trojan-activity;sid:84516288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653182)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/1033/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653182/; classtype:trojan-activity;sid:84516282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653183/; classtype:trojan-activity;sid:84516283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653184)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/watson/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653184/; classtype:trojan-activity;sid:84516284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653185)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653185/; classtype:trojan-activity;sid:84516285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653186)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653186/; classtype:trojan-activity;sid:84516286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653180)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653180/; classtype:trojan-activity;sid:84516280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653181)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653181/; classtype:trojan-activity;sid:84516281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653179/; classtype:trojan-activity;sid:84516279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653178/; classtype:trojan-activity;sid:84516278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653176/; classtype:trojan-activity;sid:84516276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653174)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250513-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653174/; classtype:trojan-activity;sid:84516274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653175)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653175/; classtype:trojan-activity;sid:84516275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653173/; classtype:trojan-activity;sid:84516273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653169/; classtype:trojan-activity;sid:84516269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653172/; classtype:trojan-activity;sid:84516272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653162)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/tools/binn/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653162/; classtype:trojan-activity;sid:84516262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653163/; classtype:trojan-activity;sid:84516263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653164)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/2052/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653164/; classtype:trojan-activity;sid:84516264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653165/; classtype:trojan-activity;sid:84516265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653166/; classtype:trojan-activity;sid:84516266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653160/; classtype:trojan-activity;sid:84516260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653161/; classtype:trojan-activity;sid:84516261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653156/; classtype:trojan-activity;sid:84516256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653157)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653157/; classtype:trojan-activity;sid:84516257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653158)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240903-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653158/; classtype:trojan-activity;sid:84516258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653154)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/en/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653154/; classtype:trojan-activity;sid:84516254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653155/; classtype:trojan-activity;sid:84516255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653153)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653153/; classtype:trojan-activity;sid:84516253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653152/; classtype:trojan-activity;sid:84516252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653151/; classtype:trojan-activity;sid:84516251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653150)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653150/; classtype:trojan-activity;sid:84516250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653149/; classtype:trojan-activity;sid:84516249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653147)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653147/; classtype:trojan-activity;sid:84516247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653148/; classtype:trojan-activity;sid:84516248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653146)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653146/; classtype:trojan-activity;sid:84516246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653145)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653145/; classtype:trojan-activity;sid:84516245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653144)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653144/; classtype:trojan-activity;sid:84516244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653143/; classtype:trojan-activity;sid:84516243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653141)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240827-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653141/; classtype:trojan-activity;sid:84516241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653142)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653142/; classtype:trojan-activity;sid:84516242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653140/; classtype:trojan-activity;sid:84516240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653138)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/x86/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653138/; classtype:trojan-activity;sid:84516238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653139)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653139/; classtype:trojan-activity;sid:84516239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653137/; classtype:trojan-activity;sid:84516237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653135)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653135/; classtype:trojan-activity;sid:84516235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653136/; classtype:trojan-activity;sid:84516236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653134)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653134/; classtype:trojan-activity;sid:84516234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653133)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653133/; classtype:trojan-activity;sid:84516233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653132/; classtype:trojan-activity;sid:84516232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653129)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653129/; classtype:trojan-activity;sid:84516229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653128)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sbillno/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653128/; classtype:trojan-activity;sid:84516228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653122)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653122/; classtype:trojan-activity;sid:84516222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653123)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241024-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653123/; classtype:trojan-activity;sid:84516223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653124)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653124/; classtype:trojan-activity;sid:84516224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653125)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653125/; classtype:trojan-activity;sid:84516225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653119)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653119/; classtype:trojan-activity;sid:84516219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653120)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653120/; classtype:trojan-activity;sid:84516220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653114/; classtype:trojan-activity;sid:84516214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653115)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653115/; classtype:trojan-activity;sid:84516215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653116)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653116/; classtype:trojan-activity;sid:84516216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653117)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/zh-chs/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653117/; classtype:trojan-activity;sid:84516217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653112)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653112/; classtype:trojan-activity;sid:84516212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653113)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653113/; classtype:trojan-activity;sid:84516213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653109)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/2052/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653109/; classtype:trojan-activity;sid:84516209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653110)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653110/; classtype:trojan-activity;sid:84516210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653111/; classtype:trojan-activity;sid:84516211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653107/; classtype:trojan-activity;sid:84516207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653108)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250702-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653108/; classtype:trojan-activity;sid:84516208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653104/; classtype:trojan-activity;sid:84516204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653105)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653105/; classtype:trojan-activity;sid:84516205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653102)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/1033/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653102/; classtype:trojan-activity;sid:84516202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653103)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653103/; classtype:trojan-activity;sid:84516203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653100)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653100/; classtype:trojan-activity;sid:84516200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653099)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653099/; classtype:trojan-activity;sid:84516199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653097/; classtype:trojan-activity;sid:84516197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653098)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653098/; classtype:trojan-activity;sid:84516198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653095)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653095/; classtype:trojan-activity;sid:84516195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653096)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653096/; classtype:trojan-activity;sid:84516196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653094/; classtype:trojan-activity;sid:84516194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653092)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231008-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653092/; classtype:trojan-activity;sid:84516192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653090)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653090/; classtype:trojan-activity;sid:84516190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653087)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653087/; classtype:trojan-activity;sid:84516187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653088)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653088/; classtype:trojan-activity;sid:84516188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653089)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/x64/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653089/; classtype:trojan-activity;sid:84516189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653084)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653084/; classtype:trojan-activity;sid:84516184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653085)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250626-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653085/; classtype:trojan-activity;sid:84516185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653086)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653086/; classtype:trojan-activity;sid:84516186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653082)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653082/; classtype:trojan-activity;sid:84516182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653081)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/binn/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653081/; classtype:trojan-activity;sid:84516181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653080)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230712-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653080/; classtype:trojan-activity;sid:84516180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653079/; classtype:trojan-activity;sid:84516179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653078)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653078/; classtype:trojan-activity;sid:84516178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653077)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653077/; classtype:trojan-activity;sid:84516177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653074)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653074/; classtype:trojan-activity;sid:84516174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653071)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653071/; classtype:trojan-activity;sid:84516171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653072/; classtype:trojan-activity;sid:84516172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653070)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653070/; classtype:trojan-activity;sid:84516170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-05-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653069/; classtype:trojan-activity;sid:84516169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653067)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653067/; classtype:trojan-activity;sid:84516167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653068)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia-kancha/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653068/; classtype:trojan-activity;sid:84516168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653066/; classtype:trojan-activity;sid:84516166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653064)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653064/; classtype:trojan-activity;sid:84516164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653060)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653060/; classtype:trojan-activity;sid:84516160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653061)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/upgrade%20advisor/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653061/; classtype:trojan-activity;sid:84516161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653062)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653062/; classtype:trojan-activity;sid:84516162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653063)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653063/; classtype:trojan-activity;sid:84516163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653057)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653057/; classtype:trojan-activity;sid:84516157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653056/; classtype:trojan-activity;sid:84516156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653054/; classtype:trojan-activity;sid:84516154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653050)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653050/; classtype:trojan-activity;sid:84516150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653051/; classtype:trojan-activity;sid:84516151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653052)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653052/; classtype:trojan-activity;sid:84516152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653047/; classtype:trojan-activity;sid:84516147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653048)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653048/; classtype:trojan-activity;sid:84516148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-05-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653049/; classtype:trojan-activity;sid:84516149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653046)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653046/; classtype:trojan-activity;sid:84516146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653044/; classtype:trojan-activity;sid:84516144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653043)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653043/; classtype:trojan-activity;sid:84516143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653041/; classtype:trojan-activity;sid:84516141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653042/; classtype:trojan-activity;sid:84516142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653036)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653036/; classtype:trojan-activity;sid:84516136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653037/; classtype:trojan-activity;sid:84516137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653038/; classtype:trojan-activity;sid:84516138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653033)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653033/; classtype:trojan-activity;sid:84516133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653034)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653034/; classtype:trojan-activity;sid:84516134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653035)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653035/; classtype:trojan-activity;sid:84516135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653032/; classtype:trojan-activity;sid:84516132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653027)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240417-165/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653027/; classtype:trojan-activity;sid:84516127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653028)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100_beta1/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653028/; classtype:trojan-activity;sid:84516128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653029/; classtype:trojan-activity;sid:84516129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653025/; classtype:trojan-activity;sid:84516125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653026)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653026/; classtype:trojan-activity;sid:84516126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653024)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653024/; classtype:trojan-activity;sid:84516124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653016/; classtype:trojan-activity;sid:84516116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653019)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653019/; classtype:trojan-activity;sid:84516119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653020)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653020/; classtype:trojan-activity;sid:84516120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653021/; classtype:trojan-activity;sid:84516121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653013/; classtype:trojan-activity;sid:84516113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653014)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653014/; classtype:trojan-activity;sid:84516114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653015)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653015/; classtype:trojan-activity;sid:84516115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-02-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653011/; classtype:trojan-activity;sid:84516111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653012)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653012/; classtype:trojan-activity;sid:84516112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653009)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1200/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653009/; classtype:trojan-activity;sid:84516109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653010)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653010/; classtype:trojan-activity;sid:84516110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653007)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653007/; classtype:trojan-activity;sid:84516107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-02/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653006/; classtype:trojan-activity;sid:84516106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652999/; classtype:trojan-activity;sid:84516099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653000)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653000/; classtype:trojan-activity;sid:84516100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653001)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653001/; classtype:trojan-activity;sid:84516101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653002)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653002/; classtype:trojan-activity;sid:84516102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653003)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653003/; classtype:trojan-activity;sid:84516103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653004/; classtype:trojan-activity;sid:84516104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653005)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653005/; classtype:trojan-activity;sid:84516105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652998/; classtype:trojan-activity;sid:84516098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-12-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652997/; classtype:trojan-activity;sid:84516097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652996)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/update/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652996/; classtype:trojan-activity;sid:84516096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652995)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652995/; classtype:trojan-activity;sid:84516095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652992)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652992/; classtype:trojan-activity;sid:84516092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652993/; classtype:trojan-activity;sid:84516093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652994/; classtype:trojan-activity;sid:84516094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652990/; classtype:trojan-activity;sid:84516090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652991/; classtype:trojan-activity;sid:84516091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652988/; classtype:trojan-activity;sid:84516088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652989/; classtype:trojan-activity;sid:84516089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652985/; classtype:trojan-activity;sid:84516085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652986)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652986/; classtype:trojan-activity;sid:84516086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652987)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652987/; classtype:trojan-activity;sid:84516087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652978)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652978/; classtype:trojan-activity;sid:84516078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652979)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652979/; classtype:trojan-activity;sid:84516079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652980/; classtype:trojan-activity;sid:84516080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652982)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652982/; classtype:trojan-activity;sid:84516082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652983)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652983/; classtype:trojan-activity;sid:84516083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652976/; classtype:trojan-activity;sid:84516076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652977/; classtype:trojan-activity;sid:84516077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652975)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/js/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652975/; classtype:trojan-activity;sid:84516075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652970/; classtype:trojan-activity;sid:84516070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652971)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652971/; classtype:trojan-activity;sid:84516071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652972)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652972/; classtype:trojan-activity;sid:84516072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652968)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/powerpoint.pt-br/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652968/; classtype:trojan-activity;sid:84516068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652969)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652969/; classtype:trojan-activity;sid:84516069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652963)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652963/; classtype:trojan-activity;sid:84516063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652964)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652964/; classtype:trojan-activity;sid:84516064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652965)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652965/; classtype:trojan-activity;sid:84516065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652966)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241106-151/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652966/; classtype:trojan-activity;sid:84516066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652962/; classtype:trojan-activity;sid:84516062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652961)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652961/; classtype:trojan-activity;sid:84516061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652960/; classtype:trojan-activity;sid:84516060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652958)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652958/; classtype:trojan-activity;sid:84516058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652955)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652955/; classtype:trojan-activity;sid:84516055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652956)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652956/; classtype:trojan-activity;sid:84516056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652957)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652957/; classtype:trojan-activity;sid:84516057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652954/; classtype:trojan-activity;sid:84516054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652950)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652950/; classtype:trojan-activity;sid:84516050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652951)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652951/; classtype:trojan-activity;sid:84516051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652952)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652952/; classtype:trojan-activity;sid:84516052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652953/; classtype:trojan-activity;sid:84516053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652948)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652948/; classtype:trojan-activity;sid:84516048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652947)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652947/; classtype:trojan-activity;sid:84516047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652944)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652944/; classtype:trojan-activity;sid:84516044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652945)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652945/; classtype:trojan-activity;sid:84516045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652940/; classtype:trojan-activity;sid:84516040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652941)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652941/; classtype:trojan-activity;sid:84516041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652939/; classtype:trojan-activity;sid:84516039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652938)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652938/; classtype:trojan-activity;sid:84516038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652936)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/1033/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652936/; classtype:trojan-activity;sid:84516036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652937)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652937/; classtype:trojan-activity;sid:84516037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652934)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652934/; classtype:trojan-activity;sid:84516034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652935/; classtype:trojan-activity;sid:84516035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652932/; classtype:trojan-activity;sid:84516032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652933/; classtype:trojan-activity;sid:84516033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652928)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241016-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652928/; classtype:trojan-activity;sid:84516028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652929)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652929/; classtype:trojan-activity;sid:84516029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652930)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/system32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652930/; classtype:trojan-activity;sid:84516030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652931)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652931/; classtype:trojan-activity;sid:84516031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652927)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652927/; classtype:trojan-activity;sid:84516027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652925)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652925/; classtype:trojan-activity;sid:84516025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652922)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652922/; classtype:trojan-activity;sid:84516022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652923/; classtype:trojan-activity;sid:84516023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652924)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652924/; classtype:trojan-activity;sid:84516024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652921/; classtype:trojan-activity;sid:84516021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652919/; classtype:trojan-activity;sid:84516019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652920/; classtype:trojan-activity;sid:84516020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652915)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652915/; classtype:trojan-activity;sid:84516015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652916)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652916/; classtype:trojan-activity;sid:84516016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652918)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652918/; classtype:trojan-activity;sid:84516018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652914)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652914/; classtype:trojan-activity;sid:84516014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652913)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250410-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652913/; classtype:trojan-activity;sid:84516013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652911)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652911/; classtype:trojan-activity;sid:84516011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652906)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652906/; classtype:trojan-activity;sid:84516006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652908)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652908/; classtype:trojan-activity;sid:84516008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652909)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652909/; classtype:trojan-activity;sid:84516009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652910)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652910/; classtype:trojan-activity;sid:84516010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652905)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652905/; classtype:trojan-activity;sid:84516005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652902)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652902/; classtype:trojan-activity;sid:84516002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652903)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652903/; classtype:trojan-activity;sid:84516003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652901)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652901/; classtype:trojan-activity;sid:84516001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652898)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/remoteblobstore/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652898/; classtype:trojan-activity;sid:84515998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652899)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652899/; classtype:trojan-activity;sid:84515999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652900)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652900/; classtype:trojan-activity;sid:84516000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652897)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652897/; classtype:trojan-activity;sid:84515997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652892)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652892/; classtype:trojan-activity;sid:84515992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652893)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652893/; classtype:trojan-activity;sid:84515993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652894)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241128-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652894/; classtype:trojan-activity;sid:84515994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652895/; classtype:trojan-activity;sid:84515995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652889)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240625-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652889/; classtype:trojan-activity;sid:84515989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652890)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652890/; classtype:trojan-activity;sid:84515990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652891)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652891/; classtype:trojan-activity;sid:84515991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652887)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652887/; classtype:trojan-activity;sid:84515987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652888)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652888/; classtype:trojan-activity;sid:84515988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652886)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652886/; classtype:trojan-activity;sid:84515986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652885)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652885/; classtype:trojan-activity;sid:84515985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652883)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652883/; classtype:trojan-activity;sid:84515983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652884)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652884/; classtype:trojan-activity;sid:84515984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652878)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250625-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652878/; classtype:trojan-activity;sid:84515978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652879)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/css/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652879/; classtype:trojan-activity;sid:84515979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652880)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652880/; classtype:trojan-activity;sid:84515980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652881)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250613-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652881/; classtype:trojan-activity;sid:84515981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652882)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652882/; classtype:trojan-activity;sid:84515982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652875)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652875/; classtype:trojan-activity;sid:84515975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652876)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652876/; classtype:trojan-activity;sid:84515976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652877)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652877/; classtype:trojan-activity;sid:84515977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652873)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652873/; classtype:trojan-activity;sid:84515973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652871)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652871/; classtype:trojan-activity;sid:84515971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652872)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652872/; classtype:trojan-activity;sid:84515972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652869/; classtype:trojan-activity;sid:84515969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652870)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652870/; classtype:trojan-activity;sid:84515970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652868)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652868/; classtype:trojan-activity;sid:84515968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652867)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652867/; classtype:trojan-activity;sid:84515967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652865/; classtype:trojan-activity;sid:84515965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652866)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652866/; classtype:trojan-activity;sid:84515966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652862)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652862/; classtype:trojan-activity;sid:84515962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652861)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652861/; classtype:trojan-activity;sid:84515961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652859)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/2.0/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652859/; classtype:trojan-activity;sid:84515959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652860)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652860/; classtype:trojan-activity;sid:84515960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652855)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652855/; classtype:trojan-activity;sid:84515955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652856)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250604-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652856/; classtype:trojan-activity;sid:84515956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652846/; classtype:trojan-activity;sid:84515946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652847)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652847/; classtype:trojan-activity;sid:84515947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652848)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652848/; classtype:trojan-activity;sid:84515948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652850)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652850/; classtype:trojan-activity;sid:84515950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652851/; classtype:trojan-activity;sid:84515951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652853)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652853/; classtype:trojan-activity;sid:84515953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652854)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652854/; classtype:trojan-activity;sid:84515954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652844)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652844/; classtype:trojan-activity;sid:84515944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652845)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652845/; classtype:trojan-activity;sid:84515945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652841)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652841/; classtype:trojan-activity;sid:84515941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652842)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652842/; classtype:trojan-activity;sid:84515942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652843/; classtype:trojan-activity;sid:84515943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652839)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250214-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652839/; classtype:trojan-activity;sid:84515939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652840)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652840/; classtype:trojan-activity;sid:84515940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652832)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652832/; classtype:trojan-activity;sid:84515932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652833)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/1033/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652833/; classtype:trojan-activity;sid:84515933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652835)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652835/; classtype:trojan-activity;sid:84515935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652836)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652836/; classtype:trojan-activity;sid:84515936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652837/; classtype:trojan-activity;sid:84515937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652829)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652829/; classtype:trojan-activity;sid:84515929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230629-126/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652830/; classtype:trojan-activity;sid:84515930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652831)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652831/; classtype:trojan-activity;sid:84515931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652824)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250410-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652824/; classtype:trojan-activity;sid:84515924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652825)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/windows%20installer/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652825/; classtype:trojan-activity;sid:84515925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652826)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250726-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652826/; classtype:trojan-activity;sid:84515926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652827)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652827/; classtype:trojan-activity;sid:84515927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652828)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/demo/helpers/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652828/; classtype:trojan-activity;sid:84515928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652823)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652823/; classtype:trojan-activity;sid:84515923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652819)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/gac_32/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652819/; classtype:trojan-activity;sid:84515919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652815)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652815/; classtype:trojan-activity;sid:84515915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652816)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652816/; classtype:trojan-activity;sid:84515916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652812)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652812/; classtype:trojan-activity;sid:84515912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652813)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652813/; classtype:trojan-activity;sid:84515913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652811)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652811/; classtype:trojan-activity;sid:84515911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652807)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250625-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652807/; classtype:trojan-activity;sid:84515907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652808)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652808/; classtype:trojan-activity;sid:84515908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241112-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652809/; classtype:trojan-activity;sid:84515909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652802)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/saomiao/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652802/; classtype:trojan-activity;sid:84515902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652803/; classtype:trojan-activity;sid:84515903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652804)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250408-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652804/; classtype:trojan-activity;sid:84515904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652805)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652805/; classtype:trojan-activity;sid:84515905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652800)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pbdll/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652800/; classtype:trojan-activity;sid:84515900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652801)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100_beta1/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652801/; classtype:trojan-activity;sid:84515901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652798)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652798/; classtype:trojan-activity;sid:84515898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652797)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1150/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652797/; classtype:trojan-activity;sid:84515897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652796)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230327-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652796/; classtype:trojan-activity;sid:84515896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652794)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652794/; classtype:trojan-activity;sid:84515894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652790)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652790/; classtype:trojan-activity;sid:84515890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652791)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241205-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652791/; classtype:trojan-activity;sid:84515891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652792)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652792/; classtype:trojan-activity;sid:84515892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652793)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652793/; classtype:trojan-activity;sid:84515893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652788/; classtype:trojan-activity;sid:84515888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652789/; classtype:trojan-activity;sid:84515889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652786)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652786/; classtype:trojan-activity;sid:84515886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652787)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250516-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652787/; classtype:trojan-activity;sid:84515887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652783)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652783/; classtype:trojan-activity;sid:84515883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652784)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652784/; classtype:trojan-activity;sid:84515884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652780)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652780/; classtype:trojan-activity;sid:84515880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652778)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240329-100/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652778/; classtype:trojan-activity;sid:84515878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652779)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652779/; classtype:trojan-activity;sid:84515879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652777/; classtype:trojan-activity;sid:84515877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652776/; classtype:trojan-activity;sid:84515876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652772/; classtype:trojan-activity;sid:84515872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652773)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652773/; classtype:trojan-activity;sid:84515873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652774)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652774/; classtype:trojan-activity;sid:84515874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652775)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1000/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652775/; classtype:trojan-activity;sid:84515875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652771)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/windows%20installer/ia64/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652771/; classtype:trojan-activity;sid:84515871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-08-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652767/; classtype:trojan-activity;sid:84515867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652768)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652768/; classtype:trojan-activity;sid:84515868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652770)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652770/; classtype:trojan-activity;sid:84515870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652766)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652766/; classtype:trojan-activity;sid:84515866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652765)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652765/; classtype:trojan-activity;sid:84515865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652763)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652763/; classtype:trojan-activity;sid:84515863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652751)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240919-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652751/; classtype:trojan-activity;sid:84515851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652752)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652752/; classtype:trojan-activity;sid:84515852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652753/; classtype:trojan-activity;sid:84515853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652754)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652754/; classtype:trojan-activity;sid:84515854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652756)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652756/; classtype:trojan-activity;sid:84515856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652757)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652757/; classtype:trojan-activity;sid:84515857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652758)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652758/; classtype:trojan-activity;sid:84515858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652759)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250315-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652759/; classtype:trojan-activity;sid:84515859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652760)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652760/; classtype:trojan-activity;sid:84515860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652750)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240608-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652750/; classtype:trojan-activity;sid:84515850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652749)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652749/; classtype:trojan-activity;sid:84515849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652747)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652747/; classtype:trojan-activity;sid:84515847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652748)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652748/; classtype:trojan-activity;sid:84515848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652745)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652745/; classtype:trojan-activity;sid:84515845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652746)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652746/; classtype:trojan-activity;sid:84515846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652743)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652743/; classtype:trojan-activity;sid:84515843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652744)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652744/; classtype:trojan-activity;sid:84515844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652741)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652741/; classtype:trojan-activity;sid:84515841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652740)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652740/; classtype:trojan-activity;sid:84515840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652734)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652734/; classtype:trojan-activity;sid:84515834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652735)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652735/; classtype:trojan-activity;sid:84515835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652736)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652736/; classtype:trojan-activity;sid:84515836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652737)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652737/; classtype:trojan-activity;sid:84515837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652739)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652739/; classtype:trojan-activity;sid:84515839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652731)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652731/; classtype:trojan-activity;sid:84515831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652732)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652732/; classtype:trojan-activity;sid:84515832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652733)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652733/; classtype:trojan-activity;sid:84515833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652729)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/images/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652729/; classtype:trojan-activity;sid:84515829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652730)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/2052/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652730/; classtype:trojan-activity;sid:84515830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652727)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652727/; classtype:trojan-activity;sid:84515827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652728)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652728/; classtype:trojan-activity;sid:84515828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652726)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652726/; classtype:trojan-activity;sid:84515826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652725/; classtype:trojan-activity;sid:84515825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652723/; classtype:trojan-activity;sid:84515823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652722)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652722/; classtype:trojan-activity;sid:84515822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652718/; classtype:trojan-activity;sid:84515818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652719/; classtype:trojan-activity;sid:84515819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652721/; classtype:trojan-activity;sid:84515821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652716/; classtype:trojan-activity;sid:84515816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652717/; classtype:trojan-activity;sid:84515817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652713)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652713/; classtype:trojan-activity;sid:84515813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652705/; classtype:trojan-activity;sid:84515805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652706)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/powershell/x64/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652706/; classtype:trojan-activity;sid:84515806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652707/; classtype:trojan-activity;sid:84515807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652708)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652708/; classtype:trojan-activity;sid:84515808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652709)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652709/; classtype:trojan-activity;sid:84515809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652710)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652710/; classtype:trojan-activity;sid:84515810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652711)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652711/; classtype:trojan-activity;sid:84515811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652712)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652712/; classtype:trojan-activity;sid:84515812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652704)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652704/; classtype:trojan-activity;sid:84515804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652702/; classtype:trojan-activity;sid:84515802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652703)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652703/; classtype:trojan-activity;sid:84515803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652700/; classtype:trojan-activity;sid:84515800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652699)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1040/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652699/; classtype:trojan-activity;sid:84515799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652698)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652698/; classtype:trojan-activity;sid:84515798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652696/; classtype:trojan-activity;sid:84515796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652697/; classtype:trojan-activity;sid:84515797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652694)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/tools/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652694/; classtype:trojan-activity;sid:84515794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652689)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652689/; classtype:trojan-activity;sid:84515789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652690)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652690/; classtype:trojan-activity;sid:84515790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652691)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652691/; classtype:trojan-activity;sid:84515791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652692/; classtype:trojan-activity;sid:84515792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652686)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221130-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652686/; classtype:trojan-activity;sid:84515786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652684)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/2052/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652684/; classtype:trojan-activity;sid:84515784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652682)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652682/; classtype:trojan-activity;sid:84515782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652683/; classtype:trojan-activity;sid:84515783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652678)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652678/; classtype:trojan-activity;sid:84515778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652679)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652679/; classtype:trojan-activity;sid:84515779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652680)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652680/; classtype:trojan-activity;sid:84515780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652681)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652681/; classtype:trojan-activity;sid:84515781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652677)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652677/; classtype:trojan-activity;sid:84515777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652673)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652673/; classtype:trojan-activity;sid:84515773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652674)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652674/; classtype:trojan-activity;sid:84515774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652675/; classtype:trojan-activity;sid:84515775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652676)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652676/; classtype:trojan-activity;sid:84515776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652671/; classtype:trojan-activity;sid:84515771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652669)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652669/; classtype:trojan-activity;sid:84515769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652670)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240224-074/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652670/; classtype:trojan-activity;sid:84515770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652664/; classtype:trojan-activity;sid:84515764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-02-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652665/; classtype:trojan-activity;sid:84515765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652666)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652666/; classtype:trojan-activity;sid:84515766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652667)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/1033/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652667/; classtype:trojan-activity;sid:84515767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652668)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652668/; classtype:trojan-activity;sid:84515768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652662)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652662/; classtype:trojan-activity;sid:84515762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652663)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652663/; classtype:trojan-activity;sid:84515763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652661/; classtype:trojan-activity;sid:84515761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652658)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652658/; classtype:trojan-activity;sid:84515758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652659)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240402-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652659/; classtype:trojan-activity;sid:84515759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652660)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652660/; classtype:trojan-activity;sid:84515760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652652)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250111-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652652/; classtype:trojan-activity;sid:84515752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652653)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652653/; classtype:trojan-activity;sid:84515753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652654)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652654/; classtype:trojan-activity;sid:84515754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652655)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652655/; classtype:trojan-activity;sid:84515755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652657)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652657/; classtype:trojan-activity;sid:84515757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652651)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652651/; classtype:trojan-activity;sid:84515751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652649)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652649/; classtype:trojan-activity;sid:84515749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652650)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/demo/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652650/; classtype:trojan-activity;sid:84515750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652646)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/gac_32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652646/; classtype:trojan-activity;sid:84515746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652647)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652647/; classtype:trojan-activity;sid:84515747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652648)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652648/; classtype:trojan-activity;sid:84515748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652645/; classtype:trojan-activity;sid:84515745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652642)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652642/; classtype:trojan-activity;sid:84515742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652643)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652643/; classtype:trojan-activity;sid:84515743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652644)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652644/; classtype:trojan-activity;sid:84515744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652637/; classtype:trojan-activity;sid:84515737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652638)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652638/; classtype:trojan-activity;sid:84515738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652639)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652639/; classtype:trojan-activity;sid:84515739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-03-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652640/; classtype:trojan-activity;sid:84515740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652641)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652641/; classtype:trojan-activity;sid:84515741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652634)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652634/; classtype:trojan-activity;sid:84515734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652635)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652635/; classtype:trojan-activity;sid:84515735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652636/; classtype:trojan-activity;sid:84515736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-27/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652631/; classtype:trojan-activity;sid:84515731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652632)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652632/; classtype:trojan-activity;sid:84515732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652629/; classtype:trojan-activity;sid:84515729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652626)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652626/; classtype:trojan-activity;sid:84515726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652627)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652627/; classtype:trojan-activity;sid:84515727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652628)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652628/; classtype:trojan-activity;sid:84515728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652623)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652623/; classtype:trojan-activity;sid:84515723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652624)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241123-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652624/; classtype:trojan-activity;sid:84515724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652625)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652625/; classtype:trojan-activity;sid:84515725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652619)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230918-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652619/; classtype:trojan-activity;sid:84515719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652621)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652621/; classtype:trojan-activity;sid:84515721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652622)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/1033/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652622/; classtype:trojan-activity;sid:84515722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652618/; classtype:trojan-activity;sid:84515718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652617/; classtype:trojan-activity;sid:84515717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652614)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652614/; classtype:trojan-activity;sid:84515714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652615)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652615/; classtype:trojan-activity;sid:84515715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652608)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652608/; classtype:trojan-activity;sid:84515708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652609)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652609/; classtype:trojan-activity;sid:84515709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652610)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652610/; classtype:trojan-activity;sid:84515710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652611)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652611/; classtype:trojan-activity;sid:84515711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652612)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652612/; classtype:trojan-activity;sid:84515712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652613)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652613/; classtype:trojan-activity;sid:84515713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652605)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652605/; classtype:trojan-activity;sid:84515705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652606)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652606/; classtype:trojan-activity;sid:84515706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652607)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652607/; classtype:trojan-activity;sid:84515707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652600)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652600/; classtype:trojan-activity;sid:84515700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652601)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652601/; classtype:trojan-activity;sid:84515701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652602)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652602/; classtype:trojan-activity;sid:84515702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652603/; classtype:trojan-activity;sid:84515703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652598)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240823-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652598/; classtype:trojan-activity;sid:84515698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652599)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652599/; classtype:trojan-activity;sid:84515699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652597)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652597/; classtype:trojan-activity;sid:84515697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652596)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/x64/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652596/; classtype:trojan-activity;sid:84515696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652594)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652594/; classtype:trojan-activity;sid:84515694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652595)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652595/; classtype:trojan-activity;sid:84515695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652591/; classtype:trojan-activity;sid:84515691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652590)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652590/; classtype:trojan-activity;sid:84515690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652587)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/3082/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652587/; classtype:trojan-activity;sid:84515687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652588)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652588/; classtype:trojan-activity;sid:84515688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652589)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652589/; classtype:trojan-activity;sid:84515689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652584)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652584/; classtype:trojan-activity;sid:84515684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652585)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652585/; classtype:trojan-activity;sid:84515685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652586)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/css/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652586/; classtype:trojan-activity;sid:84515686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652583)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652583/; classtype:trojan-activity;sid:84515683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652582)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0606/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652582/; classtype:trojan-activity;sid:84515682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652580)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652580/; classtype:trojan-activity;sid:84515680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652578/; classtype:trojan-activity;sid:84515678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652574)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652574/; classtype:trojan-activity;sid:84515674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652575)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652575/; classtype:trojan-activity;sid:84515675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652576)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652576/; classtype:trojan-activity;sid:84515676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652577)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652577/; classtype:trojan-activity;sid:84515677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652571)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652571/; classtype:trojan-activity;sid:84515671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652572)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652572/; classtype:trojan-activity;sid:84515672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652573/; classtype:trojan-activity;sid:84515673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652568)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652568/; classtype:trojan-activity;sid:84515668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652564/; classtype:trojan-activity;sid:84515664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652565)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652565/; classtype:trojan-activity;sid:84515665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652567)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652567/; classtype:trojan-activity;sid:84515667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652563)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652563/; classtype:trojan-activity;sid:84515663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652559)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652559/; classtype:trojan-activity;sid:84515659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652560)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230818-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652560/; classtype:trojan-activity;sid:84515660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652561)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652561/; classtype:trojan-activity;sid:84515661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652557)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652557/; classtype:trojan-activity;sid:84515657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652558/; classtype:trojan-activity;sid:84515658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652554)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/images/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652554/; classtype:trojan-activity;sid:84515654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652555)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652555/; classtype:trojan-activity;sid:84515655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652552)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652552/; classtype:trojan-activity;sid:84515652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652553)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652553/; classtype:trojan-activity;sid:84515653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652549)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652549/; classtype:trojan-activity;sid:84515649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652550)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652550/; classtype:trojan-activity;sid:84515650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652551)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652551/; classtype:trojan-activity;sid:84515651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652547/; classtype:trojan-activity;sid:84515647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652548)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652548/; classtype:trojan-activity;sid:84515648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240907-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652542/; classtype:trojan-activity;sid:84515642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652543)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652543/; classtype:trojan-activity;sid:84515643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652544)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652544/; classtype:trojan-activity;sid:84515644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652545)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250621-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652545/; classtype:trojan-activity;sid:84515645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652546)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/upgrade%20advisor/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652546/; classtype:trojan-activity;sid:84515646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652539)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652539/; classtype:trojan-activity;sid:84515639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652540)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250212-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652540/; classtype:trojan-activity;sid:84515640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652536)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652536/; classtype:trojan-activity;sid:84515636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652537)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652537/; classtype:trojan-activity;sid:84515637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652538)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652538/; classtype:trojan-activity;sid:84515638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652531)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652531/; classtype:trojan-activity;sid:84515631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652532)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652532/; classtype:trojan-activity;sid:84515632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652533)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652533/; classtype:trojan-activity;sid:84515633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652534)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652534/; classtype:trojan-activity;sid:84515634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652535)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652535/; classtype:trojan-activity;sid:84515635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652530)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652530/; classtype:trojan-activity;sid:84515630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652528)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652528/; classtype:trojan-activity;sid:84515628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652524)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652524/; classtype:trojan-activity;sid:84515624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652525/; classtype:trojan-activity;sid:84515625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652526)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652526/; classtype:trojan-activity;sid:84515626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652521)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652521/; classtype:trojan-activity;sid:84515621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652522)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/js/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652522/; classtype:trojan-activity;sid:84515622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652523)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652523/; classtype:trojan-activity;sid:84515623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652518)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652518/; classtype:trojan-activity;sid:84515618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652519)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1250/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652519/; classtype:trojan-activity;sid:84515619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652520)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652520/; classtype:trojan-activity;sid:84515620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652514)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652514/; classtype:trojan-activity;sid:84515614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652515)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652515/; classtype:trojan-activity;sid:84515615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652516)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652516/; classtype:trojan-activity;sid:84515616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652517)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652517/; classtype:trojan-activity;sid:84515617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652509)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/remoteblobstore/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652509/; classtype:trojan-activity;sid:84515609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652510)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652510/; classtype:trojan-activity;sid:84515610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652511)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250709-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652511/; classtype:trojan-activity;sid:84515611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652512)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652512/; classtype:trojan-activity;sid:84515612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652513)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652513/; classtype:trojan-activity;sid:84515613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652503)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652503/; classtype:trojan-activity;sid:84515603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652504)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652504/; classtype:trojan-activity;sid:84515604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652505)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652505/; classtype:trojan-activity;sid:84515605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652506)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652506/; classtype:trojan-activity;sid:84515606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652507)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652507/; classtype:trojan-activity;sid:84515607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652501)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652501/; classtype:trojan-activity;sid:84515601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652502)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250403-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652502/; classtype:trojan-activity;sid:84515602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652496/; classtype:trojan-activity;sid:84515596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652497)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250429-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652497/; classtype:trojan-activity;sid:84515597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652498)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240718-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652498/; classtype:trojan-activity;sid:84515598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652499)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652499/; classtype:trojan-activity;sid:84515599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652494)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652494/; classtype:trojan-activity;sid:84515594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652495)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652495/; classtype:trojan-activity;sid:84515595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652486/; classtype:trojan-activity;sid:84515586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652485/; classtype:trojan-activity;sid:84515585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652483/; classtype:trojan-activity;sid:84515583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652484/; classtype:trojan-activity;sid:84515584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652482/; classtype:trojan-activity;sid:84515582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652481/; classtype:trojan-activity;sid:84515581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652480/; classtype:trojan-activity;sid:84515580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652478/; classtype:trojan-activity;sid:84515578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652479)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652479/; classtype:trojan-activity;sid:84515579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652476/; classtype:trojan-activity;sid:84515576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652477)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230526-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652477/; classtype:trojan-activity;sid:84515577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652474/; classtype:trojan-activity;sid:84515574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652475)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652475/; classtype:trojan-activity;sid:84515575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652473/; classtype:trojan-activity;sid:84515573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-09-26/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652472/; classtype:trojan-activity;sid:84515572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652471/; classtype:trojan-activity;sid:84515571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652470/; classtype:trojan-activity;sid:84515570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652467/; classtype:trojan-activity;sid:84515567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652468/; classtype:trojan-activity;sid:84515568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652469/; classtype:trojan-activity;sid:84515569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652466)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231110-090/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652466/; classtype:trojan-activity;sid:84515566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652464/; classtype:trojan-activity;sid:84515564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-04-03/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652465/; classtype:trojan-activity;sid:84515565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652463/; classtype:trojan-activity;sid:84515563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652462/; classtype:trojan-activity;sid:84515562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652461/; classtype:trojan-activity;sid:84515561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652460/; classtype:trojan-activity;sid:84515560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652458/; classtype:trojan-activity;sid:84515558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652459/; classtype:trojan-activity;sid:84515559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652457/; classtype:trojan-activity;sid:84515557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652455/; classtype:trojan-activity;sid:84515555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-03-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652454/; classtype:trojan-activity;sid:84515554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652453/; classtype:trojan-activity;sid:84515553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652451/; classtype:trojan-activity;sid:84515551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652452/; classtype:trojan-activity;sid:84515552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652450)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221015-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652450/; classtype:trojan-activity;sid:84515550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652449/; classtype:trojan-activity;sid:84515549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652445/; classtype:trojan-activity;sid:84515545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652447/; classtype:trojan-activity;sid:84515547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652448/; classtype:trojan-activity;sid:84515548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652442/; classtype:trojan-activity;sid:84515542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652443)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240326-093/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652443/; classtype:trojan-activity;sid:84515543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652444/; classtype:trojan-activity;sid:84515544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652440)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/bookmark/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652440/; classtype:trojan-activity;sid:84515540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652441/; classtype:trojan-activity;sid:84515541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652439/; classtype:trojan-activity;sid:84515539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652437/; classtype:trojan-activity;sid:84515537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652435/; classtype:trojan-activity;sid:84515535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652434/; classtype:trojan-activity;sid:84515534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652433/; classtype:trojan-activity;sid:84515533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652432/; classtype:trojan-activity;sid:84515532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652431/; classtype:trojan-activity;sid:84515531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652430/; classtype:trojan-activity;sid:84515530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652429/; classtype:trojan-activity;sid:84515529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652427/; classtype:trojan-activity;sid:84515527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652428/; classtype:trojan-activity;sid:84515528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652426/; classtype:trojan-activity;sid:84515526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652425/; classtype:trojan-activity;sid:84515525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652424/; classtype:trojan-activity;sid:84515524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652423/; classtype:trojan-activity;sid:84515523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652421/; classtype:trojan-activity;sid:84515521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652422/; classtype:trojan-activity;sid:84515522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652419/; classtype:trojan-activity;sid:84515519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652420/; classtype:trojan-activity;sid:84515520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652417/; classtype:trojan-activity;sid:84515517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652418/; classtype:trojan-activity;sid:84515518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652416/; classtype:trojan-activity;sid:84515516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652414/; classtype:trojan-activity;sid:84515514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652413/; classtype:trojan-activity;sid:84515513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652412/; classtype:trojan-activity;sid:84515512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652411/; classtype:trojan-activity;sid:84515511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652409)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/logic/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652409/; classtype:trojan-activity;sid:84515509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652410)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221118-098/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652410/; classtype:trojan-activity;sid:84515510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652408/; classtype:trojan-activity;sid:84515508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652404/; classtype:trojan-activity;sid:84515504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652405)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240912-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652405/; classtype:trojan-activity;sid:84515505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652406)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652406/; classtype:trojan-activity;sid:84515506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652407/; classtype:trojan-activity;sid:84515507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652402/; classtype:trojan-activity;sid:84515502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652403/; classtype:trojan-activity;sid:84515503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652401/; classtype:trojan-activity;sid:84515501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652399/; classtype:trojan-activity;sid:84515499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652400/; classtype:trojan-activity;sid:84515500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652397/; classtype:trojan-activity;sid:84515497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652398/; classtype:trojan-activity;sid:84515498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652395/; classtype:trojan-activity;sid:84515495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652396/; classtype:trojan-activity;sid:84515496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652393)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221130-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652393/; classtype:trojan-activity;sid:84515493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652394)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/otherup/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652394/; classtype:trojan-activity;sid:84515494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-01-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652391/; classtype:trojan-activity;sid:84515491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652392/; classtype:trojan-activity;sid:84515492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652390/; classtype:trojan-activity;sid:84515490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652388)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw60/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652388/; classtype:trojan-activity;sid:84515488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652389/; classtype:trojan-activity;sid:84515489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652386/; classtype:trojan-activity;sid:84515486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652387/; classtype:trojan-activity;sid:84515487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-11-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652384/; classtype:trojan-activity;sid:84515484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652385)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221118-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652385/; classtype:trojan-activity;sid:84515485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652383/; classtype:trojan-activity;sid:84515483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652379)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/e3ee6be74f9a/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652379/; classtype:trojan-activity;sid:84515479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652380/; classtype:trojan-activity;sid:84515480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652381/; classtype:trojan-activity;sid:84515481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652382/; classtype:trojan-activity;sid:84515482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652377/; classtype:trojan-activity;sid:84515477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652378/; classtype:trojan-activity;sid:84515478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652376/; classtype:trojan-activity;sid:84515476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652375/; classtype:trojan-activity;sid:84515475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652373/; classtype:trojan-activity;sid:84515473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652374/; classtype:trojan-activity;sid:84515474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652371/; classtype:trojan-activity;sid:84515471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652370/; classtype:trojan-activity;sid:84515470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652368/; classtype:trojan-activity;sid:84515468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652369/; classtype:trojan-activity;sid:84515469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652366/; classtype:trojan-activity;sid:84515466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652365/; classtype:trojan-activity;sid:84515465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652363/; classtype:trojan-activity;sid:84515463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652364/; classtype:trojan-activity;sid:84515464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652362)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221201-071/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652362/; classtype:trojan-activity;sid:84515462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652361)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652361/; classtype:trojan-activity;sid:84515461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-10-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652360/; classtype:trojan-activity;sid:84515460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652359/; classtype:trojan-activity;sid:84515459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652358/; classtype:trojan-activity;sid:84515458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652357/; classtype:trojan-activity;sid:84515457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652355)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/setup/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652355/; classtype:trojan-activity;sid:84515455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652356/; classtype:trojan-activity;sid:84515456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652353/; classtype:trojan-activity;sid:84515453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652354/; classtype:trojan-activity;sid:84515454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652349/; classtype:trojan-activity;sid:84515449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652350)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240701-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652350/; classtype:trojan-activity;sid:84515450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652351/; classtype:trojan-activity;sid:84515451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652352/; classtype:trojan-activity;sid:84515452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652347/; classtype:trojan-activity;sid:84515447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652348/; classtype:trojan-activity;sid:84515448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652346/; classtype:trojan-activity;sid:84515446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652342/; classtype:trojan-activity;sid:84515442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652343/; classtype:trojan-activity;sid:84515443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652344/; classtype:trojan-activity;sid:84515444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652345/; classtype:trojan-activity;sid:84515445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652341)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/notanalyze/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652341/; classtype:trojan-activity;sid:84515441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652340/; classtype:trojan-activity;sid:84515440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652336/; classtype:trojan-activity;sid:84515436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652337/; classtype:trojan-activity;sid:84515437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652338/; classtype:trojan-activity;sid:84515438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652339)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652339/; classtype:trojan-activity;sid:84515439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652335/; classtype:trojan-activity;sid:84515435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652334)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230705-085/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652334/; classtype:trojan-activity;sid:84515434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652333/; classtype:trojan-activity;sid:84515433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652332)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/js/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652332/; classtype:trojan-activity;sid:84515432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652331/; classtype:trojan-activity;sid:84515431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652326/; classtype:trojan-activity;sid:84515426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652327/; classtype:trojan-activity;sid:84515427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652328)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652328/; classtype:trojan-activity;sid:84515428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652329/; classtype:trojan-activity;sid:84515429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652330/; classtype:trojan-activity;sid:84515430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652325/; classtype:trojan-activity;sid:84515425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652324)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-09-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652324/; classtype:trojan-activity;sid:84515424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652323/; classtype:trojan-activity;sid:84515423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652322)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652322/; classtype:trojan-activity;sid:84515422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652320)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652320/; classtype:trojan-activity;sid:84515420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652321/; classtype:trojan-activity;sid:84515421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652318/; classtype:trojan-activity;sid:84515418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652319/; classtype:trojan-activity;sid:84515419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652317/; classtype:trojan-activity;sid:84515417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652316/; classtype:trojan-activity;sid:84515416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652315)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240708-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652315/; classtype:trojan-activity;sid:84515415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652314/; classtype:trojan-activity;sid:84515414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652312/; classtype:trojan-activity;sid:84515412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652313/; classtype:trojan-activity;sid:84515413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652311)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230403-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652311/; classtype:trojan-activity;sid:84515411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652310/; classtype:trojan-activity;sid:84515410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652309/; classtype:trojan-activity;sid:84515409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652308)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652308/; classtype:trojan-activity;sid:84515408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652307/; classtype:trojan-activity;sid:84515407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652305/; classtype:trojan-activity;sid:84515405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652306/; classtype:trojan-activity;sid:84515406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652304/; classtype:trojan-activity;sid:84515404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652303/; classtype:trojan-activity;sid:84515403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652300/; classtype:trojan-activity;sid:84515400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652302/; classtype:trojan-activity;sid:84515402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652299)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240617-013/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652299/; classtype:trojan-activity;sid:84515399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652298/; classtype:trojan-activity;sid:84515398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652297)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231114-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652297/; classtype:trojan-activity;sid:84515397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652296/; classtype:trojan-activity;sid:84515396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652294/; classtype:trojan-activity;sid:84515394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652295/; classtype:trojan-activity;sid:84515395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652293/; classtype:trojan-activity;sid:84515393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-01-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652292/; classtype:trojan-activity;sid:84515392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652291/; classtype:trojan-activity;sid:84515391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652290/; classtype:trojan-activity;sid:84515390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652289/; classtype:trojan-activity;sid:84515389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652288/; classtype:trojan-activity;sid:84515388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652287/; classtype:trojan-activity;sid:84515387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652286/; classtype:trojan-activity;sid:84515386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652285/; classtype:trojan-activity;sid:84515385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652284/; classtype:trojan-activity;sid:84515384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652282/; classtype:trojan-activity;sid:84515382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652283/; classtype:trojan-activity;sid:84515383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652280/; classtype:trojan-activity;sid:84515380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652281/; classtype:trojan-activity;sid:84515381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652279/; classtype:trojan-activity;sid:84515379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652277/; classtype:trojan-activity;sid:84515377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652278/; classtype:trojan-activity;sid:84515378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652275/; classtype:trojan-activity;sid:84515375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652276/; classtype:trojan-activity;sid:84515376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652273/; classtype:trojan-activity;sid:84515373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652274/; classtype:trojan-activity;sid:84515374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652272/; classtype:trojan-activity;sid:84515372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652271)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220825-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652271/; classtype:trojan-activity;sid:84515371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652270/; classtype:trojan-activity;sid:84515370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652269/; classtype:trojan-activity;sid:84515369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652267)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652267/; classtype:trojan-activity;sid:84515367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652266)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231016-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652266/; classtype:trojan-activity;sid:84515366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652265/; classtype:trojan-activity;sid:84515365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652264/; classtype:trojan-activity;sid:84515364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652263/; classtype:trojan-activity;sid:84515363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652262/; classtype:trojan-activity;sid:84515362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652261/; classtype:trojan-activity;sid:84515361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652259/; classtype:trojan-activity;sid:84515359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652260/; classtype:trojan-activity;sid:84515360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652258)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230817-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652258/; classtype:trojan-activity;sid:84515358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652257/; classtype:trojan-activity;sid:84515357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652256/; classtype:trojan-activity;sid:84515356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652255/; classtype:trojan-activity;sid:84515355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652251)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652251/; classtype:trojan-activity;sid:84515351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652250/; classtype:trojan-activity;sid:84515350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652249/; classtype:trojan-activity;sid:84515349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652246/; classtype:trojan-activity;sid:84515346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652245/; classtype:trojan-activity;sid:84515345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652244/; classtype:trojan-activity;sid:84515344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652243/; classtype:trojan-activity;sid:84515343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652241/; classtype:trojan-activity;sid:84515341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652242/; classtype:trojan-activity;sid:84515342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652239/; classtype:trojan-activity;sid:84515339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652240/; classtype:trojan-activity;sid:84515340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652238/; classtype:trojan-activity;sid:84515338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652237/; classtype:trojan-activity;sid:84515337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-07-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652236/; classtype:trojan-activity;sid:84515336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652235/; classtype:trojan-activity;sid:84515335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652234/; classtype:trojan-activity;sid:84515334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652232/; classtype:trojan-activity;sid:84515332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652233/; classtype:trojan-activity;sid:84515333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652230/; classtype:trojan-activity;sid:84515330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652231/; classtype:trojan-activity;sid:84515331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652227)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231110-108/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652227/; classtype:trojan-activity;sid:84515327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652228)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652228/; classtype:trojan-activity;sid:84515328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652229/; classtype:trojan-activity;sid:84515329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652226)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230728-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652226/; classtype:trojan-activity;sid:84515326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652224)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652224/; classtype:trojan-activity;sid:84515324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652225/; classtype:trojan-activity;sid:84515325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652223/; classtype:trojan-activity;sid:84515323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652221/; classtype:trojan-activity;sid:84515321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652222/; classtype:trojan-activity;sid:84515322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652220/; classtype:trojan-activity;sid:84515320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652218/; classtype:trojan-activity;sid:84515318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652217/; classtype:trojan-activity;sid:84515317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652216/; classtype:trojan-activity;sid:84515316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652214/; classtype:trojan-activity;sid:84515314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652215/; classtype:trojan-activity;sid:84515315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652213/; classtype:trojan-activity;sid:84515313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652212)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652212/; classtype:trojan-activity;sid:84515312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652211/; classtype:trojan-activity;sid:84515311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652210/; classtype:trojan-activity;sid:84515310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652209/; classtype:trojan-activity;sid:84515309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652208/; classtype:trojan-activity;sid:84515308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652206/; classtype:trojan-activity;sid:84515306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652207/; classtype:trojan-activity;sid:84515307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652205/; classtype:trojan-activity;sid:84515305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652204/; classtype:trojan-activity;sid:84515304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652203/; classtype:trojan-activity;sid:84515303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652201/; classtype:trojan-activity;sid:84515301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652198/; classtype:trojan-activity;sid:84515298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652199)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652199/; classtype:trojan-activity;sid:84515299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652200/; classtype:trojan-activity;sid:84515300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652197/; classtype:trojan-activity;sid:84515297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652195)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231120-099/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652195/; classtype:trojan-activity;sid:84515295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652196/; classtype:trojan-activity;sid:84515296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652193/; classtype:trojan-activity;sid:84515293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652194/; classtype:trojan-activity;sid:84515294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652192/; classtype:trojan-activity;sid:84515292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652186/; classtype:trojan-activity;sid:84515286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652187/; classtype:trojan-activity;sid:84515287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652188/; classtype:trojan-activity;sid:84515288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652189/; classtype:trojan-activity;sid:84515289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652190/; classtype:trojan-activity;sid:84515290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652191/; classtype:trojan-activity;sid:84515291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652185/; classtype:trojan-activity;sid:84515285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652184/; classtype:trojan-activity;sid:84515284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652183/; classtype:trojan-activity;sid:84515283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652182)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240803-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652182/; classtype:trojan-activity;sid:84515282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652181/; classtype:trojan-activity;sid:84515281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652180/; classtype:trojan-activity;sid:84515280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652179/; classtype:trojan-activity;sid:84515279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652176/; classtype:trojan-activity;sid:84515276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652177/; classtype:trojan-activity;sid:84515277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652178/; classtype:trojan-activity;sid:84515278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652175/; classtype:trojan-activity;sid:84515275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652174/; classtype:trojan-activity;sid:84515274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652173/; classtype:trojan-activity;sid:84515273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652171/; classtype:trojan-activity;sid:84515271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652172)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230307-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652172/; classtype:trojan-activity;sid:84515272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652169/; classtype:trojan-activity;sid:84515269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652170/; classtype:trojan-activity;sid:84515270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652168)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652168/; classtype:trojan-activity;sid:84515268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652167/; classtype:trojan-activity;sid:84515267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652166/; classtype:trojan-activity;sid:84515266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652165/; classtype:trojan-activity;sid:84515265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652164/; classtype:trojan-activity;sid:84515264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652163/; classtype:trojan-activity;sid:84515263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652162/; classtype:trojan-activity;sid:84515262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652161/; classtype:trojan-activity;sid:84515261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652160/; classtype:trojan-activity;sid:84515260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652157/; classtype:trojan-activity;sid:84515257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652158/; classtype:trojan-activity;sid:84515258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652159/; classtype:trojan-activity;sid:84515259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652156/; classtype:trojan-activity;sid:84515256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652155)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240315-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652155/; classtype:trojan-activity;sid:84515255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652154/; classtype:trojan-activity;sid:84515254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652152/; classtype:trojan-activity;sid:84515252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652151/; classtype:trojan-activity;sid:84515251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652150/; classtype:trojan-activity;sid:84515250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652147/; classtype:trojan-activity;sid:84515247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652149/; classtype:trojan-activity;sid:84515249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652144/; classtype:trojan-activity;sid:84515244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652145/; classtype:trojan-activity;sid:84515245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652141/; classtype:trojan-activity;sid:84515241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652142)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231113-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652142/; classtype:trojan-activity;sid:84515242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652143/; classtype:trojan-activity;sid:84515243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652138/; classtype:trojan-activity;sid:84515238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652139)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/logic/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652139/; classtype:trojan-activity;sid:84515239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652140/; classtype:trojan-activity;sid:84515240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652136/; classtype:trojan-activity;sid:84515236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652137/; classtype:trojan-activity;sid:84515237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652135/; classtype:trojan-activity;sid:84515235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652132/; classtype:trojan-activity;sid:84515232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652133/; classtype:trojan-activity;sid:84515233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652134/; classtype:trojan-activity;sid:84515234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652128/; classtype:trojan-activity;sid:84515228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652129/; classtype:trojan-activity;sid:84515229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652130/; classtype:trojan-activity;sid:84515230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652125)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/cpbz/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652125/; classtype:trojan-activity;sid:84515225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652126/; classtype:trojan-activity;sid:84515226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652127)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240122-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652127/; classtype:trojan-activity;sid:84515227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652122/; classtype:trojan-activity;sid:84515222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652123)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652123/; classtype:trojan-activity;sid:84515223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652124/; classtype:trojan-activity;sid:84515224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-24/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652121/; classtype:trojan-activity;sid:84515221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652120/; classtype:trojan-activity;sid:84515220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652119/; classtype:trojan-activity;sid:84515219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652112/; classtype:trojan-activity;sid:84515212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652113/; classtype:trojan-activity;sid:84515213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652114/; classtype:trojan-activity;sid:84515214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652115/; classtype:trojan-activity;sid:84515215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652116/; classtype:trojan-activity;sid:84515216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652117)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/_pb%20decompiler%20dws/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652117/; classtype:trojan-activity;sid:84515217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652118/; classtype:trojan-activity;sid:84515218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652108/; classtype:trojan-activity;sid:84515208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652109/; classtype:trojan-activity;sid:84515209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652110/; classtype:trojan-activity;sid:84515210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652111/; classtype:trojan-activity;sid:84515211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652107/; classtype:trojan-activity;sid:84515207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652105/; classtype:trojan-activity;sid:84515205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652106/; classtype:trojan-activity;sid:84515206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652102/; classtype:trojan-activity;sid:84515202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652103/; classtype:trojan-activity;sid:84515203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652104/; classtype:trojan-activity;sid:84515204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652099/; classtype:trojan-activity;sid:84515199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652100/; classtype:trojan-activity;sid:84515200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652097/; classtype:trojan-activity;sid:84515197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652096)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230829-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652096/; classtype:trojan-activity;sid:84515196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652095/; classtype:trojan-activity;sid:84515195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-04-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652094/; classtype:trojan-activity;sid:84515194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652091/; classtype:trojan-activity;sid:84515191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652092/; classtype:trojan-activity;sid:84515192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652093)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652093/; classtype:trojan-activity;sid:84515193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652090/; classtype:trojan-activity;sid:84515190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-01-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652084/; classtype:trojan-activity;sid:84515184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652085)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230719-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652085/; classtype:trojan-activity;sid:84515185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-05-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652086/; classtype:trojan-activity;sid:84515186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652087)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652087/; classtype:trojan-activity;sid:84515187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652088/; classtype:trojan-activity;sid:84515188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652089/; classtype:trojan-activity;sid:84515189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652081/; classtype:trojan-activity;sid:84515181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652082/; classtype:trojan-activity;sid:84515182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652083/; classtype:trojan-activity;sid:84515183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652078/; classtype:trojan-activity;sid:84515178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-03-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652079/; classtype:trojan-activity;sid:84515179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652080)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240618-124/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652080/; classtype:trojan-activity;sid:84515180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652074)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240717-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652074/; classtype:trojan-activity;sid:84515174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652075/; classtype:trojan-activity;sid:84515175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652076/; classtype:trojan-activity;sid:84515176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652077/; classtype:trojan-activity;sid:84515177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652072)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/aspjpeg_setup/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652072/; classtype:trojan-activity;sid:84515172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652073)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230310-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652073/; classtype:trojan-activity;sid:84515173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652070/; classtype:trojan-activity;sid:84515170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652071/; classtype:trojan-activity;sid:84515171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652067/; classtype:trojan-activity;sid:84515167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652068/; classtype:trojan-activity;sid:84515168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652069)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230309-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652069/; classtype:trojan-activity;sid:84515169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652059)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220917-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652059/; classtype:trojan-activity;sid:84515159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652060/; classtype:trojan-activity;sid:84515160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652061/; classtype:trojan-activity;sid:84515161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652062)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250523-124/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652062/; classtype:trojan-activity;sid:84515162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652063/; classtype:trojan-activity;sid:84515163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652064/; classtype:trojan-activity;sid:84515164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652065/; classtype:trojan-activity;sid:84515165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652066/; classtype:trojan-activity;sid:84515166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652057/; classtype:trojan-activity;sid:84515157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652058/; classtype:trojan-activity;sid:84515158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652056)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240312-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652056/; classtype:trojan-activity;sid:84515156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652053/; classtype:trojan-activity;sid:84515153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652054/; classtype:trojan-activity;sid:84515154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652055)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230826-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652055/; classtype:trojan-activity;sid:84515155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652047)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230406-086/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652047/; classtype:trojan-activity;sid:84515147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-08-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652048/; classtype:trojan-activity;sid:84515148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652049/; classtype:trojan-activity;sid:84515149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652050/; classtype:trojan-activity;sid:84515150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652051/; classtype:trojan-activity;sid:84515151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652052/; classtype:trojan-activity;sid:84515152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652045/; classtype:trojan-activity;sid:84515145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652046/; classtype:trojan-activity;sid:84515146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652042/; classtype:trojan-activity;sid:84515142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652043/; classtype:trojan-activity;sid:84515143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652044)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240219-116/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652044/; classtype:trojan-activity;sid:84515144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652041/; classtype:trojan-activity;sid:84515141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652039/; classtype:trojan-activity;sid:84515139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652040/; classtype:trojan-activity;sid:84515140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652035)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221227-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652035/; classtype:trojan-activity;sid:84515135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652036/; classtype:trojan-activity;sid:84515136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652037/; classtype:trojan-activity;sid:84515137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652038/; classtype:trojan-activity;sid:84515138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652033)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pbdll/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652033/; classtype:trojan-activity;sid:84515133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652034/; classtype:trojan-activity;sid:84515134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652025/; classtype:trojan-activity;sid:84515125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652026/; classtype:trojan-activity;sid:84515126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652027/; classtype:trojan-activity;sid:84515127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652028/; classtype:trojan-activity;sid:84515128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652029/; classtype:trojan-activity;sid:84515129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652030/; classtype:trojan-activity;sid:84515130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652031/; classtype:trojan-activity;sid:84515131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652032)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/sysdll/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652032/; classtype:trojan-activity;sid:84515132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652024/; classtype:trojan-activity;sid:84515124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652023/; classtype:trojan-activity;sid:84515123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652022/; classtype:trojan-activity;sid:84515122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652021/; classtype:trojan-activity;sid:84515121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652014/; classtype:trojan-activity;sid:84515114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652015/; classtype:trojan-activity;sid:84515115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652017/; classtype:trojan-activity;sid:84515117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652018/; classtype:trojan-activity;sid:84515118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652019/; classtype:trojan-activity;sid:84515119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652020/; classtype:trojan-activity;sid:84515120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652012/; classtype:trojan-activity;sid:84515112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652013/; classtype:trojan-activity;sid:84515113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652007/; classtype:trojan-activity;sid:84515107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652008/; classtype:trojan-activity;sid:84515108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652009/; classtype:trojan-activity;sid:84515109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652010/; classtype:trojan-activity;sid:84515110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652011/; classtype:trojan-activity;sid:84515111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652004)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221125-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652004/; classtype:trojan-activity;sid:84515104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652005/; classtype:trojan-activity;sid:84515105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652006/; classtype:trojan-activity;sid:84515106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652003/; classtype:trojan-activity;sid:84515103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652001)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652001/; classtype:trojan-activity;sid:84515101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652002/; classtype:trojan-activity;sid:84515102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652000/; classtype:trojan-activity;sid:84515100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651998/; classtype:trojan-activity;sid:84515098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651999/; classtype:trojan-activity;sid:84515099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651993/; classtype:trojan-activity;sid:84515093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651994/; classtype:trojan-activity;sid:84515094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651995/; classtype:trojan-activity;sid:84515095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651996/; classtype:trojan-activity;sid:84515096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651997/; classtype:trojan-activity;sid:84515097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651991/; classtype:trojan-activity;sid:84515091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651992/; classtype:trojan-activity;sid:84515092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651989/; classtype:trojan-activity;sid:84515089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651990/; classtype:trojan-activity;sid:84515090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651988/; classtype:trojan-activity;sid:84515088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651981/; classtype:trojan-activity;sid:84515081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651982/; classtype:trojan-activity;sid:84515082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651983/; classtype:trojan-activity;sid:84515083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651984)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651984/; classtype:trojan-activity;sid:84515084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651985/; classtype:trojan-activity;sid:84515085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651986/; classtype:trojan-activity;sid:84515086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651978/; classtype:trojan-activity;sid:84515078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651979)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221017-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651979/; classtype:trojan-activity;sid:84515079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651980/; classtype:trojan-activity;sid:84515080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651969/; classtype:trojan-activity;sid:84515069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651970/; classtype:trojan-activity;sid:84515070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651971/; classtype:trojan-activity;sid:84515071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651972/; classtype:trojan-activity;sid:84515072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651973/; classtype:trojan-activity;sid:84515073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651974/; classtype:trojan-activity;sid:84515074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651975/; classtype:trojan-activity;sid:84515075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651976/; classtype:trojan-activity;sid:84515076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651977/; classtype:trojan-activity;sid:84515077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651967/; classtype:trojan-activity;sid:84515067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651968/; classtype:trojan-activity;sid:84515068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651966/; classtype:trojan-activity;sid:84515066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651963/; classtype:trojan-activity;sid:84515063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651964/; classtype:trojan-activity;sid:84515064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651959/; classtype:trojan-activity;sid:84515059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651961/; classtype:trojan-activity;sid:84515061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651962/; classtype:trojan-activity;sid:84515062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651958/; classtype:trojan-activity;sid:84515058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651956/; classtype:trojan-activity;sid:84515056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651957/; classtype:trojan-activity;sid:84515057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651955/; classtype:trojan-activity;sid:84515055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651954/; classtype:trojan-activity;sid:84515054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651952/; classtype:trojan-activity;sid:84515052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651953/; classtype:trojan-activity;sid:84515053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651951/; classtype:trojan-activity;sid:84515051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651949/; classtype:trojan-activity;sid:84515049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651950/; classtype:trojan-activity;sid:84515050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651944/; classtype:trojan-activity;sid:84515044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651945/; classtype:trojan-activity;sid:84515045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/11032020101348/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651946/; classtype:trojan-activity;sid:84515046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651947/; classtype:trojan-activity;sid:84515047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651948/; classtype:trojan-activity;sid:84515048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651943/; classtype:trojan-activity;sid:84515043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651942/; classtype:trojan-activity;sid:84515042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651937/; classtype:trojan-activity;sid:84515037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651938/; classtype:trojan-activity;sid:84515038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651939/; classtype:trojan-activity;sid:84515039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651940)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651940/; classtype:trojan-activity;sid:84515040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651941/; classtype:trojan-activity;sid:84515041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651933/; classtype:trojan-activity;sid:84515033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651934/; classtype:trojan-activity;sid:84515034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651935/; classtype:trojan-activity;sid:84515035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651936/; classtype:trojan-activity;sid:84515036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651931/; classtype:trojan-activity;sid:84515031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651932/; classtype:trojan-activity;sid:84515032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651930/; classtype:trojan-activity;sid:84515030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651928/; classtype:trojan-activity;sid:84515028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651929/; classtype:trojan-activity;sid:84515029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651926/; classtype:trojan-activity;sid:84515026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651927/; classtype:trojan-activity;sid:84515027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651921/; classtype:trojan-activity;sid:84515021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651923/; classtype:trojan-activity;sid:84515023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651924/; classtype:trojan-activity;sid:84515024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651925/; classtype:trojan-activity;sid:84515025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651919)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651919/; classtype:trojan-activity;sid:84515019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651920)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250603-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651920/; classtype:trojan-activity;sid:84515020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651915/; classtype:trojan-activity;sid:84515015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651918)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240803-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651918/; classtype:trojan-activity;sid:84515018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651913/; classtype:trojan-activity;sid:84515013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651914/; classtype:trojan-activity;sid:84515014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651909/; classtype:trojan-activity;sid:84515009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651910/; classtype:trojan-activity;sid:84515010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651911)"; flow:established,from_client; content:"GET"; http_method; content:"/update/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651911/; classtype:trojan-activity;sid:84515011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651912/; classtype:trojan-activity;sid:84515012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651904)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240525-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651904/; classtype:trojan-activity;sid:84515004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651905/; classtype:trojan-activity;sid:84515005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651906/; classtype:trojan-activity;sid:84515006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651907/; classtype:trojan-activity;sid:84515007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651908)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/bookmark/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651908/; classtype:trojan-activity;sid:84515008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651901/; classtype:trojan-activity;sid:84515001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651902/; classtype:trojan-activity;sid:84515002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651903/; classtype:trojan-activity;sid:84515003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651899/; classtype:trojan-activity;sid:84514999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651900/; classtype:trojan-activity;sid:84515000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651896/; classtype:trojan-activity;sid:84514996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651897/; classtype:trojan-activity;sid:84514997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651898/; classtype:trojan-activity;sid:84514998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651894/; classtype:trojan-activity;sid:84514994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651895/; classtype:trojan-activity;sid:84514995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/td00000000000000159843/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651892/; classtype:trojan-activity;sid:84514992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651893/; classtype:trojan-activity;sid:84514993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651890/; classtype:trojan-activity;sid:84514990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651891/; classtype:trojan-activity;sid:84514991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651886)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651886/; classtype:trojan-activity;sid:84514986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651887/; classtype:trojan-activity;sid:84514987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651888/; classtype:trojan-activity;sid:84514988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651889/; classtype:trojan-activity;sid:84514989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651884/; classtype:trojan-activity;sid:84514984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651885/; classtype:trojan-activity;sid:84514985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651880)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240308-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651880/; classtype:trojan-activity;sid:84514980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651881/; classtype:trojan-activity;sid:84514981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651882/; classtype:trojan-activity;sid:84514982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651877/; classtype:trojan-activity;sid:84514977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651878/; classtype:trojan-activity;sid:84514978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651879/; classtype:trojan-activity;sid:84514979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651874/; classtype:trojan-activity;sid:84514974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651875/; classtype:trojan-activity;sid:84514975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651876/; classtype:trojan-activity;sid:84514976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651867/; classtype:trojan-activity;sid:84514967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651868/; classtype:trojan-activity;sid:84514968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651869/; classtype:trojan-activity;sid:84514969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651870/; classtype:trojan-activity;sid:84514970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651871/; classtype:trojan-activity;sid:84514971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651872/; classtype:trojan-activity;sid:84514972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651873/; classtype:trojan-activity;sid:84514973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651866/; classtype:trojan-activity;sid:84514966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651865/; classtype:trojan-activity;sid:84514965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651861/; classtype:trojan-activity;sid:84514961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651862/; classtype:trojan-activity;sid:84514962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651863/; classtype:trojan-activity;sid:84514963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651859/; classtype:trojan-activity;sid:84514959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651860/; classtype:trojan-activity;sid:84514960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651858)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651858/; classtype:trojan-activity;sid:84514958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651857/; classtype:trojan-activity;sid:84514957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651855/; classtype:trojan-activity;sid:84514955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651856)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220913-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651856/; classtype:trojan-activity;sid:84514956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651854/; classtype:trojan-activity;sid:84514954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651852/; classtype:trojan-activity;sid:84514952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651853/; classtype:trojan-activity;sid:84514953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651849/; classtype:trojan-activity;sid:84514949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651850/; classtype:trojan-activity;sid:84514950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-31/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651848/; classtype:trojan-activity;sid:84514948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651845/; classtype:trojan-activity;sid:84514945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651846/; classtype:trojan-activity;sid:84514946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651844/; classtype:trojan-activity;sid:84514944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651836/; classtype:trojan-activity;sid:84514936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651837/; classtype:trojan-activity;sid:84514937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651838/; classtype:trojan-activity;sid:84514938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651839/; classtype:trojan-activity;sid:84514939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651840/; classtype:trojan-activity;sid:84514940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651841/; classtype:trojan-activity;sid:84514941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651842/; classtype:trojan-activity;sid:84514942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651834/; classtype:trojan-activity;sid:84514934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651835/; classtype:trojan-activity;sid:84514935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651832/; classtype:trojan-activity;sid:84514932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651833/; classtype:trojan-activity;sid:84514933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651828)"; flow:established,from_client; content:"GET"; http_method; content:"/dddrupdate/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651828/; classtype:trojan-activity;sid:84514928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651829/; classtype:trojan-activity;sid:84514929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651830/; classtype:trojan-activity;sid:84514930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651831)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240403-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651831/; classtype:trojan-activity;sid:84514931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651827/; classtype:trojan-activity;sid:84514927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651822/; classtype:trojan-activity;sid:84514922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651823/; classtype:trojan-activity;sid:84514923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651824/; classtype:trojan-activity;sid:84514924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651825/; classtype:trojan-activity;sid:84514925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651826/; classtype:trojan-activity;sid:84514926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-05-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651820/; classtype:trojan-activity;sid:84514920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651821/; classtype:trojan-activity;sid:84514921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651819/; classtype:trojan-activity;sid:84514919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651813/; classtype:trojan-activity;sid:84514913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651814/; classtype:trojan-activity;sid:84514914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651816/; classtype:trojan-activity;sid:84514916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651817/; classtype:trojan-activity;sid:84514917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651818/; classtype:trojan-activity;sid:84514918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651811/; classtype:trojan-activity;sid:84514911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651812/; classtype:trojan-activity;sid:84514912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651809)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221213-037/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651809/; classtype:trojan-activity;sid:84514909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651808/; classtype:trojan-activity;sid:84514908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651806/; classtype:trojan-activity;sid:84514906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651807/; classtype:trojan-activity;sid:84514907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651802/; classtype:trojan-activity;sid:84514902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-06-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651803/; classtype:trojan-activity;sid:84514903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651804/; classtype:trojan-activity;sid:84514904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651805/; classtype:trojan-activity;sid:84514905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651800)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230415-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651800/; classtype:trojan-activity;sid:84514900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651801/; classtype:trojan-activity;sid:84514901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651798/; classtype:trojan-activity;sid:84514898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651799)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651799/; classtype:trojan-activity;sid:84514899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651796/; classtype:trojan-activity;sid:84514896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651797/; classtype:trojan-activity;sid:84514897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651794)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230511-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651794/; classtype:trojan-activity;sid:84514894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651795)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230629-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651795/; classtype:trojan-activity;sid:84514895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651791)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230414-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651791/; classtype:trojan-activity;sid:84514891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651792/; classtype:trojan-activity;sid:84514892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651793)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230508-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651793/; classtype:trojan-activity;sid:84514893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651788)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221219-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651788/; classtype:trojan-activity;sid:84514888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168897/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651789/; classtype:trojan-activity;sid:84514889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651787/; classtype:trojan-activity;sid:84514887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651782/; classtype:trojan-activity;sid:84514882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651783/; classtype:trojan-activity;sid:84514883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651784)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230922-167/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651784/; classtype:trojan-activity;sid:84514884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651785/; classtype:trojan-activity;sid:84514885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651786/; classtype:trojan-activity;sid:84514886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651777/; classtype:trojan-activity;sid:84514877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651778/; classtype:trojan-activity;sid:84514878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651779)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240527-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651779/; classtype:trojan-activity;sid:84514879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651781/; classtype:trojan-activity;sid:84514881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651774/; classtype:trojan-activity;sid:84514874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651775/; classtype:trojan-activity;sid:84514875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651776/; classtype:trojan-activity;sid:84514876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651770/; classtype:trojan-activity;sid:84514870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651771/; classtype:trojan-activity;sid:84514871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651772/; classtype:trojan-activity;sid:84514872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651768/; classtype:trojan-activity;sid:84514868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651769/; classtype:trojan-activity;sid:84514869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651767/; classtype:trojan-activity;sid:84514867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-03-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651763/; classtype:trojan-activity;sid:84514863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651764/; classtype:trojan-activity;sid:84514864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651765/; classtype:trojan-activity;sid:84514865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651760/; classtype:trojan-activity;sid:84514860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651761/; classtype:trojan-activity;sid:84514861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651762/; classtype:trojan-activity;sid:84514862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651755/; classtype:trojan-activity;sid:84514855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651756/; classtype:trojan-activity;sid:84514856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651757/; classtype:trojan-activity;sid:84514857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651758/; classtype:trojan-activity;sid:84514858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651759/; classtype:trojan-activity;sid:84514859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651753/; classtype:trojan-activity;sid:84514853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651754/; classtype:trojan-activity;sid:84514854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651751/; classtype:trojan-activity;sid:84514851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651750/; classtype:trojan-activity;sid:84514850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651741/; classtype:trojan-activity;sid:84514841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651742/; classtype:trojan-activity;sid:84514842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651743)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pbdll/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651743/; classtype:trojan-activity;sid:84514843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651744/; classtype:trojan-activity;sid:84514844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651745/; classtype:trojan-activity;sid:84514845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651746/; classtype:trojan-activity;sid:84514846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651747/; classtype:trojan-activity;sid:84514847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/homologa%c3%a7%c3%a3o/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651748/; classtype:trojan-activity;sid:84514848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651749)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651749/; classtype:trojan-activity;sid:84514849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651740/; classtype:trojan-activity;sid:84514840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651734/; classtype:trojan-activity;sid:84514834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651735/; classtype:trojan-activity;sid:84514835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651736/; classtype:trojan-activity;sid:84514836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651737/; classtype:trojan-activity;sid:84514837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651739/; classtype:trojan-activity;sid:84514839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651733)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231213-078/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651733/; classtype:trojan-activity;sid:84514833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651730/; classtype:trojan-activity;sid:84514830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651731/; classtype:trojan-activity;sid:84514831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651732/; classtype:trojan-activity;sid:84514832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651729/; classtype:trojan-activity;sid:84514829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651728/; classtype:trojan-activity;sid:84514828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-12-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651726/; classtype:trojan-activity;sid:84514826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651725/; classtype:trojan-activity;sid:84514825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651720/; classtype:trojan-activity;sid:84514820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651721/; classtype:trojan-activity;sid:84514821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651722/; classtype:trojan-activity;sid:84514822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651723/; classtype:trojan-activity;sid:84514823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651724/; classtype:trojan-activity;sid:84514824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651719)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/goods/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651719/; classtype:trojan-activity;sid:84514819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651717/; classtype:trojan-activity;sid:84514817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651718/; classtype:trojan-activity;sid:84514818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651716/; classtype:trojan-activity;sid:84514816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651715/; classtype:trojan-activity;sid:84514815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651713/; classtype:trojan-activity;sid:84514813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651710/; classtype:trojan-activity;sid:84514810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651711/; classtype:trojan-activity;sid:84514811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651712)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231026-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651712/; classtype:trojan-activity;sid:84514812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651709/; classtype:trojan-activity;sid:84514809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651707/; classtype:trojan-activity;sid:84514807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651708/; classtype:trojan-activity;sid:84514808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651704)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651704/; classtype:trojan-activity;sid:84514804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651705/; classtype:trojan-activity;sid:84514805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651706/; classtype:trojan-activity;sid:84514806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651698)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230607-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651698/; classtype:trojan-activity;sid:84514798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651699/; classtype:trojan-activity;sid:84514799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651700/; classtype:trojan-activity;sid:84514800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651701/; classtype:trojan-activity;sid:84514801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651702/; classtype:trojan-activity;sid:84514802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651695/; classtype:trojan-activity;sid:84514795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651696/; classtype:trojan-activity;sid:84514796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651697/; classtype:trojan-activity;sid:84514797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651693/; classtype:trojan-activity;sid:84514793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651694/; classtype:trojan-activity;sid:84514794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651691/; classtype:trojan-activity;sid:84514791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651692/; classtype:trojan-activity;sid:84514792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651687/; classtype:trojan-activity;sid:84514787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651688/; classtype:trojan-activity;sid:84514788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651689/; classtype:trojan-activity;sid:84514789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651690/; classtype:trojan-activity;sid:84514790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651682/; classtype:trojan-activity;sid:84514782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651683/; classtype:trojan-activity;sid:84514783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651684/; classtype:trojan-activity;sid:84514784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651681/; classtype:trojan-activity;sid:84514781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651680/; classtype:trojan-activity;sid:84514780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651679/; classtype:trojan-activity;sid:84514779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651678/; classtype:trojan-activity;sid:84514778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651673)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pbdll/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651673/; classtype:trojan-activity;sid:84514773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651674)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240722-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651674/; classtype:trojan-activity;sid:84514774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651676/; classtype:trojan-activity;sid:84514776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651677/; classtype:trojan-activity;sid:84514777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651668/; classtype:trojan-activity;sid:84514768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651669/; classtype:trojan-activity;sid:84514769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651670/; classtype:trojan-activity;sid:84514770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651671/; classtype:trojan-activity;sid:84514771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651672)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230213-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651672/; classtype:trojan-activity;sid:84514772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651667/; classtype:trojan-activity;sid:84514767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651663/; classtype:trojan-activity;sid:84514763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651664/; classtype:trojan-activity;sid:84514764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651665/; classtype:trojan-activity;sid:84514765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651666/; classtype:trojan-activity;sid:84514766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651662)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/notanalyze/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651662/; classtype:trojan-activity;sid:84514762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651655/; classtype:trojan-activity;sid:84514755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651656/; classtype:trojan-activity;sid:84514756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651657/; classtype:trojan-activity;sid:84514757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651658/; classtype:trojan-activity;sid:84514758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651659/; classtype:trojan-activity;sid:84514759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651660)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651660/; classtype:trojan-activity;sid:84514760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651661/; classtype:trojan-activity;sid:84514761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651650/; classtype:trojan-activity;sid:84514750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651651/; classtype:trojan-activity;sid:84514751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651652/; classtype:trojan-activity;sid:84514752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651653/; classtype:trojan-activity;sid:84514753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651654/; classtype:trojan-activity;sid:84514754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651645/; classtype:trojan-activity;sid:84514745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651646/; classtype:trojan-activity;sid:84514746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651647/; classtype:trojan-activity;sid:84514747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651648/; classtype:trojan-activity;sid:84514748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651649/; classtype:trojan-activity;sid:84514749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651639/; classtype:trojan-activity;sid:84514739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651640/; classtype:trojan-activity;sid:84514740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651641/; classtype:trojan-activity;sid:84514741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651642)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651642/; classtype:trojan-activity;sid:84514742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651643/; classtype:trojan-activity;sid:84514743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651644/; classtype:trojan-activity;sid:84514744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-09-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651632/; classtype:trojan-activity;sid:84514732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-16/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651633/; classtype:trojan-activity;sid:84514733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651634/; classtype:trojan-activity;sid:84514734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651635/; classtype:trojan-activity;sid:84514735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651636/; classtype:trojan-activity;sid:84514736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651637/; classtype:trojan-activity;sid:84514737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-06-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651630/; classtype:trojan-activity;sid:84514730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651631/; classtype:trojan-activity;sid:84514731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651628/; classtype:trojan-activity;sid:84514728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651622/; classtype:trojan-activity;sid:84514722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651623/; classtype:trojan-activity;sid:84514723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651624/; classtype:trojan-activity;sid:84514724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651625/; classtype:trojan-activity;sid:84514725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651626)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241205-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651626/; classtype:trojan-activity;sid:84514726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651620/; classtype:trojan-activity;sid:84514720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651621/; classtype:trojan-activity;sid:84514721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651619/; classtype:trojan-activity;sid:84514719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651617/; classtype:trojan-activity;sid:84514717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651618)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pic/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651618/; classtype:trojan-activity;sid:84514718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651616/; classtype:trojan-activity;sid:84514716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651615/; classtype:trojan-activity;sid:84514715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651614/; classtype:trojan-activity;sid:84514714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651613/; classtype:trojan-activity;sid:84514713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651611/; classtype:trojan-activity;sid:84514711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651612)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/images/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651612/; classtype:trojan-activity;sid:84514712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651610)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230323-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651610/; classtype:trojan-activity;sid:84514710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651607)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221019-077/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651607/; classtype:trojan-activity;sid:84514707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651608/; classtype:trojan-activity;sid:84514708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651609/; classtype:trojan-activity;sid:84514709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651606)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw90/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651606/; classtype:trojan-activity;sid:84514706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651605/; classtype:trojan-activity;sid:84514705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651603/; classtype:trojan-activity;sid:84514703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651604/; classtype:trojan-activity;sid:84514704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651598/; classtype:trojan-activity;sid:84514698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651599/; classtype:trojan-activity;sid:84514699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651601/; classtype:trojan-activity;sid:84514701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651602/; classtype:trojan-activity;sid:84514702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651591/; classtype:trojan-activity;sid:84514691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651593/; classtype:trojan-activity;sid:84514693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-10-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651594/; classtype:trojan-activity;sid:84514694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651595/; classtype:trojan-activity;sid:84514695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651596)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221207-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651596/; classtype:trojan-activity;sid:84514696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651597/; classtype:trojan-activity;sid:84514697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651587)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/otherup/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651587/; classtype:trojan-activity;sid:84514687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651588/; classtype:trojan-activity;sid:84514688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651589/; classtype:trojan-activity;sid:84514689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651590/; classtype:trojan-activity;sid:84514690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651583/; classtype:trojan-activity;sid:84514683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651584/; classtype:trojan-activity;sid:84514684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651585/; classtype:trojan-activity;sid:84514685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651586/; classtype:trojan-activity;sid:84514686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651582/; classtype:trojan-activity;sid:84514682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651580/; classtype:trojan-activity;sid:84514680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651581/; classtype:trojan-activity;sid:84514681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651579/; classtype:trojan-activity;sid:84514679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651577/; classtype:trojan-activity;sid:84514677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651578/; classtype:trojan-activity;sid:84514678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651573/; classtype:trojan-activity;sid:84514673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651574/; classtype:trojan-activity;sid:84514674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651575/; classtype:trojan-activity;sid:84514675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651576/; classtype:trojan-activity;sid:84514676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651570/; classtype:trojan-activity;sid:84514670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651571/; classtype:trojan-activity;sid:84514671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651572)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230310-090/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651572/; classtype:trojan-activity;sid:84514672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-08-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651567/; classtype:trojan-activity;sid:84514667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651568/; classtype:trojan-activity;sid:84514668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651569)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230503-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651569/; classtype:trojan-activity;sid:84514669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651565/; classtype:trojan-activity;sid:84514665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651566/; classtype:trojan-activity;sid:84514666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651564/; classtype:trojan-activity;sid:84514664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651562/; classtype:trojan-activity;sid:84514662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651560/; classtype:trojan-activity;sid:84514660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651561/; classtype:trojan-activity;sid:84514661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651558/; classtype:trojan-activity;sid:84514658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651559/; classtype:trojan-activity;sid:84514659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651553/; classtype:trojan-activity;sid:84514653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651554/; classtype:trojan-activity;sid:84514654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651555/; classtype:trojan-activity;sid:84514655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651556)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651556/; classtype:trojan-activity;sid:84514656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651557/; classtype:trojan-activity;sid:84514657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651548/; classtype:trojan-activity;sid:84514648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651549/; classtype:trojan-activity;sid:84514649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170596/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651550/; classtype:trojan-activity;sid:84514650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651551/; classtype:trojan-activity;sid:84514651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651552/; classtype:trojan-activity;sid:84514652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240619-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651547/; classtype:trojan-activity;sid:84514647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651545/; classtype:trojan-activity;sid:84514645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651546/; classtype:trojan-activity;sid:84514646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651539/; classtype:trojan-activity;sid:84514639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651540)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220929-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651540/; classtype:trojan-activity;sid:84514640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651541)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240531-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651541/; classtype:trojan-activity;sid:84514641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651542/; classtype:trojan-activity;sid:84514642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651543)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240523-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651543/; classtype:trojan-activity;sid:84514643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651544/; classtype:trojan-activity;sid:84514644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651532/; classtype:trojan-activity;sid:84514632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651533/; classtype:trojan-activity;sid:84514633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651534/; classtype:trojan-activity;sid:84514634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-07-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651535/; classtype:trojan-activity;sid:84514635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651536/; classtype:trojan-activity;sid:84514636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651537)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240329-083/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651537/; classtype:trojan-activity;sid:84514637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651538)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221209-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651538/; classtype:trojan-activity;sid:84514638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651530/; classtype:trojan-activity;sid:84514630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651531/; classtype:trojan-activity;sid:84514631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651528)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651528/; classtype:trojan-activity;sid:84514628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651529/; classtype:trojan-activity;sid:84514629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651527/; classtype:trojan-activity;sid:84514627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651526/; classtype:trojan-activity;sid:84514626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651525/; classtype:trojan-activity;sid:84514625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651524/; classtype:trojan-activity;sid:84514624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-26/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651521/; classtype:trojan-activity;sid:84514621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651522/; classtype:trojan-activity;sid:84514622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651523/; classtype:trojan-activity;sid:84514623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651520/; classtype:trojan-activity;sid:84514620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651519/; classtype:trojan-activity;sid:84514619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651516/; classtype:trojan-activity;sid:84514616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651517/; classtype:trojan-activity;sid:84514617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651518/; classtype:trojan-activity;sid:84514618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651515/; classtype:trojan-activity;sid:84514615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651512/; classtype:trojan-activity;sid:84514612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651514/; classtype:trojan-activity;sid:84514614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-09-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651511/; classtype:trojan-activity;sid:84514611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651510/; classtype:trojan-activity;sid:84514610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651506/; classtype:trojan-activity;sid:84514606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651507/; classtype:trojan-activity;sid:84514607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651508/; classtype:trojan-activity;sid:84514608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651504/; classtype:trojan-activity;sid:84514604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651505/; classtype:trojan-activity;sid:84514605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651502/; classtype:trojan-activity;sid:84514602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651503/; classtype:trojan-activity;sid:84514603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651494)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651494/; classtype:trojan-activity;sid:84514594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651491)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"99.232.252.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651491/; classtype:trojan-activity;sid:84514591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651489)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651489/; classtype:trojan-activity;sid:84514589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651481)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651481/; classtype:trojan-activity;sid:84514581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651480)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651480/; classtype:trojan-activity;sid:84514580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651479)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651479/; classtype:trojan-activity;sid:84514579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651477/; classtype:trojan-activity;sid:84514577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651476/; classtype:trojan-activity;sid:84514576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651475)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651475/; classtype:trojan-activity;sid:84514575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651443)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.rem0925.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651443/; classtype:trojan-activity;sid:84514543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651440)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.rem0925.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651440/; classtype:trojan-activity;sid:84514540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651438)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.rem0925.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651438/; classtype:trojan-activity;sid:84514538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651304)"; flow:established,from_client; content:"GET"; http_method; content:"/download/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.104.31.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651304/; classtype:trojan-activity;sid:84514404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651299/; classtype:trojan-activity;sid:84514399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651271)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoorbak.sct"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"101.43.22.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651271/; classtype:trojan-activity;sid:84514371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651258)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp_windows_i386.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"38.162.112.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651258/; classtype:trojan-activity;sid:84514358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651237)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651237/; classtype:trojan-activity;sid:84514337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651236)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/2052/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651236/; classtype:trojan-activity;sid:84514336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651235)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651235/; classtype:trojan-activity;sid:84514335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651234)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651234/; classtype:trojan-activity;sid:84514334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651232)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651232/; classtype:trojan-activity;sid:84514332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651233)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651233/; classtype:trojan-activity;sid:84514333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651231)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/remoteblobstore/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651231/; classtype:trojan-activity;sid:84514331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651230)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651230/; classtype:trojan-activity;sid:84514330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651229)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651229/; classtype:trojan-activity;sid:84514329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651228)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651228/; classtype:trojan-activity;sid:84514328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651227)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"145.249.186.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651227/; classtype:trojan-activity;sid:84514327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651226)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651226/; classtype:trojan-activity;sid:84514326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651225)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651225/; classtype:trojan-activity;sid:84514325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651224)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651224/; classtype:trojan-activity;sid:84514324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651223)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651223/; classtype:trojan-activity;sid:84514323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651222)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651222/; classtype:trojan-activity;sid:84514322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651221)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651221/; classtype:trojan-activity;sid:84514321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651220)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651220/; classtype:trojan-activity;sid:84514320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651219)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651219/; classtype:trojan-activity;sid:84514319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651218)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651218/; classtype:trojan-activity;sid:84514318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651217)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651217/; classtype:trojan-activity;sid:84514317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651216)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651216/; classtype:trojan-activity;sid:84514316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651215)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651215/; classtype:trojan-activity;sid:84514315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651214)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651214/; classtype:trojan-activity;sid:84514314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651213)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651213/; classtype:trojan-activity;sid:84514313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651212)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651212/; classtype:trojan-activity;sid:84514312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651211)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651211/; classtype:trojan-activity;sid:84514311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651210)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651210/; classtype:trojan-activity;sid:84514310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651209)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651209/; classtype:trojan-activity;sid:84514309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651208)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651208/; classtype:trojan-activity;sid:84514308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651206)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651206/; classtype:trojan-activity;sid:84514306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651207)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651207/; classtype:trojan-activity;sid:84514307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651205)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651205/; classtype:trojan-activity;sid:84514305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651204)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651204/; classtype:trojan-activity;sid:84514304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651203)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651203/; classtype:trojan-activity;sid:84514303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651202)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651202/; classtype:trojan-activity;sid:84514302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651200)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651200/; classtype:trojan-activity;sid:84514300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651199)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651199/; classtype:trojan-activity;sid:84514299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651198)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651198/; classtype:trojan-activity;sid:84514298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651196/; classtype:trojan-activity;sid:84514296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651197)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651197/; classtype:trojan-activity;sid:84514297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566431/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651195/; classtype:trojan-activity;sid:84514295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651192/; classtype:trojan-activity;sid:84514292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651193)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651193/; classtype:trojan-activity;sid:84514293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651190)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651190/; classtype:trojan-activity;sid:84514290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651188/; classtype:trojan-activity;sid:84514288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651189)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651189/; classtype:trojan-activity;sid:84514289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651187)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651187/; classtype:trojan-activity;sid:84514287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651186)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651186/; classtype:trojan-activity;sid:84514286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651184)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651184/; classtype:trojan-activity;sid:84514284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651181)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651181/; classtype:trojan-activity;sid:84514281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651182)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651182/; classtype:trojan-activity;sid:84514282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225745/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651183/; classtype:trojan-activity;sid:84514283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651178)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651178/; classtype:trojan-activity;sid:84514278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651179)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651179/; classtype:trojan-activity;sid:84514279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651175)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651175/; classtype:trojan-activity;sid:84514275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651176)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651176/; classtype:trojan-activity;sid:84514276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651172)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651172/; classtype:trojan-activity;sid:84514272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651171/; classtype:trojan-activity;sid:84514271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651170)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/saomiao/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651170/; classtype:trojan-activity;sid:84514270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651168/; classtype:trojan-activity;sid:84514268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651169/; classtype:trojan-activity;sid:84514269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171472/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651167/; classtype:trojan-activity;sid:84514267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651165/; classtype:trojan-activity;sid:84514265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651163)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651163/; classtype:trojan-activity;sid:84514263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651162)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/watson/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651162/; classtype:trojan-activity;sid:84514262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651158)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651158/; classtype:trojan-activity;sid:84514258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651159/; classtype:trojan-activity;sid:84514259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651156/; classtype:trojan-activity;sid:84514256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651157)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651157/; classtype:trojan-activity;sid:84514257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651155/; classtype:trojan-activity;sid:84514255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165772/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651151/; classtype:trojan-activity;sid:84514251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651149/; classtype:trojan-activity;sid:84514249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-03-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651150/; classtype:trojan-activity;sid:84514250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651146)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651146/; classtype:trojan-activity;sid:84514246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651147)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651147/; classtype:trojan-activity;sid:84514247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651145)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/demo/helpers/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651145/; classtype:trojan-activity;sid:84514245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651144)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651144/; classtype:trojan-activity;sid:84514244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170922/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651139/; classtype:trojan-activity;sid:84514239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651142/; classtype:trojan-activity;sid:84514242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651137)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651137/; classtype:trojan-activity;sid:84514237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651135/; classtype:trojan-activity;sid:84514235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171064/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651136/; classtype:trojan-activity;sid:84514236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651126)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.105.18.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651126/; classtype:trojan-activity;sid:84514226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651128)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651128/; classtype:trojan-activity;sid:84514228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651129)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651129/; classtype:trojan-activity;sid:84514229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651130)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/3082/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651130/; classtype:trojan-activity;sid:84514230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651131)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651131/; classtype:trojan-activity;sid:84514231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651132)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651132/; classtype:trojan-activity;sid:84514232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603095/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651125/; classtype:trojan-activity;sid:84514225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651124)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651124/; classtype:trojan-activity;sid:84514224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651120)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651120/; classtype:trojan-activity;sid:84514220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651115)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651115/; classtype:trojan-activity;sid:84514215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651116)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/2052/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651116/; classtype:trojan-activity;sid:84514216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651114)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651114/; classtype:trojan-activity;sid:84514214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651113)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651113/; classtype:trojan-activity;sid:84514213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651111)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651111/; classtype:trojan-activity;sid:84514211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651109)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651109/; classtype:trojan-activity;sid:84514209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651108)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651108/; classtype:trojan-activity;sid:84514208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651107)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651107/; classtype:trojan-activity;sid:84514207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651106/; classtype:trojan-activity;sid:84514206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651105)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/images/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651105/; classtype:trojan-activity;sid:84514205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651104)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651104/; classtype:trojan-activity;sid:84514204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651102)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651102/; classtype:trojan-activity;sid:84514202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651103)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651103/; classtype:trojan-activity;sid:84514203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651097)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651097/; classtype:trojan-activity;sid:84514197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651098/; classtype:trojan-activity;sid:84514198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171016/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651095/; classtype:trojan-activity;sid:84514195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651096/; classtype:trojan-activity;sid:84514196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651092/; classtype:trojan-activity;sid:84514192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000253230/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651090/; classtype:trojan-activity;sid:84514190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171252/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651088/; classtype:trojan-activity;sid:84514188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651084)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651084/; classtype:trojan-activity;sid:84514184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651082)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.39.111.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651082/; classtype:trojan-activity;sid:84514182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000189793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651078/; classtype:trojan-activity;sid:84514178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651079/; classtype:trojan-activity;sid:84514179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651076)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651076/; classtype:trojan-activity;sid:84514176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651077/; classtype:trojan-activity;sid:84514177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651075)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651075/; classtype:trojan-activity;sid:84514175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604320/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651071/; classtype:trojan-activity;sid:84514171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651067/; classtype:trojan-activity;sid:84514167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-05-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651061/; classtype:trojan-activity;sid:84514161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651056/; classtype:trojan-activity;sid:84514156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651055)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651055/; classtype:trojan-activity;sid:84514155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651054)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651054/; classtype:trojan-activity;sid:84514154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651053)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651053/; classtype:trojan-activity;sid:84514153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651051)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651051/; classtype:trojan-activity;sid:84514151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651049)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651049/; classtype:trojan-activity;sid:84514149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651048)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651048/; classtype:trojan-activity;sid:84514148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651047)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651047/; classtype:trojan-activity;sid:84514147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651046)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651046/; classtype:trojan-activity;sid:84514146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651045)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651045/; classtype:trojan-activity;sid:84514145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651044/; classtype:trojan-activity;sid:84514144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651043)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651043/; classtype:trojan-activity;sid:84514143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651041/; classtype:trojan-activity;sid:84514141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651038)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651038/; classtype:trojan-activity;sid:84514138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651039)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651039/; classtype:trojan-activity;sid:84514139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651037/; classtype:trojan-activity;sid:84514137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651036)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651036/; classtype:trojan-activity;sid:84514136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651035)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651035/; classtype:trojan-activity;sid:84514135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651034)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651034/; classtype:trojan-activity;sid:84514134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651032/; classtype:trojan-activity;sid:84514132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651031/; classtype:trojan-activity;sid:84514131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651030)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651030/; classtype:trojan-activity;sid:84514130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651029)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651029/; classtype:trojan-activity;sid:84514129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651028/; classtype:trojan-activity;sid:84514128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651027)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651027/; classtype:trojan-activity;sid:84514127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651025)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651025/; classtype:trojan-activity;sid:84514125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651024)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651024/; classtype:trojan-activity;sid:84514124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651022/; classtype:trojan-activity;sid:84514122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651021)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia-kancha/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651021/; classtype:trojan-activity;sid:84514121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651020/; classtype:trojan-activity;sid:84514120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651019)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651019/; classtype:trojan-activity;sid:84514119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651017)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651017/; classtype:trojan-activity;sid:84514117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000186186/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651016/; classtype:trojan-activity;sid:84514116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164262/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651012/; classtype:trojan-activity;sid:84514112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651013)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651013/; classtype:trojan-activity;sid:84514113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651014/; classtype:trojan-activity;sid:84514114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651015/; classtype:trojan-activity;sid:84514115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651011/; classtype:trojan-activity;sid:84514111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651009)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651009/; classtype:trojan-activity;sid:84514109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651006/; classtype:trojan-activity;sid:84514106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651007)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651007/; classtype:trojan-activity;sid:84514107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651004)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651004/; classtype:trojan-activity;sid:84514104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651003)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651003/; classtype:trojan-activity;sid:84514103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651000)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651000/; classtype:trojan-activity;sid:84514100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650999/; classtype:trojan-activity;sid:84514099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168881/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650998/; classtype:trojan-activity;sid:84514098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650996)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650996/; classtype:trojan-activity;sid:84514096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650997)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650997/; classtype:trojan-activity;sid:84514097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602407/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650995/; classtype:trojan-activity;sid:84514095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000626337/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650993/; classtype:trojan-activity;sid:84514093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650994)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.248.186.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650994/; classtype:trojan-activity;sid:84514094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650991/; classtype:trojan-activity;sid:84514091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650989)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650989/; classtype:trojan-activity;sid:84514089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650990)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650990/; classtype:trojan-activity;sid:84514090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650987)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650987/; classtype:trojan-activity;sid:84514087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000565438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650986/; classtype:trojan-activity;sid:84514086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650985)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650985/; classtype:trojan-activity;sid:84514085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650984)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650984/; classtype:trojan-activity;sid:84514084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650983)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/tools/binn/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650983/; classtype:trojan-activity;sid:84514083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650982)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650982/; classtype:trojan-activity;sid:84514082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650980)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650980/; classtype:trojan-activity;sid:84514080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-06-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650978/; classtype:trojan-activity;sid:84514078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650975)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650975/; classtype:trojan-activity;sid:84514075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650974)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/ia64/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650974/; classtype:trojan-activity;sid:84514074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650972)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650972/; classtype:trojan-activity;sid:84514072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650971)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650971/; classtype:trojan-activity;sid:84514071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650970)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650970/; classtype:trojan-activity;sid:84514070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000619269/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650968/; classtype:trojan-activity;sid:84514068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650967)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650967/; classtype:trojan-activity;sid:84514067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650966)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650966/; classtype:trojan-activity;sid:84514066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650965)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.15.210.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650965/; classtype:trojan-activity;sid:84514065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169465/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650963/; classtype:trojan-activity;sid:84514063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650961/; classtype:trojan-activity;sid:84514061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650962)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650962/; classtype:trojan-activity;sid:84514062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160983/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650959/; classtype:trojan-activity;sid:84514059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179610/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650958/; classtype:trojan-activity;sid:84514058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650956)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650956/; classtype:trojan-activity;sid:84514056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165004/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650955/; classtype:trojan-activity;sid:84514055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650954)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650954/; classtype:trojan-activity;sid:84514054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650951)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650951/; classtype:trojan-activity;sid:84514051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650950)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650950/; classtype:trojan-activity;sid:84514050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650948)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650948/; classtype:trojan-activity;sid:84514048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650949/; classtype:trojan-activity;sid:84514049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650947)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650947/; classtype:trojan-activity;sid:84514047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-12-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650945/; classtype:trojan-activity;sid:84514045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650946)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650946/; classtype:trojan-activity;sid:84514046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650944)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650944/; classtype:trojan-activity;sid:84514044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650943/; classtype:trojan-activity;sid:84514043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650942)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650942/; classtype:trojan-activity;sid:84514042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650941)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650941/; classtype:trojan-activity;sid:84514041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000589083/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650940/; classtype:trojan-activity;sid:84514040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169469/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650939/; classtype:trojan-activity;sid:84514039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650938)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650938/; classtype:trojan-activity;sid:84514038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650937)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650937/; classtype:trojan-activity;sid:84514037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650936)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650936/; classtype:trojan-activity;sid:84514036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167445/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650934/; classtype:trojan-activity;sid:84514034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650932)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650932/; classtype:trojan-activity;sid:84514032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650930)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650930/; classtype:trojan-activity;sid:84514030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650931)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650931/; classtype:trojan-activity;sid:84514031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000608221/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650928/; classtype:trojan-activity;sid:84514028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650926)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650926/; classtype:trojan-activity;sid:84514026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650925)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650925/; classtype:trojan-activity;sid:84514025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168559/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650924/; classtype:trojan-activity;sid:84514024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650922)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650922/; classtype:trojan-activity;sid:84514022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650919)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650919/; classtype:trojan-activity;sid:84514019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650916)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650916/; classtype:trojan-activity;sid:84514016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650917)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650917/; classtype:trojan-activity;sid:84514017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000767154/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650915/; classtype:trojan-activity;sid:84514015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650914)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"90.194.127.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650914/; classtype:trojan-activity;sid:84514014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169966/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650912/; classtype:trojan-activity;sid:84514012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650913/; classtype:trojan-activity;sid:84514013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650909/; classtype:trojan-activity;sid:84514009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650910)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650910/; classtype:trojan-activity;sid:84514010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650906)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650906/; classtype:trojan-activity;sid:84514006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625892/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650902/; classtype:trojan-activity;sid:84514002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650903/; classtype:trojan-activity;sid:84514003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650904/; classtype:trojan-activity;sid:84514004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/app_error/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650900/; classtype:trojan-activity;sid:84514000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650897/; classtype:trojan-activity;sid:84513997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650898)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650898/; classtype:trojan-activity;sid:84513998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650896)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650896/; classtype:trojan-activity;sid:84513996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650892)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650892/; classtype:trojan-activity;sid:84513992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650891)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.38.217.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650891/; classtype:trojan-activity;sid:84513991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650889)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650889/; classtype:trojan-activity;sid:84513989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650888)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/js/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650888/; classtype:trojan-activity;sid:84513988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650887/; classtype:trojan-activity;sid:84513987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650884/; classtype:trojan-activity;sid:84513984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650885)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650885/; classtype:trojan-activity;sid:84513985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171986/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650886/; classtype:trojan-activity;sid:84513986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650880/; classtype:trojan-activity;sid:84513980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765366/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650881/; classtype:trojan-activity;sid:84513981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650882)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650882/; classtype:trojan-activity;sid:84513982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650874)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650874/; classtype:trojan-activity;sid:84513974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650873)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650873/; classtype:trojan-activity;sid:84513973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650871)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650871/; classtype:trojan-activity;sid:84513971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650872)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650872/; classtype:trojan-activity;sid:84513972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604319/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650870/; classtype:trojan-activity;sid:84513970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650869/; classtype:trojan-activity;sid:84513969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171330/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650868/; classtype:trojan-activity;sid:84513968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650866)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/windows%20installer/ia64/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650866/; classtype:trojan-activity;sid:84513966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650864)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650864/; classtype:trojan-activity;sid:84513964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650863/; classtype:trojan-activity;sid:84513963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650862/; classtype:trojan-activity;sid:84513962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650861)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650861/; classtype:trojan-activity;sid:84513961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650860)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650860/; classtype:trojan-activity;sid:84513960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650859/; classtype:trojan-activity;sid:84513959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650857)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.64.40.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650857/; classtype:trojan-activity;sid:84513957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621738/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650856/; classtype:trojan-activity;sid:84513956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650855/; classtype:trojan-activity;sid:84513955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650853)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650853/; classtype:trojan-activity;sid:84513953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650851)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650851/; classtype:trojan-activity;sid:84513951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650852)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650852/; classtype:trojan-activity;sid:84513952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650849)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/x64/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650849/; classtype:trojan-activity;sid:84513949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168303/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650850/; classtype:trojan-activity;sid:84513950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650846)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650846/; classtype:trojan-activity;sid:84513946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650843)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650843/; classtype:trojan-activity;sid:84513943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650844)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650844/; classtype:trojan-activity;sid:84513944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650841/; classtype:trojan-activity;sid:84513941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650842)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650842/; classtype:trojan-activity;sid:84513942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650837)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650837/; classtype:trojan-activity;sid:84513937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650835)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650835/; classtype:trojan-activity;sid:84513935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650830/; classtype:trojan-activity;sid:84513930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650831/; classtype:trojan-activity;sid:84513931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650829)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650829/; classtype:trojan-activity;sid:84513929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650827)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650827/; classtype:trojan-activity;sid:84513927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650828/; classtype:trojan-activity;sid:84513928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650825)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650825/; classtype:trojan-activity;sid:84513925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650826)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650826/; classtype:trojan-activity;sid:84513926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650824/; classtype:trojan-activity;sid:84513924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650823/; classtype:trojan-activity;sid:84513923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-04-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650821/; classtype:trojan-activity;sid:84513921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650822)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650822/; classtype:trojan-activity;sid:84513922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000391039/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650820/; classtype:trojan-activity;sid:84513920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650817)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650817/; classtype:trojan-activity;sid:84513917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000574637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650818/; classtype:trojan-activity;sid:84513918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650814)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650814/; classtype:trojan-activity;sid:84513914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650815)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650815/; classtype:trojan-activity;sid:84513915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650812)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650812/; classtype:trojan-activity;sid:84513912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650810)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650810/; classtype:trojan-activity;sid:84513910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650808/; classtype:trojan-activity;sid:84513908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650809)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650809/; classtype:trojan-activity;sid:84513909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650805)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650805/; classtype:trojan-activity;sid:84513905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650806/; classtype:trojan-activity;sid:84513906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650807)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650807/; classtype:trojan-activity;sid:84513907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650804)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650804/; classtype:trojan-activity;sid:84513904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650800)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/upgrade%20advisor/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650800/; classtype:trojan-activity;sid:84513900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650801/; classtype:trojan-activity;sid:84513901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650802)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650802/; classtype:trojan-activity;sid:84513902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650803)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650803/; classtype:trojan-activity;sid:84513903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650796)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650796/; classtype:trojan-activity;sid:84513896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650797)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650797/; classtype:trojan-activity;sid:84513897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650793)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650793/; classtype:trojan-activity;sid:84513893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650794)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650794/; classtype:trojan-activity;sid:84513894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601712/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650791/; classtype:trojan-activity;sid:84513891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650792)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650792/; classtype:trojan-activity;sid:84513892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650789)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650789/; classtype:trojan-activity;sid:84513889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650787)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650787/; classtype:trojan-activity;sid:84513887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.67.9.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650785/; classtype:trojan-activity;sid:84513885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650783/; classtype:trojan-activity;sid:84513883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.67.9.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650784/; classtype:trojan-activity;sid:84513884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650782/; classtype:trojan-activity;sid:84513882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650781/; classtype:trojan-activity;sid:84513881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650777)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650777/; classtype:trojan-activity;sid:84513877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650778)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650778/; classtype:trojan-activity;sid:84513878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650779/; classtype:trojan-activity;sid:84513879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650776)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650776/; classtype:trojan-activity;sid:84513876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650774)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650774/; classtype:trojan-activity;sid:84513874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650775)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/windows%20installer/x64/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650775/; classtype:trojan-activity;sid:84513875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650773)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650773/; classtype:trojan-activity;sid:84513873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650772)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650772/; classtype:trojan-activity;sid:84513872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650770/; classtype:trojan-activity;sid:84513870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650771)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650771/; classtype:trojan-activity;sid:84513871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650769)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650769/; classtype:trojan-activity;sid:84513869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650767)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650767/; classtype:trojan-activity;sid:84513867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650768/; classtype:trojan-activity;sid:84513868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650765)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650765/; classtype:trojan-activity;sid:84513865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650763)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650763/; classtype:trojan-activity;sid:84513863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650760)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650760/; classtype:trojan-activity;sid:84513860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650758/; classtype:trojan-activity;sid:84513858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650756)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/watson/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650756/; classtype:trojan-activity;sid:84513856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650753/; classtype:trojan-activity;sid:84513853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650754)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/x64/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650754/; classtype:trojan-activity;sid:84513854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650755)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650755/; classtype:trojan-activity;sid:84513855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650751/; classtype:trojan-activity;sid:84513851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650752)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650752/; classtype:trojan-activity;sid:84513852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650750)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/sdk/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650750/; classtype:trojan-activity;sid:84513850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650749)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650749/; classtype:trojan-activity;sid:84513849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650747)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650747/; classtype:trojan-activity;sid:84513847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000631756/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650748/; classtype:trojan-activity;sid:84513848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650745)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.146.57.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650745/; classtype:trojan-activity;sid:84513845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-04-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650746/; classtype:trojan-activity;sid:84513846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167557/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650744/; classtype:trojan-activity;sid:84513844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650743)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650743/; classtype:trojan-activity;sid:84513843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650741/; classtype:trojan-activity;sid:84513841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650740)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650740/; classtype:trojan-activity;sid:84513840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650737)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650737/; classtype:trojan-activity;sid:84513837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650738)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650738/; classtype:trojan-activity;sid:84513838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-07-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650739/; classtype:trojan-activity;sid:84513839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650735/; classtype:trojan-activity;sid:84513835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650736)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650736/; classtype:trojan-activity;sid:84513836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650733)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650733/; classtype:trojan-activity;sid:84513833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650734)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/zh-chs/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650734/; classtype:trojan-activity;sid:84513834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650731/; classtype:trojan-activity;sid:84513831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-05-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650730/; classtype:trojan-activity;sid:84513830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650727)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650727/; classtype:trojan-activity;sid:84513827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650728)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/x86/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650728/; classtype:trojan-activity;sid:84513828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000607873/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650729/; classtype:trojan-activity;sid:84513829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166887/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650726/; classtype:trojan-activity;sid:84513826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650723)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650723/; classtype:trojan-activity;sid:84513823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650722)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650722/; classtype:trojan-activity;sid:84513822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162883/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650720/; classtype:trojan-activity;sid:84513820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680913/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650719/; classtype:trojan-activity;sid:84513819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650718/; classtype:trojan-activity;sid:84513818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650713)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650713/; classtype:trojan-activity;sid:84513813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650714/; classtype:trojan-activity;sid:84513814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650715)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650715/; classtype:trojan-activity;sid:84513815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167443/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650712/; classtype:trojan-activity;sid:84513812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650711)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650711/; classtype:trojan-activity;sid:84513811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650709)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650709/; classtype:trojan-activity;sid:84513809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650708/; classtype:trojan-activity;sid:84513808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650706)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650706/; classtype:trojan-activity;sid:84513806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650707)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/2052/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650707/; classtype:trojan-activity;sid:84513807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650703/; classtype:trojan-activity;sid:84513803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-01-14/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650701/; classtype:trojan-activity;sid:84513801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650702)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650702/; classtype:trojan-activity;sid:84513802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650700)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650700/; classtype:trojan-activity;sid:84513800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650697)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650697/; classtype:trojan-activity;sid:84513797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650696)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650696/; classtype:trojan-activity;sid:84513796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650694)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650694/; classtype:trojan-activity;sid:84513794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166105/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650693/; classtype:trojan-activity;sid:84513793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650692)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650692/; classtype:trojan-activity;sid:84513792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650691)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650691/; classtype:trojan-activity;sid:84513791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650690/; classtype:trojan-activity;sid:84513790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650688)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650688/; classtype:trojan-activity;sid:84513788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650689/; classtype:trojan-activity;sid:84513789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-10-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650686/; classtype:trojan-activity;sid:84513786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650687)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650687/; classtype:trojan-activity;sid:84513787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650685)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650685/; classtype:trojan-activity;sid:84513785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165072/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650683/; classtype:trojan-activity;sid:84513783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650684)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650684/; classtype:trojan-activity;sid:84513784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650682)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.216.198.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650682/; classtype:trojan-activity;sid:84513782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000457040/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650678/; classtype:trojan-activity;sid:84513778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650679)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650679/; classtype:trojan-activity;sid:84513779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000218874/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650676/; classtype:trojan-activity;sid:84513776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650673)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650673/; classtype:trojan-activity;sid:84513773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650674)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650674/; classtype:trojan-activity;sid:84513774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650675)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650675/; classtype:trojan-activity;sid:84513775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650672)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650672/; classtype:trojan-activity;sid:84513772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650671/; classtype:trojan-activity;sid:84513771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650670)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650670/; classtype:trojan-activity;sid:84513770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171556/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650667/; classtype:trojan-activity;sid:84513767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224647/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650664/; classtype:trojan-activity;sid:84513764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165656/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650665/; classtype:trojan-activity;sid:84513765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650662)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650662/; classtype:trojan-activity;sid:84513762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650663)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650663/; classtype:trojan-activity;sid:84513763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650659/; classtype:trojan-activity;sid:84513759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650657)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650657/; classtype:trojan-activity;sid:84513757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650655/; classtype:trojan-activity;sid:84513755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650654)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/images/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650654/; classtype:trojan-activity;sid:84513754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650653/; classtype:trojan-activity;sid:84513753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650650/; classtype:trojan-activity;sid:84513750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650652/; classtype:trojan-activity;sid:84513752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171224/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650649/; classtype:trojan-activity;sid:84513749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650647)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650647/; classtype:trojan-activity;sid:84513747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650645)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650645/; classtype:trojan-activity;sid:84513745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650646)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650646/; classtype:trojan-activity;sid:84513746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650644)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650644/; classtype:trojan-activity;sid:84513744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650643)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650643/; classtype:trojan-activity;sid:84513743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650642)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650642/; classtype:trojan-activity;sid:84513742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650641)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650641/; classtype:trojan-activity;sid:84513741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000187451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650640/; classtype:trojan-activity;sid:84513740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650638/; classtype:trojan-activity;sid:84513738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650639)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650639/; classtype:trojan-activity;sid:84513739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650636)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650636/; classtype:trojan-activity;sid:84513736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650637)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650637/; classtype:trojan-activity;sid:84513737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650633/; classtype:trojan-activity;sid:84513733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650632)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650632/; classtype:trojan-activity;sid:84513732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650631/; classtype:trojan-activity;sid:84513731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650629)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650629/; classtype:trojan-activity;sid:84513729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650630)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650630/; classtype:trojan-activity;sid:84513730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650624)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.213.164.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650624/; classtype:trojan-activity;sid:84513724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650626)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650626/; classtype:trojan-activity;sid:84513726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171296/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650622/; classtype:trojan-activity;sid:84513722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650619)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650619/; classtype:trojan-activity;sid:84513719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650620)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650620/; classtype:trojan-activity;sid:84513720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650618)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650618/; classtype:trojan-activity;sid:84513718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650617/; classtype:trojan-activity;sid:84513717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650616)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650616/; classtype:trojan-activity;sid:84513716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650615)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650615/; classtype:trojan-activity;sid:84513715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650614)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cpe90-146-57-238.liwest.at"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650614/; classtype:trojan-activity;sid:84513714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650611/; classtype:trojan-activity;sid:84513711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650612/; classtype:trojan-activity;sid:84513712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650610)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650610/; classtype:trojan-activity;sid:84513710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650609/; classtype:trojan-activity;sid:84513709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650608)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/gac_32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650608/; classtype:trojan-activity;sid:84513708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650607)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650607/; classtype:trojan-activity;sid:84513707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650606)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650606/; classtype:trojan-activity;sid:84513706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650605)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/querypr/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650605/; classtype:trojan-activity;sid:84513705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650604)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650604/; classtype:trojan-activity;sid:84513704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-06-19/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650600/; classtype:trojan-activity;sid:84513700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650601)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650601/; classtype:trojan-activity;sid:84513701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650598/; classtype:trojan-activity;sid:84513698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650596/; classtype:trojan-activity;sid:84513696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650597/; classtype:trojan-activity;sid:84513697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650595/; classtype:trojan-activity;sid:84513695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650593/; classtype:trojan-activity;sid:84513693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650594/; classtype:trojan-activity;sid:84513694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650592)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650592/; classtype:trojan-activity;sid:84513692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650588)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650588/; classtype:trojan-activity;sid:84513688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650590/; classtype:trojan-activity;sid:84513690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650585/; classtype:trojan-activity;sid:84513685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650586/; classtype:trojan-activity;sid:84513686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585436/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650575/; classtype:trojan-activity;sid:84513675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650576)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650576/; classtype:trojan-activity;sid:84513676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650580)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"115.96.25.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650580/; classtype:trojan-activity;sid:84513680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650581)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650581/; classtype:trojan-activity;sid:84513681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650571)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650571/; classtype:trojan-activity;sid:84513671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171288/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650573/; classtype:trojan-activity;sid:84513673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650570)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.224.205.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650570/; classtype:trojan-activity;sid:84513670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000176793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650568/; classtype:trojan-activity;sid:84513668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213545/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650569/; classtype:trojan-activity;sid:84513669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650566)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650566/; classtype:trojan-activity;sid:84513666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650567)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650567/; classtype:trojan-activity;sid:84513667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650565/; classtype:trojan-activity;sid:84513665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650563/; classtype:trojan-activity;sid:84513663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650564)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650564/; classtype:trojan-activity;sid:84513664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650562)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650562/; classtype:trojan-activity;sid:84513662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650560)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650560/; classtype:trojan-activity;sid:84513660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167437/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650561/; classtype:trojan-activity;sid:84513661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650558/; classtype:trojan-activity;sid:84513658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650559)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650559/; classtype:trojan-activity;sid:84513659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606633/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650554/; classtype:trojan-activity;sid:84513654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650555)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650555/; classtype:trojan-activity;sid:84513655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650552)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650552/; classtype:trojan-activity;sid:84513652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650553)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650553/; classtype:trojan-activity;sid:84513653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167071/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650551/; classtype:trojan-activity;sid:84513651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650550/; classtype:trojan-activity;sid:84513650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172576/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650549/; classtype:trojan-activity;sid:84513649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650548)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650548/; classtype:trojan-activity;sid:84513648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650546/; classtype:trojan-activity;sid:84513646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650544)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650544/; classtype:trojan-activity;sid:84513644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650545)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650545/; classtype:trojan-activity;sid:84513645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650543)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/2052/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650543/; classtype:trojan-activity;sid:84513643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650542/; classtype:trojan-activity;sid:84513642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650541/; classtype:trojan-activity;sid:84513641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650539)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650539/; classtype:trojan-activity;sid:84513639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650540)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/1033/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650540/; classtype:trojan-activity;sid:84513640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-10-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650535/; classtype:trojan-activity;sid:84513635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650532)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650532/; classtype:trojan-activity;sid:84513632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650531)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/images/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650531/; classtype:trojan-activity;sid:84513631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650530)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650530/; classtype:trojan-activity;sid:84513630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171304/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650529/; classtype:trojan-activity;sid:84513629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650527)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650527/; classtype:trojan-activity;sid:84513627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650528/; classtype:trojan-activity;sid:84513628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650526/; classtype:trojan-activity;sid:84513626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650525)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650525/; classtype:trojan-activity;sid:84513625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650520/; classtype:trojan-activity;sid:84513620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650521/; classtype:trojan-activity;sid:84513621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650518/; classtype:trojan-activity;sid:84513618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650519/; classtype:trojan-activity;sid:84513619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-02-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650516/; classtype:trojan-activity;sid:84513616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650515/; classtype:trojan-activity;sid:84513615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-11-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650513/; classtype:trojan-activity;sid:84513613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166971/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650512/; classtype:trojan-activity;sid:84513612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164808/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650508/; classtype:trojan-activity;sid:84513608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650507/; classtype:trojan-activity;sid:84513607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650503/; classtype:trojan-activity;sid:84513603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170482/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650504/; classtype:trojan-activity;sid:84513604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165644/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650506/; classtype:trojan-activity;sid:84513606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264706/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650493/; classtype:trojan-activity;sid:84513593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562134/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650494/; classtype:trojan-activity;sid:84513594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680914/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650498/; classtype:trojan-activity;sid:84513598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650499/; classtype:trojan-activity;sid:84513599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650500/; classtype:trojan-activity;sid:84513600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650502/; classtype:trojan-activity;sid:84513602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650492)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650492/; classtype:trojan-activity;sid:84513592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650490)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650490/; classtype:trojan-activity;sid:84513590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-28/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650491/; classtype:trojan-activity;sid:84513591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650489)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650489/; classtype:trojan-activity;sid:84513589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650487/; classtype:trojan-activity;sid:84513587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650486)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650486/; classtype:trojan-activity;sid:84513586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165020/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650482/; classtype:trojan-activity;sid:84513582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650483/; classtype:trojan-activity;sid:84513583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650481)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650481/; classtype:trojan-activity;sid:84513581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171284/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650480/; classtype:trojan-activity;sid:84513580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650478)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650478/; classtype:trojan-activity;sid:84513578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650477)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650477/; classtype:trojan-activity;sid:84513577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650475)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650475/; classtype:trojan-activity;sid:84513575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650476/; classtype:trojan-activity;sid:84513576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650473)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650473/; classtype:trojan-activity;sid:84513573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604651/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650472/; classtype:trojan-activity;sid:84513572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650471)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650471/; classtype:trojan-activity;sid:84513571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650469)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650469/; classtype:trojan-activity;sid:84513569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650468/; classtype:trojan-activity;sid:84513568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650467/; classtype:trojan-activity;sid:84513567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166079/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650465/; classtype:trojan-activity;sid:84513565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650463)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650463/; classtype:trojan-activity;sid:84513563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650464)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650464/; classtype:trojan-activity;sid:84513564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650461/; classtype:trojan-activity;sid:84513561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650460)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650460/; classtype:trojan-activity;sid:84513560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650458)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650458/; classtype:trojan-activity;sid:84513558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650459)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650459/; classtype:trojan-activity;sid:84513559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650457/; classtype:trojan-activity;sid:84513557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650455)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/watson/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650455/; classtype:trojan-activity;sid:84513555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-01-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650454/; classtype:trojan-activity;sid:84513554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000159804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650450/; classtype:trojan-activity;sid:84513550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650451)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650451/; classtype:trojan-activity;sid:84513551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650449)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650449/; classtype:trojan-activity;sid:84513549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650446)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650446/; classtype:trojan-activity;sid:84513546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650447/; classtype:trojan-activity;sid:84513547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650443/; classtype:trojan-activity;sid:84513543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650444/; classtype:trojan-activity;sid:84513544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650441/; classtype:trojan-activity;sid:84513541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650440)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/demo/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650440/; classtype:trojan-activity;sid:84513540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170516/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650439/; classtype:trojan-activity;sid:84513539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650438)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650438/; classtype:trojan-activity;sid:84513538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650434)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650434/; classtype:trojan-activity;sid:84513534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000163666/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650431/; classtype:trojan-activity;sid:84513531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650432)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650432/; classtype:trojan-activity;sid:84513532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650433)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650433/; classtype:trojan-activity;sid:84513533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650428)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650428/; classtype:trojan-activity;sid:84513528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650429/; classtype:trojan-activity;sid:84513529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601753/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650430/; classtype:trojan-activity;sid:84513530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650426)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650426/; classtype:trojan-activity;sid:84513526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650424)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650424/; classtype:trojan-activity;sid:84513524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650425)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/remoteblobstore/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650425/; classtype:trojan-activity;sid:84513525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629919/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650423/; classtype:trojan-activity;sid:84513523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650420)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650420/; classtype:trojan-activity;sid:84513520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650421)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650421/; classtype:trojan-activity;sid:84513521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000263120/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650422/; classtype:trojan-activity;sid:84513522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650418)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650418/; classtype:trojan-activity;sid:84513518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650415/; classtype:trojan-activity;sid:84513515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650416)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650416/; classtype:trojan-activity;sid:84513516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237372/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650412/; classtype:trojan-activity;sid:84513512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650413)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650413/; classtype:trojan-activity;sid:84513513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650410)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650410/; classtype:trojan-activity;sid:84513510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650408)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650408/; classtype:trojan-activity;sid:84513508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650406)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650406/; classtype:trojan-activity;sid:84513506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650407)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650407/; classtype:trojan-activity;sid:84513507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650405)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650405/; classtype:trojan-activity;sid:84513505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650404)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650404/; classtype:trojan-activity;sid:84513504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650402)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650402/; classtype:trojan-activity;sid:84513502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650400/; classtype:trojan-activity;sid:84513500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650399)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650399/; classtype:trojan-activity;sid:84513499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650395)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650395/; classtype:trojan-activity;sid:84513495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650396/; classtype:trojan-activity;sid:84513496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650393)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/css/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650393/; classtype:trojan-activity;sid:84513493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650392)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650392/; classtype:trojan-activity;sid:84513492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555505/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650390/; classtype:trojan-activity;sid:84513490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650389/; classtype:trojan-activity;sid:84513489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-05-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650388/; classtype:trojan-activity;sid:84513488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169865/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650386/; classtype:trojan-activity;sid:84513486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650387/; classtype:trojan-activity;sid:84513487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650383/; classtype:trojan-activity;sid:84513483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650384/; classtype:trojan-activity;sid:84513484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171312/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650381/; classtype:trojan-activity;sid:84513481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650379/; classtype:trojan-activity;sid:84513479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650377)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650377/; classtype:trojan-activity;sid:84513477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169769/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650374/; classtype:trojan-activity;sid:84513474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000573133/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650364/; classtype:trojan-activity;sid:84513464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606636/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650366/; classtype:trojan-activity;sid:84513466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650367)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650367/; classtype:trojan-activity;sid:84513467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650368/; classtype:trojan-activity;sid:84513468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650369)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650369/; classtype:trojan-activity;sid:84513469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650371/; classtype:trojan-activity;sid:84513471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650372)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650372/; classtype:trojan-activity;sid:84513472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650373)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650373/; classtype:trojan-activity;sid:84513473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650362/; classtype:trojan-activity;sid:84513462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650361)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650361/; classtype:trojan-activity;sid:84513461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170378/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650358/; classtype:trojan-activity;sid:84513458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650359)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650359/; classtype:trojan-activity;sid:84513459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650360)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650360/; classtype:trojan-activity;sid:84513460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650351)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650351/; classtype:trojan-activity;sid:84513451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650352/; classtype:trojan-activity;sid:84513452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650350)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650350/; classtype:trojan-activity;sid:84513450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160995/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650348/; classtype:trojan-activity;sid:84513448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650349)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650349/; classtype:trojan-activity;sid:84513449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650346)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlresst/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650346/; classtype:trojan-activity;sid:84513446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650347/; classtype:trojan-activity;sid:84513447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650343)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650343/; classtype:trojan-activity;sid:84513443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650342)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650342/; classtype:trojan-activity;sid:84513442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650341)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650341/; classtype:trojan-activity;sid:84513441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168278/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650337/; classtype:trojan-activity;sid:84513437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170774/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650338/; classtype:trojan-activity;sid:84513438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650339)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650339/; classtype:trojan-activity;sid:84513439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633210/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650340/; classtype:trojan-activity;sid:84513440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650335)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650335/; classtype:trojan-activity;sid:84513435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650330)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650330/; classtype:trojan-activity;sid:84513430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224648/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650331/; classtype:trojan-activity;sid:84513431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650332/; classtype:trojan-activity;sid:84513432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650333)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650333/; classtype:trojan-activity;sid:84513433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650334)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650334/; classtype:trojan-activity;sid:84513434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604442/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650325/; classtype:trojan-activity;sid:84513425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650327/; classtype:trojan-activity;sid:84513427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650328)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650328/; classtype:trojan-activity;sid:84513428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650329)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650329/; classtype:trojan-activity;sid:84513429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650323)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650323/; classtype:trojan-activity;sid:84513423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650324)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650324/; classtype:trojan-activity;sid:84513424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650316)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650316/; classtype:trojan-activity;sid:84513416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650318)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.50.167.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650318/; classtype:trojan-activity;sid:84513418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650319)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650319/; classtype:trojan-activity;sid:84513419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650320)"; flow:established,from_client; content:"GET"; http_method; content:"/github-file-info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"20.243.236.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650320/; classtype:trojan-activity;sid:84513420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650312)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650312/; classtype:trojan-activity;sid:84513412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650313)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/sass/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650313/; classtype:trojan-activity;sid:84513413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650314)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650314/; classtype:trojan-activity;sid:84513414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650315)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650315/; classtype:trojan-activity;sid:84513415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650311)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650311/; classtype:trojan-activity;sid:84513411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650309)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650309/; classtype:trojan-activity;sid:84513409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650310)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650310/; classtype:trojan-activity;sid:84513410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650308)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650308/; classtype:trojan-activity;sid:84513408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650307)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650307/; classtype:trojan-activity;sid:84513407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650306)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650306/; classtype:trojan-activity;sid:84513406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650302)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650302/; classtype:trojan-activity;sid:84513402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650303)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650303/; classtype:trojan-activity;sid:84513403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650299)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650299/; classtype:trojan-activity;sid:84513399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650300/; classtype:trojan-activity;sid:84513400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650301)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650301/; classtype:trojan-activity;sid:84513401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650297)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650297/; classtype:trojan-activity;sid:84513397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650298)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650298/; classtype:trojan-activity;sid:84513398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650295)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650295/; classtype:trojan-activity;sid:84513395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650296)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650296/; classtype:trojan-activity;sid:84513396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650294)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650294/; classtype:trojan-activity;sid:84513394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650290)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650290/; classtype:trojan-activity;sid:84513390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650291)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650291/; classtype:trojan-activity;sid:84513391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650289)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/1033/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650289/; classtype:trojan-activity;sid:84513389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650287)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650287/; classtype:trojan-activity;sid:84513387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650284)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650284/; classtype:trojan-activity;sid:84513384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650276/; classtype:trojan-activity;sid:84513376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650277)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650277/; classtype:trojan-activity;sid:84513377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650278)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650278/; classtype:trojan-activity;sid:84513378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169947/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650270/; classtype:trojan-activity;sid:84513370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165200/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650271/; classtype:trojan-activity;sid:84513371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650273)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650273/; classtype:trojan-activity;sid:84513373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/consulta%20n%c3%a3o%20encerrado/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650269/; classtype:trojan-activity;sid:84513369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650263)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650263/; classtype:trojan-activity;sid:84513363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650264)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650264/; classtype:trojan-activity;sid:84513364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650265)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650265/; classtype:trojan-activity;sid:84513365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650267)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650267/; classtype:trojan-activity;sid:84513367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650268)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650268/; classtype:trojan-activity;sid:84513368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650261/; classtype:trojan-activity;sid:84513361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650262/; classtype:trojan-activity;sid:84513362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-02-16/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650259/; classtype:trojan-activity;sid:84513359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168295/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650258/; classtype:trojan-activity;sid:84513358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650256)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650256/; classtype:trojan-activity;sid:84513356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650257)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650257/; classtype:trojan-activity;sid:84513357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650255)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650255/; classtype:trojan-activity;sid:84513355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585560/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650253/; classtype:trojan-activity;sid:84513353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-29/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650251/; classtype:trojan-activity;sid:84513351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650252)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650252/; classtype:trojan-activity;sid:84513352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650248)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650248/; classtype:trojan-activity;sid:84513348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650247)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.105.123.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650247/; classtype:trojan-activity;sid:84513347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604650/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650244/; classtype:trojan-activity;sid:84513344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650245)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650245/; classtype:trojan-activity;sid:84513345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604662/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650243/; classtype:trojan-activity;sid:84513343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650242/; classtype:trojan-activity;sid:84513342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650241)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650241/; classtype:trojan-activity;sid:84513341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650236/; classtype:trojan-activity;sid:84513336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650237)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1040/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650237/; classtype:trojan-activity;sid:84513337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650238)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650238/; classtype:trojan-activity;sid:84513338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650239)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650239/; classtype:trojan-activity;sid:84513339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650224)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650224/; classtype:trojan-activity;sid:84513324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650225)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650225/; classtype:trojan-activity;sid:84513325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650226)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650226/; classtype:trojan-activity;sid:84513326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650228)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650228/; classtype:trojan-activity;sid:84513328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650223)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650223/; classtype:trojan-activity;sid:84513323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650222/; classtype:trojan-activity;sid:84513322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650220)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650220/; classtype:trojan-activity;sid:84513320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650221)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650221/; classtype:trojan-activity;sid:84513321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650219/; classtype:trojan-activity;sid:84513319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650215/; classtype:trojan-activity;sid:84513315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600441/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650214/; classtype:trojan-activity;sid:84513314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584368/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650213/; classtype:trojan-activity;sid:84513313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650212)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650212/; classtype:trojan-activity;sid:84513312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650205)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650205/; classtype:trojan-activity;sid:84513305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650206)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650206/; classtype:trojan-activity;sid:84513306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650207)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650207/; classtype:trojan-activity;sid:84513307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650203)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/zh-chs/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650203/; classtype:trojan-activity;sid:84513303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650202)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650202/; classtype:trojan-activity;sid:84513302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650200/; classtype:trojan-activity;sid:84513300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650201/; classtype:trojan-activity;sid:84513301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650199)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650199/; classtype:trojan-activity;sid:84513299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650197)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650197/; classtype:trojan-activity;sid:84513297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650198)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650198/; classtype:trojan-activity;sid:84513298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-10-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650195/; classtype:trojan-activity;sid:84513295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650196/; classtype:trojan-activity;sid:84513296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650194)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlparam/info.zip"; http_uri; depth:170; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650194/; classtype:trojan-activity;sid:84513294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650193)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650193/; classtype:trojan-activity;sid:84513293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179593/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650191/; classtype:trojan-activity;sid:84513291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650190/; classtype:trojan-activity;sid:84513290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650188)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650188/; classtype:trojan-activity;sid:84513288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650189)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650189/; classtype:trojan-activity;sid:84513289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650187/; classtype:trojan-activity;sid:84513287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650186)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650186/; classtype:trojan-activity;sid:84513286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650183)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650183/; classtype:trojan-activity;sid:84513283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650184)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/gac_32/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650184/; classtype:trojan-activity;sid:84513284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650181/; classtype:trojan-activity;sid:84513281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650182)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650182/; classtype:trojan-activity;sid:84513282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650180)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650180/; classtype:trojan-activity;sid:84513280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-06-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650178/; classtype:trojan-activity;sid:84513278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650179)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650179/; classtype:trojan-activity;sid:84513279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650177)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650177/; classtype:trojan-activity;sid:84513277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650174)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650174/; classtype:trojan-activity;sid:84513274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650175)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650175/; classtype:trojan-activity;sid:84513275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650173)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/x64/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650173/; classtype:trojan-activity;sid:84513273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650171)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650171/; classtype:trojan-activity;sid:84513271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000222522/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650170/; classtype:trojan-activity;sid:84513270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650168)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650168/; classtype:trojan-activity;sid:84513268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650169)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650169/; classtype:trojan-activity;sid:84513269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650165)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650165/; classtype:trojan-activity;sid:84513265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650163)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650163/; classtype:trojan-activity;sid:84513263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166869/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650162/; classtype:trojan-activity;sid:84513262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566150/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650160/; classtype:trojan-activity;sid:84513260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546495/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650161/; classtype:trojan-activity;sid:84513261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650159/; classtype:trojan-activity;sid:84513259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650157)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp64/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650157/; classtype:trojan-activity;sid:84513257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650155)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650155/; classtype:trojan-activity;sid:84513255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650153)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650153/; classtype:trojan-activity;sid:84513253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650154)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650154/; classtype:trojan-activity;sid:84513254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650151)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650151/; classtype:trojan-activity;sid:84513251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650149)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650149/; classtype:trojan-activity;sid:84513249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650148)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650148/; classtype:trojan-activity;sid:84513248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164138/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650146/; classtype:trojan-activity;sid:84513246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650147)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/remoteblobstore/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650147/; classtype:trojan-activity;sid:84513247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650145)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650145/; classtype:trojan-activity;sid:84513245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650143)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650143/; classtype:trojan-activity;sid:84513243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650144)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650144/; classtype:trojan-activity;sid:84513244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650142)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"99.232.252.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650142/; classtype:trojan-activity;sid:84513242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650138/; classtype:trojan-activity;sid:84513238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650134)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650134/; classtype:trojan-activity;sid:84513234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650133)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650133/; classtype:trojan-activity;sid:84513233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650131)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650131/; classtype:trojan-activity;sid:84513231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170520/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650130/; classtype:trojan-activity;sid:84513230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650129/; classtype:trojan-activity;sid:84513229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171256/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650127/; classtype:trojan-activity;sid:84513227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650128)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650128/; classtype:trojan-activity;sid:84513228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650123/; classtype:trojan-activity;sid:84513223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650125)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650125/; classtype:trojan-activity;sid:84513225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553463/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650122/; classtype:trojan-activity;sid:84513222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650119)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650119/; classtype:trojan-activity;sid:84513219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650120)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650120/; classtype:trojan-activity;sid:84513220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-14/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650117/; classtype:trojan-activity;sid:84513217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165900/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650118/; classtype:trojan-activity;sid:84513218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650113)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650113/; classtype:trojan-activity;sid:84513213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650114/; classtype:trojan-activity;sid:84513214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650115/; classtype:trojan-activity;sid:84513215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566395/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650112/; classtype:trojan-activity;sid:84513212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-08-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650111/; classtype:trojan-activity;sid:84513211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650109)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650109/; classtype:trojan-activity;sid:84513209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650108)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/2052/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650108/; classtype:trojan-activity;sid:84513208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171314/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650107/; classtype:trojan-activity;sid:84513207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650105/; classtype:trojan-activity;sid:84513205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650106)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650106/; classtype:trojan-activity;sid:84513206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650104/; classtype:trojan-activity;sid:84513204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650103)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650103/; classtype:trojan-activity;sid:84513203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650100)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650100/; classtype:trojan-activity;sid:84513200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650099)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650099/; classtype:trojan-activity;sid:84513199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650098)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650098/; classtype:trojan-activity;sid:84513198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650096)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650096/; classtype:trojan-activity;sid:84513196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650097)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650097/; classtype:trojan-activity;sid:84513197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171298/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650093/; classtype:trojan-activity;sid:84513193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650094)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650094/; classtype:trojan-activity;sid:84513194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168275/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650092/; classtype:trojan-activity;sid:84513192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650089)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650089/; classtype:trojan-activity;sid:84513189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650091)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650091/; classtype:trojan-activity;sid:84513191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650086/; classtype:trojan-activity;sid:84513186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650087/; classtype:trojan-activity;sid:84513187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650088)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650088/; classtype:trojan-activity;sid:84513188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650085/; classtype:trojan-activity;sid:84513185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-03-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650083/; classtype:trojan-activity;sid:84513183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650084)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/zh-chs/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650084/; classtype:trojan-activity;sid:84513184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-24/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650082/; classtype:trojan-activity;sid:84513182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166259/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650079/; classtype:trojan-activity;sid:84513179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650080/; classtype:trojan-activity;sid:84513180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650081)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/catalog/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650081/; classtype:trojan-activity;sid:84513181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650077)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650077/; classtype:trojan-activity;sid:84513177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165824/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650078/; classtype:trojan-activity;sid:84513178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650073)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650073/; classtype:trojan-activity;sid:84513173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650074)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650074/; classtype:trojan-activity;sid:84513174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650071/; classtype:trojan-activity;sid:84513171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650072)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650072/; classtype:trojan-activity;sid:84513172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650069)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650069/; classtype:trojan-activity;sid:84513169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650067/; classtype:trojan-activity;sid:84513167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650065)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650065/; classtype:trojan-activity;sid:84513165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650062)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/upgrade%20advisor/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650062/; classtype:trojan-activity;sid:84513162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650063)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650063/; classtype:trojan-activity;sid:84513163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567166/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650058/; classtype:trojan-activity;sid:84513158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650059)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650059/; classtype:trojan-activity;sid:84513159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650060)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650060/; classtype:trojan-activity;sid:84513160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650061)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650061/; classtype:trojan-activity;sid:84513161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650057)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650057/; classtype:trojan-activity;sid:84513157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-10-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650055/; classtype:trojan-activity;sid:84513155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650056/; classtype:trojan-activity;sid:84513156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650053)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/powershell/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650053/; classtype:trojan-activity;sid:84513153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650054/; classtype:trojan-activity;sid:84513154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567145/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650051/; classtype:trojan-activity;sid:84513151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650052)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650052/; classtype:trojan-activity;sid:84513152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650049)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650049/; classtype:trojan-activity;sid:84513149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650046)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/3082/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650046/; classtype:trojan-activity;sid:84513146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650047/; classtype:trojan-activity;sid:84513147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650048/; classtype:trojan-activity;sid:84513148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650043)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650043/; classtype:trojan-activity;sid:84513143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650042)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650042/; classtype:trojan-activity;sid:84513142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-08-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650038/; classtype:trojan-activity;sid:84513138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650039)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650039/; classtype:trojan-activity;sid:84513139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650035/; classtype:trojan-activity;sid:84513135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650036/; classtype:trojan-activity;sid:84513136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650033)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650033/; classtype:trojan-activity;sid:84513133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650030)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650030/; classtype:trojan-activity;sid:84513130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650029)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/saomiao/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650029/; classtype:trojan-activity;sid:84513129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169473/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650028/; classtype:trojan-activity;sid:84513128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650027)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/windows/gac/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650027/; classtype:trojan-activity;sid:84513127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171454/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650026/; classtype:trojan-activity;sid:84513126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170532/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650023/; classtype:trojan-activity;sid:84513123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650024)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650024/; classtype:trojan-activity;sid:84513124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650020/; classtype:trojan-activity;sid:84513120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650013)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/js/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650013/; classtype:trojan-activity;sid:84513113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650014/; classtype:trojan-activity;sid:84513114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650015)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650015/; classtype:trojan-activity;sid:84513115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650016)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/2052/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650016/; classtype:trojan-activity;sid:84513116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650017)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650017/; classtype:trojan-activity;sid:84513117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650018)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650018/; classtype:trojan-activity;sid:84513118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650012)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.218.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650012/; classtype:trojan-activity;sid:84513112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650011)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650011/; classtype:trojan-activity;sid:84513111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650010)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia-tuzhi/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650010/; classtype:trojan-activity;sid:84513110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650008)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650008/; classtype:trojan-activity;sid:84513108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650009)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650009/; classtype:trojan-activity;sid:84513109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650007/; classtype:trojan-activity;sid:84513107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650006)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650006/; classtype:trojan-activity;sid:84513106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543689/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650004/; classtype:trojan-activity;sid:84513104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633209/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650001/; classtype:trojan-activity;sid:84513101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650003)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650003/; classtype:trojan-activity;sid:84513103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650000)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650000/; classtype:trojan-activity;sid:84513100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649998)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649998/; classtype:trojan-activity;sid:84513098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546233/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649996/; classtype:trojan-activity;sid:84513096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649994)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649994/; classtype:trojan-activity;sid:84513094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649995/; classtype:trojan-activity;sid:84513095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649991)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649991/; classtype:trojan-activity;sid:84513091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585575/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649992/; classtype:trojan-activity;sid:84513092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649985/; classtype:trojan-activity;sid:84513085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171194/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649986/; classtype:trojan-activity;sid:84513086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649987/; classtype:trojan-activity;sid:84513087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649989)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649989/; classtype:trojan-activity;sid:84513089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649990)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649990/; classtype:trojan-activity;sid:84513090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649984)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649984/; classtype:trojan-activity;sid:84513084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649983)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649983/; classtype:trojan-activity;sid:84513083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649977)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649977/; classtype:trojan-activity;sid:84513077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649979)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649979/; classtype:trojan-activity;sid:84513079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586961/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649980/; classtype:trojan-activity;sid:84513080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000609592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649981/; classtype:trojan-activity;sid:84513081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649982)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649982/; classtype:trojan-activity;sid:84513082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649976)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/msshared/sqldbg/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649976/; classtype:trojan-activity;sid:84513076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649974)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649974/; classtype:trojan-activity;sid:84513074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649975)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649975/; classtype:trojan-activity;sid:84513075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649972)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649972/; classtype:trojan-activity;sid:84513072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649973)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649973/; classtype:trojan-activity;sid:84513073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649968)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649968/; classtype:trojan-activity;sid:84513068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649969)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649969/; classtype:trojan-activity;sid:84513069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649966)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/en/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649966/; classtype:trojan-activity;sid:84513066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649965)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649965/; classtype:trojan-activity;sid:84513065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649964/; classtype:trojan-activity;sid:84513064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649962)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/x86/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649962/; classtype:trojan-activity;sid:84513062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649961/; classtype:trojan-activity;sid:84513061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649958)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649958/; classtype:trojan-activity;sid:84513058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172788/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649959/; classtype:trojan-activity;sid:84513059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237371/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649956/; classtype:trojan-activity;sid:84513056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649955)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649955/; classtype:trojan-activity;sid:84513055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649951)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649951/; classtype:trojan-activity;sid:84513051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552709/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649952/; classtype:trojan-activity;sid:84513052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649948)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649948/; classtype:trojan-activity;sid:84513048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649949)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649949/; classtype:trojan-activity;sid:84513049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649947)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649947/; classtype:trojan-activity;sid:84513047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649946)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649946/; classtype:trojan-activity;sid:84513046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649944/; classtype:trojan-activity;sid:84513044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649941)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649941/; classtype:trojan-activity;sid:84513041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649942)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/1033/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649942/; classtype:trojan-activity;sid:84513042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649943/; classtype:trojan-activity;sid:84513043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649939)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649939/; classtype:trojan-activity;sid:84513039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649940)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649940/; classtype:trojan-activity;sid:84513040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649936)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649936/; classtype:trojan-activity;sid:84513036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649937/; classtype:trojan-activity;sid:84513037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649935/; classtype:trojan-activity;sid:84513035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649933)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649933/; classtype:trojan-activity;sid:84513033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649934)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649934/; classtype:trojan-activity;sid:84513034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567164/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649932/; classtype:trojan-activity;sid:84513032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171888/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649930/; classtype:trojan-activity;sid:84513030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165116/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649931/; classtype:trojan-activity;sid:84513031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649928/; classtype:trojan-activity;sid:84513028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649927)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"152.230.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649927/; classtype:trojan-activity;sid:84513027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649922/; classtype:trojan-activity;sid:84513022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000208170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649923/; classtype:trojan-activity;sid:84513023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649925)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649925/; classtype:trojan-activity;sid:84513025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649921)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649921/; classtype:trojan-activity;sid:84513021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649920)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"73.71.107.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649920/; classtype:trojan-activity;sid:84513020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264645/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649919/; classtype:trojan-activity;sid:84513019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649917)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649917/; classtype:trojan-activity;sid:84513017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649915)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649915/; classtype:trojan-activity;sid:84513015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649914/; classtype:trojan-activity;sid:84513014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171458/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649910/; classtype:trojan-activity;sid:84513010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649911)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649911/; classtype:trojan-activity;sid:84513011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649906)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649906/; classtype:trojan-activity;sid:84513006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649907)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649907/; classtype:trojan-activity;sid:84513007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649903)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649903/; classtype:trojan-activity;sid:84513003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000617432/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649900/; classtype:trojan-activity;sid:84513000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649901/; classtype:trojan-activity;sid:84513001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649897/; classtype:trojan-activity;sid:84512997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649899/; classtype:trojan-activity;sid:84512999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649896/; classtype:trojan-activity;sid:84512996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265247/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649895/; classtype:trojan-activity;sid:84512995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649893)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649893/; classtype:trojan-activity;sid:84512993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649894)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649894/; classtype:trojan-activity;sid:84512994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649889)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649889/; classtype:trojan-activity;sid:84512989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649890)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"24.251.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649890/; classtype:trojan-activity;sid:84512990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649891)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649891/; classtype:trojan-activity;sid:84512991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649892)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649892/; classtype:trojan-activity;sid:84512992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165014/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649888/; classtype:trojan-activity;sid:84512988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649887)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/template/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649887/; classtype:trojan-activity;sid:84512987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649885/; classtype:trojan-activity;sid:84512985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168749/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649886/; classtype:trojan-activity;sid:84512986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649884/; classtype:trojan-activity;sid:84512984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649882)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649882/; classtype:trojan-activity;sid:84512982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649883)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649883/; classtype:trojan-activity;sid:84512983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649881/; classtype:trojan-activity;sid:84512981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649880)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649880/; classtype:trojan-activity;sid:84512980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649876)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649876/; classtype:trojan-activity;sid:84512976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649877)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia-kancha/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649877/; classtype:trojan-activity;sid:84512977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000212326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649878/; classtype:trojan-activity;sid:84512978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649879)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649879/; classtype:trojan-activity;sid:84512979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649873)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649873/; classtype:trojan-activity;sid:84512973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649874/; classtype:trojan-activity;sid:84512974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649875)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649875/; classtype:trojan-activity;sid:84512975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649872)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/pfiles/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649872/; classtype:trojan-activity;sid:84512972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649871)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649871/; classtype:trojan-activity;sid:84512971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000746890/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649870/; classtype:trojan-activity;sid:84512970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160628/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649867/; classtype:trojan-activity;sid:84512967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171452/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649868/; classtype:trojan-activity;sid:84512968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649869/; classtype:trojan-activity;sid:84512969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649866)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649866/; classtype:trojan-activity;sid:84512966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649865)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649865/; classtype:trojan-activity;sid:84512965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164253/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649864/; classtype:trojan-activity;sid:84512964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649863/; classtype:trojan-activity;sid:84512963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649862)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649862/; classtype:trojan-activity;sid:84512962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649861/; classtype:trojan-activity;sid:84512961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649858/; classtype:trojan-activity;sid:84512958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649859)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649859/; classtype:trojan-activity;sid:84512959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649855)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649855/; classtype:trojan-activity;sid:84512955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649856/; classtype:trojan-activity;sid:84512956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649857)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649857/; classtype:trojan-activity;sid:84512957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649850/; classtype:trojan-activity;sid:84512950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649851)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649851/; classtype:trojan-activity;sid:84512951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649847)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649847/; classtype:trojan-activity;sid:84512947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649848/; classtype:trojan-activity;sid:84512948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649845)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649845/; classtype:trojan-activity;sid:84512945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649844/; classtype:trojan-activity;sid:84512944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649842)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx30/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649842/; classtype:trojan-activity;sid:84512942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649841)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649841/; classtype:trojan-activity;sid:84512941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649840/; classtype:trojan-activity;sid:84512940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170894/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649839/; classtype:trojan-activity;sid:84512939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649837)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649837/; classtype:trojan-activity;sid:84512937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649838)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649838/; classtype:trojan-activity;sid:84512938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649833/; classtype:trojan-activity;sid:84512933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649829)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649829/; classtype:trojan-activity;sid:84512929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649830)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649830/; classtype:trojan-activity;sid:84512930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649831)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649831/; classtype:trojan-activity;sid:84512931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649832)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649832/; classtype:trojan-activity;sid:84512932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649827)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649827/; classtype:trojan-activity;sid:84512927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649828)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649828/; classtype:trojan-activity;sid:84512928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649825)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/upgrade%20advisor/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649825/; classtype:trojan-activity;sid:84512925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649826)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649826/; classtype:trojan-activity;sid:84512926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649823)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/2052/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649823/; classtype:trojan-activity;sid:84512923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649824)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649824/; classtype:trojan-activity;sid:84512924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649822)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649822/; classtype:trojan-activity;sid:84512922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649821/; classtype:trojan-activity;sid:84512921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649820)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649820/; classtype:trojan-activity;sid:84512920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649819)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649819/; classtype:trojan-activity;sid:84512919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649818)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649818/; classtype:trojan-activity;sid:84512918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649817)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649817/; classtype:trojan-activity;sid:84512917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649816)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx30/x86/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649816/; classtype:trojan-activity;sid:84512916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649815/; classtype:trojan-activity;sid:84512915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649814)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649814/; classtype:trojan-activity;sid:84512914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649813)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649813/; classtype:trojan-activity;sid:84512913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649809)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649809/; classtype:trojan-activity;sid:84512909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649810)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/binn/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649810/; classtype:trojan-activity;sid:84512910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649808)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649808/; classtype:trojan-activity;sid:84512908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649807)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649807/; classtype:trojan-activity;sid:84512907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649804)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649804/; classtype:trojan-activity;sid:84512904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649805)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649805/; classtype:trojan-activity;sid:84512905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649803)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649803/; classtype:trojan-activity;sid:84512903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649802/; classtype:trojan-activity;sid:84512902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000465109/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649801/; classtype:trojan-activity;sid:84512901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649800)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649800/; classtype:trojan-activity;sid:84512900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649799)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/help/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649799/; classtype:trojan-activity;sid:84512899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649796)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649796/; classtype:trojan-activity;sid:84512896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649795)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/ia64/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649795/; classtype:trojan-activity;sid:84512895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649794)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649794/; classtype:trojan-activity;sid:84512894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649792)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649792/; classtype:trojan-activity;sid:84512892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649791)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649791/; classtype:trojan-activity;sid:84512891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172568/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649790/; classtype:trojan-activity;sid:84512890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649789)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649789/; classtype:trojan-activity;sid:84512889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649788/; classtype:trojan-activity;sid:84512888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649787)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649787/; classtype:trojan-activity;sid:84512887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649786)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649786/; classtype:trojan-activity;sid:84512886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226537/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649783/; classtype:trojan-activity;sid:84512883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2022-02-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649780/; classtype:trojan-activity;sid:84512880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649777/; classtype:trojan-activity;sid:84512877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649778)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649778/; classtype:trojan-activity;sid:84512878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649775/; classtype:trojan-activity;sid:84512875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649776)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649776/; classtype:trojan-activity;sid:84512876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649773)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649773/; classtype:trojan-activity;sid:84512873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166135/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649771/; classtype:trojan-activity;sid:84512871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649772)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/system32/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649772/; classtype:trojan-activity;sid:84512872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649770)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/binn/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649770/; classtype:trojan-activity;sid:84512870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-06-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649768/; classtype:trojan-activity;sid:84512868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649765)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649765/; classtype:trojan-activity;sid:84512865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649766)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649766/; classtype:trojan-activity;sid:84512866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649767)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649767/; classtype:trojan-activity;sid:84512867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649764)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649764/; classtype:trojan-activity;sid:84512864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649762/; classtype:trojan-activity;sid:84512862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649759)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/dts/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649759/; classtype:trojan-activity;sid:84512859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-06-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649760/; classtype:trojan-activity;sid:84512860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649761/; classtype:trojan-activity;sid:84512861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649758)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649758/; classtype:trojan-activity;sid:84512858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649757)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649757/; classtype:trojan-activity;sid:84512857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649756)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649756/; classtype:trojan-activity;sid:84512856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649754)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/gac_32/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649754/; classtype:trojan-activity;sid:84512854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649753/; classtype:trojan-activity;sid:84512853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649751/; classtype:trojan-activity;sid:84512851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649750)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649750/; classtype:trojan-activity;sid:84512850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649749)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649749/; classtype:trojan-activity;sid:84512849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649746)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649746/; classtype:trojan-activity;sid:84512846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649743)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/ia64/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649743/; classtype:trojan-activity;sid:84512843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649744/; classtype:trojan-activity;sid:84512844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2024-07-06/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649738/; classtype:trojan-activity;sid:84512838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649739)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649739/; classtype:trojan-activity;sid:84512839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649740)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649740/; classtype:trojan-activity;sid:84512840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649741)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649741/; classtype:trojan-activity;sid:84512841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649735)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649735/; classtype:trojan-activity;sid:84512835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649736)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649736/; classtype:trojan-activity;sid:84512836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649734)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/demo/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649734/; classtype:trojan-activity;sid:84512834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649732)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649732/; classtype:trojan-activity;sid:84512832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000557542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649730/; classtype:trojan-activity;sid:84512830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167115/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649731/; classtype:trojan-activity;sid:84512831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649728)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649728/; classtype:trojan-activity;sid:84512828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649729)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649729/; classtype:trojan-activity;sid:84512829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649727)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649727/; classtype:trojan-activity;sid:84512827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649723)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649723/; classtype:trojan-activity;sid:84512823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649721)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649721/; classtype:trojan-activity;sid:84512821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649720)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649720/; classtype:trojan-activity;sid:84512820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649718)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649718/; classtype:trojan-activity;sid:84512818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649714)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649714/; classtype:trojan-activity;sid:84512814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649716)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649716/; classtype:trojan-activity;sid:84512816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649713)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649713/; classtype:trojan-activity;sid:84512813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649711)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649711/; classtype:trojan-activity;sid:84512811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649708)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649708/; classtype:trojan-activity;sid:84512808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649709)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649709/; classtype:trojan-activity;sid:84512809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649707/; classtype:trojan-activity;sid:84512807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649705)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlmes/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649705/; classtype:trojan-activity;sid:84512805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649706)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649706/; classtype:trojan-activity;sid:84512806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649703)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649703/; classtype:trojan-activity;sid:84512803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168301/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649699/; classtype:trojan-activity;sid:84512799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649700)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649700/; classtype:trojan-activity;sid:84512800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171474/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649701/; classtype:trojan-activity;sid:84512801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649702/; classtype:trojan-activity;sid:84512802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649698)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649698/; classtype:trojan-activity;sid:84512798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649695)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649695/; classtype:trojan-activity;sid:84512795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649696)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/en/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649696/; classtype:trojan-activity;sid:84512796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649694)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649694/; classtype:trojan-activity;sid:84512794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649693)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649693/; classtype:trojan-activity;sid:84512793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649690)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649690/; classtype:trojan-activity;sid:84512790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167423/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649692/; classtype:trojan-activity;sid:84512792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649689/; classtype:trojan-activity;sid:84512789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649688)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649688/; classtype:trojan-activity;sid:84512788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649684)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/windows%20installer/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649684/; classtype:trojan-activity;sid:84512784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649686)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649686/; classtype:trojan-activity;sid:84512786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649683)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649683/; classtype:trojan-activity;sid:84512783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649682)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649682/; classtype:trojan-activity;sid:84512782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171702/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649681/; classtype:trojan-activity;sid:84512781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649678)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649678/; classtype:trojan-activity;sid:84512778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649679)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649679/; classtype:trojan-activity;sid:84512779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171468/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649677/; classtype:trojan-activity;sid:84512777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649676)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649676/; classtype:trojan-activity;sid:84512776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649673)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230418/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649673/; classtype:trojan-activity;sid:84512773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166739/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649674/; classtype:trojan-activity;sid:84512774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649675)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649675/; classtype:trojan-activity;sid:84512775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649672/; classtype:trojan-activity;sid:84512772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649671/; classtype:trojan-activity;sid:84512771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649666)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649666/; classtype:trojan-activity;sid:84512766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649667)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649667/; classtype:trojan-activity;sid:84512767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649668)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/2052/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649668/; classtype:trojan-activity;sid:84512768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649669/; classtype:trojan-activity;sid:84512769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649663/; classtype:trojan-activity;sid:84512763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649664)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649664/; classtype:trojan-activity;sid:84512764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649665)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/dta/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649665/; classtype:trojan-activity;sid:84512765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649662/; classtype:trojan-activity;sid:84512762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649660)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649660/; classtype:trojan-activity;sid:84512760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649661)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/2052/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649661/; classtype:trojan-activity;sid:84512761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649659)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"73.155.237.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649659/; classtype:trojan-activity;sid:84512759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649658)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/help/1033/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649658/; classtype:trojan-activity;sid:84512758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649656/; classtype:trojan-activity;sid:84512756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649657)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649657/; classtype:trojan-activity;sid:84512757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169927/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649655/; classtype:trojan-activity;sid:84512755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649651/; classtype:trojan-activity;sid:84512751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-12-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649653/; classtype:trojan-activity;sid:84512753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649650/; classtype:trojan-activity;sid:84512750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543908/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649647/; classtype:trojan-activity;sid:84512747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649643/; classtype:trojan-activity;sid:84512743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542543/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649644/; classtype:trojan-activity;sid:84512744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649635/; classtype:trojan-activity;sid:84512735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649636/; classtype:trojan-activity;sid:84512736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171302/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649622/; classtype:trojan-activity;sid:84512722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166801/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649626/; classtype:trojan-activity;sid:84512726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649619)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649619/; classtype:trojan-activity;sid:84512719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649618/; classtype:trojan-activity;sid:84512718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160981/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649613/; classtype:trojan-activity;sid:84512713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551812/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649607/; classtype:trojan-activity;sid:84512707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649609)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/1033/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649609/; classtype:trojan-activity;sid:84512709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649610)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649610/; classtype:trojan-activity;sid:84512710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649611)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649611/; classtype:trojan-activity;sid:84512711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/format/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649603/; classtype:trojan-activity;sid:84512703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649604)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649604/; classtype:trojan-activity;sid:84512704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649605/; classtype:trojan-activity;sid:84512705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649596)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649596/; classtype:trojan-activity;sid:84512696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649597)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/zhijia/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649597/; classtype:trojan-activity;sid:84512697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649599/; classtype:trojan-activity;sid:84512699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649600)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/catalog/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649600/; classtype:trojan-activity;sid:84512700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649594/; classtype:trojan-activity;sid:84512694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649593)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649593/; classtype:trojan-activity;sid:84512693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649588/; classtype:trojan-activity;sid:84512688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649589)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649589/; classtype:trojan-activity;sid:84512689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649590/; classtype:trojan-activity;sid:84512690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649591)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649591/; classtype:trojan-activity;sid:84512691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649586)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/fonts/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649586/; classtype:trojan-activity;sid:84512686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649587)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649587/; classtype:trojan-activity;sid:84512687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649582)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649582/; classtype:trojan-activity;sid:84512682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649580/; classtype:trojan-activity;sid:84512680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649581)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649581/; classtype:trojan-activity;sid:84512681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649579)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649579/; classtype:trojan-activity;sid:84512679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-05-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649578/; classtype:trojan-activity;sid:84512678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168299/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649576/; classtype:trojan-activity;sid:84512676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649577/; classtype:trojan-activity;sid:84512677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160619/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649573/; classtype:trojan-activity;sid:84512673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649574/; classtype:trojan-activity;sid:84512674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171316/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649572/; classtype:trojan-activity;sid:84512672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649570/; classtype:trojan-activity;sid:84512670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649565)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649565/; classtype:trojan-activity;sid:84512665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649566)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649566/; classtype:trojan-activity;sid:84512666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649567/; classtype:trojan-activity;sid:84512667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649568)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/2052/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649568/; classtype:trojan-activity;sid:84512668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649563)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649563/; classtype:trojan-activity;sid:84512663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649564)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/gac/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649564/; classtype:trojan-activity;sid:84512664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649559)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649559/; classtype:trojan-activity;sid:84512659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649560/; classtype:trojan-activity;sid:84512660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649557)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649557/; classtype:trojan-activity;sid:84512657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649558)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/mapfiles/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649558/; classtype:trojan-activity;sid:84512658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168281/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649556/; classtype:trojan-activity;sid:84512656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649555)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/zhijia-tuzhi/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649555/; classtype:trojan-activity;sid:84512655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649553)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649553/; classtype:trojan-activity;sid:84512653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171358/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649549/; classtype:trojan-activity;sid:84512649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649550)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649550/; classtype:trojan-activity;sid:84512650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167601/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649551/; classtype:trojan-activity;sid:84512651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-06-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649552/; classtype:trojan-activity;sid:84512652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649544/; classtype:trojan-activity;sid:84512644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649545)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649545/; classtype:trojan-activity;sid:84512645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649546)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649546/; classtype:trojan-activity;sid:84512646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649547/; classtype:trojan-activity;sid:84512647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649540)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649540/; classtype:trojan-activity;sid:84512640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649542)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649542/; classtype:trojan-activity;sid:84512642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649543)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649543/; classtype:trojan-activity;sid:84512643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649536)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649536/; classtype:trojan-activity;sid:84512636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649537)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649537/; classtype:trojan-activity;sid:84512637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649538)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649538/; classtype:trojan-activity;sid:84512638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-10-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649535/; classtype:trojan-activity;sid:84512635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166323/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649533/; classtype:trojan-activity;sid:84512633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000732234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649532/; classtype:trojan-activity;sid:84512632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649530)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649530/; classtype:trojan-activity;sid:84512630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649529/; classtype:trojan-activity;sid:84512629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649526)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649526/; classtype:trojan-activity;sid:84512626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649527)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649527/; classtype:trojan-activity;sid:84512627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649528/; classtype:trojan-activity;sid:84512628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649523)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqlrowct/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649523/; classtype:trojan-activity;sid:84512623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649524)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649524/; classtype:trojan-activity;sid:84512624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584370/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649521/; classtype:trojan-activity;sid:84512621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649522)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649522/; classtype:trojan-activity;sid:84512622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649520)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649520/; classtype:trojan-activity;sid:84512620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649518)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649518/; classtype:trojan-activity;sid:84512618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649519)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649519/; classtype:trojan-activity;sid:84512619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583934/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649517/; classtype:trojan-activity;sid:84512617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649516)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649516/; classtype:trojan-activity;sid:84512616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165844/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649514/; classtype:trojan-activity;sid:84512614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649515)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649515/; classtype:trojan-activity;sid:84512615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649512)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649512/; classtype:trojan-activity;sid:84512612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649511)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649511/; classtype:trojan-activity;sid:84512611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649509)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649509/; classtype:trojan-activity;sid:84512609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649510)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649510/; classtype:trojan-activity;sid:84512610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649508)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/gac_32/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649508/; classtype:trojan-activity;sid:84512608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649507)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649507/; classtype:trojan-activity;sid:84512607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649504)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649504/; classtype:trojan-activity;sid:84512604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649505)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649505/; classtype:trojan-activity;sid:84512605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649506/; classtype:trojan-activity;sid:84512606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165184/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649503/; classtype:trojan-activity;sid:84512603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649499)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/bulkload/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649499/; classtype:trojan-activity;sid:84512599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649500)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649500/; classtype:trojan-activity;sid:84512600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649497)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649497/; classtype:trojan-activity;sid:84512597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649498/; classtype:trojan-activity;sid:84512598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649495/; classtype:trojan-activity;sid:84512595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649496)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649496/; classtype:trojan-activity;sid:84512596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649494/; classtype:trojan-activity;sid:84512594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168365/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649492/; classtype:trojan-activity;sid:84512592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649491)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649491/; classtype:trojan-activity;sid:84512591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649489/; classtype:trojan-activity;sid:84512589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649487)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649487/; classtype:trojan-activity;sid:84512587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649486/; classtype:trojan-activity;sid:84512586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649484/; classtype:trojan-activity;sid:84512584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000209999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649483/; classtype:trojan-activity;sid:84512583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649480)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649480/; classtype:trojan-activity;sid:84512580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649477)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649477/; classtype:trojan-activity;sid:84512577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649478)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649478/; classtype:trojan-activity;sid:84512578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649475)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649475/; classtype:trojan-activity;sid:84512575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649474)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649474/; classtype:trojan-activity;sid:84512574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649473)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649473/; classtype:trojan-activity;sid:84512573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649469)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649469/; classtype:trojan-activity;sid:84512569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649470)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/powershell/x64/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649470/; classtype:trojan-activity;sid:84512570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164122/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649468/; classtype:trojan-activity;sid:84512568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649463)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649463/; classtype:trojan-activity;sid:84512563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649464)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649464/; classtype:trojan-activity;sid:84512564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649465)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649465/; classtype:trojan-activity;sid:84512565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649466)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649466/; classtype:trojan-activity;sid:84512566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649461)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649461/; classtype:trojan-activity;sid:84512561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649459/; classtype:trojan-activity;sid:84512559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649456/; classtype:trojan-activity;sid:84512556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649457)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649457/; classtype:trojan-activity;sid:84512557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649458/; classtype:trojan-activity;sid:84512558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649454)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649454/; classtype:trojan-activity;sid:84512554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171854/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649455/; classtype:trojan-activity;sid:84512555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649453)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649453/; classtype:trojan-activity;sid:84512553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649452)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649452/; classtype:trojan-activity;sid:84512552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649450)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649450/; classtype:trojan-activity;sid:84512550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649447)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetmsp/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649447/; classtype:trojan-activity;sid:84512547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649448)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/syswow64/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649448/; classtype:trojan-activity;sid:84512548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649443)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649443/; classtype:trojan-activity;sid:84512543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649444)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649444/; classtype:trojan-activity;sid:84512544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604321/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649440/; classtype:trojan-activity;sid:84512540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649439)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649439/; classtype:trojan-activity;sid:84512539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649435)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649435/; classtype:trojan-activity;sid:84512535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649437)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649437/; classtype:trojan-activity;sid:84512537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649433)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649433/; classtype:trojan-activity;sid:84512533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649434)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649434/; classtype:trojan-activity;sid:84512534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649431)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649431/; classtype:trojan-activity;sid:84512531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649432)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649432/; classtype:trojan-activity;sid:84512532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649429)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/windows%20installer/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649429/; classtype:trojan-activity;sid:84512529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649430)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649430/; classtype:trojan-activity;sid:84512530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649427/; classtype:trojan-activity;sid:84512527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649425)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/system32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649425/; classtype:trojan-activity;sid:84512525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649423)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649423/; classtype:trojan-activity;sid:84512523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160615/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649424/; classtype:trojan-activity;sid:84512524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649421)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/msnet/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649421/; classtype:trojan-activity;sid:84512521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649422)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649422/; classtype:trojan-activity;sid:84512522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649419)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649419/; classtype:trojan-activity;sid:84512519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649420/; classtype:trojan-activity;sid:84512520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649418/; classtype:trojan-activity;sid:84512518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649416/; classtype:trojan-activity;sid:84512516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171286/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649414/; classtype:trojan-activity;sid:84512514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649413)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649413/; classtype:trojan-activity;sid:84512513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649412)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649412/; classtype:trojan-activity;sid:84512512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649411/; classtype:trojan-activity;sid:84512511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649409)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649409/; classtype:trojan-activity;sid:84512509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171402/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649406/; classtype:trojan-activity;sid:84512506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649407)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/src/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649407/; classtype:trojan-activity;sid:84512507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649402/; classtype:trojan-activity;sid:84512502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649403)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649403/; classtype:trojan-activity;sid:84512503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649404)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649404/; classtype:trojan-activity;sid:84512504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-05-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649397/; classtype:trojan-activity;sid:84512497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649398)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649398/; classtype:trojan-activity;sid:84512498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649400)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649400/; classtype:trojan-activity;sid:84512500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649401)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649401/; classtype:trojan-activity;sid:84512501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649395/; classtype:trojan-activity;sid:84512495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649392/; classtype:trojan-activity;sid:84512492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168553/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649389/; classtype:trojan-activity;sid:84512489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649390)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649390/; classtype:trojan-activity;sid:84512490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649391/; classtype:trojan-activity;sid:84512491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649388)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649388/; classtype:trojan-activity;sid:84512488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649386)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649386/; classtype:trojan-activity;sid:84512486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171462/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649387/; classtype:trojan-activity;sid:84512487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-12/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649385/; classtype:trojan-activity;sid:84512485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649383)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649383/; classtype:trojan-activity;sid:84512483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649384)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649384/; classtype:trojan-activity;sid:84512484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649382/; classtype:trojan-activity;sid:84512482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606635/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649379/; classtype:trojan-activity;sid:84512479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649380/; classtype:trojan-activity;sid:84512480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649381)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/en/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649381/; classtype:trojan-activity;sid:84512481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000238203/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649377/; classtype:trojan-activity;sid:84512477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649378)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649378/; classtype:trojan-activity;sid:84512478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649375/; classtype:trojan-activity;sid:84512475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649376/; classtype:trojan-activity;sid:84512476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649374)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649374/; classtype:trojan-activity;sid:84512474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171242/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649372/; classtype:trojan-activity;sid:84512472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649371)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649371/; classtype:trojan-activity;sid:84512471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649370/; classtype:trojan-activity;sid:84512470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171464/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649365/; classtype:trojan-activity;sid:84512465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649366/; classtype:trojan-activity;sid:84512466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649363/; classtype:trojan-activity;sid:84512463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649364)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649364/; classtype:trojan-activity;sid:84512464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649362)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649362/; classtype:trojan-activity;sid:84512462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171332/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649360/; classtype:trojan-activity;sid:84512460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649361)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/res/1033/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649361/; classtype:trojan-activity;sid:84512461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649359/; classtype:trojan-activity;sid:84512459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649358)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649358/; classtype:trojan-activity;sid:84512458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649357/; classtype:trojan-activity;sid:84512457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165850/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649354/; classtype:trojan-activity;sid:84512454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649355/; classtype:trojan-activity;sid:84512455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649356)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/1033/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649356/; classtype:trojan-activity;sid:84512456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649353/; classtype:trojan-activity;sid:84512453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649350)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649350/; classtype:trojan-activity;sid:84512450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649351)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649351/; classtype:trojan-activity;sid:84512451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649352/; classtype:trojan-activity;sid:84512452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649348)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649348/; classtype:trojan-activity;sid:84512448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649346/; classtype:trojan-activity;sid:84512446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649347)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649347/; classtype:trojan-activity;sid:84512447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649345)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649345/; classtype:trojan-activity;sid:84512445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649344)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649344/; classtype:trojan-activity;sid:84512444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649343)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649343/; classtype:trojan-activity;sid:84512443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649342)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/x86/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649342/; classtype:trojan-activity;sid:84512442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649341)"; flow:established,from_client; content:"GET"; http_method; content:"/blog/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649341/; classtype:trojan-activity;sid:84512441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649340)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649340/; classtype:trojan-activity;sid:84512440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649339)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649339/; classtype:trojan-activity;sid:84512439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649338/; classtype:trojan-activity;sid:84512438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-06-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649336/; classtype:trojan-activity;sid:84512436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000587212/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649335/; classtype:trojan-activity;sid:84512435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649334)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649334/; classtype:trojan-activity;sid:84512434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649332/; classtype:trojan-activity;sid:84512432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165794/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649329/; classtype:trojan-activity;sid:84512429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649330)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649330/; classtype:trojan-activity;sid:84512430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649328)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649328/; classtype:trojan-activity;sid:84512428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173022/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649326/; classtype:trojan-activity;sid:84512426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649327/; classtype:trojan-activity;sid:84512427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649325)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/1033/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649325/; classtype:trojan-activity;sid:84512425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649324)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649324/; classtype:trojan-activity;sid:84512424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649321/; classtype:trojan-activity;sid:84512421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649322)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649322/; classtype:trojan-activity;sid:84512422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-20/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649323/; classtype:trojan-activity;sid:84512423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649320)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649320/; classtype:trojan-activity;sid:84512420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649319)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649319/; classtype:trojan-activity;sid:84512419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649314)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/powershell/x86/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649314/; classtype:trojan-activity;sid:84512414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649316)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649316/; classtype:trojan-activity;sid:84512416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649312)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/document/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649312/; classtype:trojan-activity;sid:84512412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566420/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649310/; classtype:trojan-activity;sid:84512410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567141/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649309/; classtype:trojan-activity;sid:84512409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000215215/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649306/; classtype:trojan-activity;sid:84512406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649305/; classtype:trojan-activity;sid:84512405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649304)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649304/; classtype:trojan-activity;sid:84512404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562903/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649303/; classtype:trojan-activity;sid:84512403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649302)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/install/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649302/; classtype:trojan-activity;sid:84512402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649301)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/tools/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649301/; classtype:trojan-activity;sid:84512401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649299/; classtype:trojan-activity;sid:84512399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649297)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649297/; classtype:trojan-activity;sid:84512397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649298)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649298/; classtype:trojan-activity;sid:84512398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649296)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649296/; classtype:trojan-activity;sid:84512396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567162/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649295/; classtype:trojan-activity;sid:84512395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649293)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/2052/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649293/; classtype:trojan-activity;sid:84512393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649290/; classtype:trojan-activity;sid:84512390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649291)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649291/; classtype:trojan-activity;sid:84512391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649289)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649289/; classtype:trojan-activity;sid:84512389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649288)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/res/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649288/; classtype:trojan-activity;sid:84512388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649287)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649287/; classtype:trojan-activity;sid:84512387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649286/; classtype:trojan-activity;sid:84512386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649285/; classtype:trojan-activity;sid:84512385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649284/; classtype:trojan-activity;sid:84512384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649283)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649283/; classtype:trojan-activity;sid:84512383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649282)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649282/; classtype:trojan-activity;sid:84512382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649281/; classtype:trojan-activity;sid:84512381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649280)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649280/; classtype:trojan-activity;sid:84512380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168063/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649278/; classtype:trojan-activity;sid:84512378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649279)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649279/; classtype:trojan-activity;sid:84512379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649276)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649276/; classtype:trojan-activity;sid:84512376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649277)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649277/; classtype:trojan-activity;sid:84512377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649275/; classtype:trojan-activity;sid:84512375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649274)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/catalog/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649274/; classtype:trojan-activity;sid:84512374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649272)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649272/; classtype:trojan-activity;sid:84512372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649270/; classtype:trojan-activity;sid:84512370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649266/; classtype:trojan-activity;sid:84512366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649267)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649267/; classtype:trojan-activity;sid:84512367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649264)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649264/; classtype:trojan-activity;sid:84512364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649260)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/07/showplan/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649260/; classtype:trojan-activity;sid:84512360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649259)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649259/; classtype:trojan-activity;sid:84512359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649258)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649258/; classtype:trojan-activity;sid:84512358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649257)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649257/; classtype:trojan-activity;sid:84512357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649256/; classtype:trojan-activity;sid:84512356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649254)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649254/; classtype:trojan-activity;sid:84512354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649249)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649249/; classtype:trojan-activity;sid:84512349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000558592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649250/; classtype:trojan-activity;sid:84512350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649251)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/en/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649251/; classtype:trojan-activity;sid:84512351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649252/; classtype:trojan-activity;sid:84512352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649248)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649248/; classtype:trojan-activity;sid:84512348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649247)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649247/; classtype:trojan-activity;sid:84512347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649245)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/feenmer/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649245/; classtype:trojan-activity;sid:84512345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649244)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649244/; classtype:trojan-activity;sid:84512344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649243/; classtype:trojan-activity;sid:84512343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649242/; classtype:trojan-activity;sid:84512342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649238)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649238/; classtype:trojan-activity;sid:84512338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649239)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/windows%20installer/x86/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649239/; classtype:trojan-activity;sid:84512339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649236)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/ide/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649236/; classtype:trojan-activity;sid:84512336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649235)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649235/; classtype:trojan-activity;sid:84512335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649232)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/90/shared/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649232/; classtype:trojan-activity;sid:84512332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649233)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649233/; classtype:trojan-activity;sid:84512333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649234)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649234/; classtype:trojan-activity;sid:84512334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649231/; classtype:trojan-activity;sid:84512331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649228)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/windows/gac/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649228/; classtype:trojan-activity;sid:84512328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649227)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649227/; classtype:trojan-activity;sid:84512327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649226)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649226/; classtype:trojan-activity;sid:84512326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649223)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/windows/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649223/; classtype:trojan-activity;sid:84512323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649225)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649225/; classtype:trojan-activity;sid:84512325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649222)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649222/; classtype:trojan-activity;sid:84512322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649220)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649220/; classtype:trojan-activity;sid:84512320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649221)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649221/; classtype:trojan-activity;sid:84512321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649218)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649218/; classtype:trojan-activity;sid:84512318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649219)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649219/; classtype:trojan-activity;sid:84512319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649215/; classtype:trojan-activity;sid:84512315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649212)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649212/; classtype:trojan-activity;sid:84512312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649213/; classtype:trojan-activity;sid:84512313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649214)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649214/; classtype:trojan-activity;sid:84512314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649211)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649211/; classtype:trojan-activity;sid:84512311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649210)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649210/; classtype:trojan-activity;sid:84512310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649209)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/zh-chs/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649209/; classtype:trojan-activity;sid:84512309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-12-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649208/; classtype:trojan-activity;sid:84512308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649207)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649207/; classtype:trojan-activity;sid:84512307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649205/; classtype:trojan-activity;sid:84512305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649202)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649202/; classtype:trojan-activity;sid:84512302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649203)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649203/; classtype:trojan-activity;sid:84512303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649200)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/shared/zh-chs/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649200/; classtype:trojan-activity;sid:84512300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649198)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649198/; classtype:trojan-activity;sid:84512298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649196/; classtype:trojan-activity;sid:84512296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649193/; classtype:trojan-activity;sid:84512293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165480/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649189/; classtype:trojan-activity;sid:84512289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649191/; classtype:trojan-activity;sid:84512291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649185)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649185/; classtype:trojan-activity;sid:84512285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649186/; classtype:trojan-activity;sid:84512286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000564863/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649180/; classtype:trojan-activity;sid:84512280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649181)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/sass/demo/helpers/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649181/; classtype:trojan-activity;sid:84512281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649182)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649182/; classtype:trojan-activity;sid:84512282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649184)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649184/; classtype:trojan-activity;sid:84512284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649179/; classtype:trojan-activity;sid:84512279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649178)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649178/; classtype:trojan-activity;sid:84512278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162652/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649173/; classtype:trojan-activity;sid:84512273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649170)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649170/; classtype:trojan-activity;sid:84512270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649171)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649171/; classtype:trojan-activity;sid:84512271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649172)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649172/; classtype:trojan-activity;sid:84512272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649168)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649168/; classtype:trojan-activity;sid:84512268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649163)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649163/; classtype:trojan-activity;sid:84512263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649164)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649164/; classtype:trojan-activity;sid:84512264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649165)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649165/; classtype:trojan-activity;sid:84512265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649162)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649162/; classtype:trojan-activity;sid:84512262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-10-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649160/; classtype:trojan-activity;sid:84512260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649161)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649161/; classtype:trojan-activity;sid:84512261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649157)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649157/; classtype:trojan-activity;sid:84512257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166657/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649158/; classtype:trojan-activity;sid:84512258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649159)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/info.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649159/; classtype:trojan-activity;sid:84512259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649156)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649156/; classtype:trojan-activity;sid:84512256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649150)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649150/; classtype:trojan-activity;sid:84512250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649151)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649151/; classtype:trojan-activity;sid:84512251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649152)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649152/; classtype:trojan-activity;sid:84512252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649153)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/windows/gac_32/zh-chs/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649153/; classtype:trojan-activity;sid:84512253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649147)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649147/; classtype:trojan-activity;sid:84512247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649148)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649148/; classtype:trojan-activity;sid:84512248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649149/; classtype:trojan-activity;sid:84512249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649145/; classtype:trojan-activity;sid:84512245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556239/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649143/; classtype:trojan-activity;sid:84512243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765367/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649144/; classtype:trojan-activity;sid:84512244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625325/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649142/; classtype:trojan-activity;sid:84512242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649141)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649141/; classtype:trojan-activity;sid:84512241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-11-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649137/; classtype:trojan-activity;sid:84512237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649135/; classtype:trojan-activity;sid:84512235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649136/; classtype:trojan-activity;sid:84512236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649130/; classtype:trojan-activity;sid:84512230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649131)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/1033/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649131/; classtype:trojan-activity;sid:84512231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649132)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649132/; classtype:trojan-activity;sid:84512232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649133)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649133/; classtype:trojan-activity;sid:84512233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649128/; classtype:trojan-activity;sid:84512228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649129)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649129/; classtype:trojan-activity;sid:84512229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649126)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649126/; classtype:trojan-activity;sid:84512226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649127)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649127/; classtype:trojan-activity;sid:84512227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168297/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649124/; classtype:trojan-activity;sid:84512224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649121)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649121/; classtype:trojan-activity;sid:84512221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649122)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/1033/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649122/; classtype:trojan-activity;sid:84512222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649120/; classtype:trojan-activity;sid:84512220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168387/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649118/; classtype:trojan-activity;sid:84512218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606634/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649119/; classtype:trojan-activity;sid:84512219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551813/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649110/; classtype:trojan-activity;sid:84512210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-03-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649111/; classtype:trojan-activity;sid:84512211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164394/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649112/; classtype:trojan-activity;sid:84512212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649113)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/upgrdmap/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649113/; classtype:trojan-activity;sid:84512213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649114)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/windows/system32/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649114/; classtype:trojan-activity;sid:84512214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649116)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649116/; classtype:trojan-activity;sid:84512216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649109)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649109/; classtype:trojan-activity;sid:84512209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649106)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649106/; classtype:trojan-activity;sid:84512206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166665/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649107/; classtype:trojan-activity;sid:84512207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224583/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649108/; classtype:trojan-activity;sid:84512208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649100)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetmsp/x64/info.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649100/; classtype:trojan-activity;sid:84512200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649101)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649101/; classtype:trojan-activity;sid:84512201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649102)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649102/; classtype:trojan-activity;sid:84512202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649103)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649103/; classtype:trojan-activity;sid:84512203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649104)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649104/; classtype:trojan-activity;sid:84512204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649097/; classtype:trojan-activity;sid:84512197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649099/; classtype:trojan-activity;sid:84512199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649094)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649094/; classtype:trojan-activity;sid:84512194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649092/; classtype:trojan-activity;sid:84512192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2022-03-09/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649089/; classtype:trojan-activity;sid:84512189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649090)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649090/; classtype:trojan-activity;sid:84512190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649084/; classtype:trojan-activity;sid:84512184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649085)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649085/; classtype:trojan-activity;sid:84512185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649086)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649086/; classtype:trojan-activity;sid:84512186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649088)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/powershell/ia64/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649088/; classtype:trojan-activity;sid:84512188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649082/; classtype:trojan-activity;sid:84512182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649083)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649083/; classtype:trojan-activity;sid:84512183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649081)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/windows/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649081/; classtype:trojan-activity;sid:84512181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649080/; classtype:trojan-activity;sid:84512180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649078/; classtype:trojan-activity;sid:84512178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649074)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/msvs9/common7/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649074/; classtype:trojan-activity;sid:84512174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649075)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649075/; classtype:trojan-activity;sid:84512175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649077/; classtype:trojan-activity;sid:84512177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649071/; classtype:trojan-activity;sid:84512171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649072)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649072/; classtype:trojan-activity;sid:84512172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649070)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649070/; classtype:trojan-activity;sid:84512170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-10-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649068/; classtype:trojan-activity;sid:84512168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649069)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649069/; classtype:trojan-activity;sid:84512169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649066)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649066/; classtype:trojan-activity;sid:84512166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649063)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/sdk/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649063/; classtype:trojan-activity;sid:84512163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649064)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649064/; classtype:trojan-activity;sid:84512164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166183/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649061/; classtype:trojan-activity;sid:84512161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-05-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649062/; classtype:trojan-activity;sid:84512162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649058/; classtype:trojan-activity;sid:84512158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649059)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649059/; classtype:trojan-activity;sid:84512159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649060)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649060/; classtype:trojan-activity;sid:84512160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649057)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649057/; classtype:trojan-activity;sid:84512157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000616852/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649055/; classtype:trojan-activity;sid:84512155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649050/; classtype:trojan-activity;sid:84512150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649051)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649051/; classtype:trojan-activity;sid:84512151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649052)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649052/; classtype:trojan-activity;sid:84512152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649053)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649053/; classtype:trojan-activity;sid:84512153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649054)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649054/; classtype:trojan-activity;sid:84512154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649045)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649045/; classtype:trojan-activity;sid:84512145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649046)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/80/tools/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649046/; classtype:trojan-activity;sid:84512146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649047)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649047/; classtype:trojan-activity;sid:84512147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649048/; classtype:trojan-activity;sid:84512148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649049)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649049/; classtype:trojan-activity;sid:84512149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649041)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649041/; classtype:trojan-activity;sid:84512141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649042)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/2052/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649042/; classtype:trojan-activity;sid:84512142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649043/; classtype:trojan-activity;sid:84512143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649044/; classtype:trojan-activity;sid:84512144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649039/; classtype:trojan-activity;sid:84512139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649040)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649040/; classtype:trojan-activity;sid:84512140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170776/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649033/; classtype:trojan-activity;sid:84512133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649034/; classtype:trojan-activity;sid:84512134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-12-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649035/; classtype:trojan-activity;sid:84512135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649036)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649036/; classtype:trojan-activity;sid:84512136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649037/; classtype:trojan-activity;sid:84512137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649032)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649032/; classtype:trojan-activity;sid:84512132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649031)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649031/; classtype:trojan-activity;sid:84512131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649023)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649023/; classtype:trojan-activity;sid:84512123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649024)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649024/; classtype:trojan-activity;sid:84512124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649025)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649025/; classtype:trojan-activity;sid:84512125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649026)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/cfiles/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649026/; classtype:trojan-activity;sid:84512126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649027/; classtype:trojan-activity;sid:84512127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160718/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649028/; classtype:trojan-activity;sid:84512128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604673/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649029/; classtype:trojan-activity;sid:84512129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649022)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/types/sqltran/info.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649022/; classtype:trojan-activity;sid:84512122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649019)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649019/; classtype:trojan-activity;sid:84512119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649020/; classtype:trojan-activity;sid:84512120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164236/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649021/; classtype:trojan-activity;sid:84512121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649015)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649015/; classtype:trojan-activity;sid:84512115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649016/; classtype:trojan-activity;sid:84512116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649017)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649017/; classtype:trojan-activity;sid:84512117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171640/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649012/; classtype:trojan-activity;sid:84512112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649013)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649013/; classtype:trojan-activity;sid:84512113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649009)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649009/; classtype:trojan-activity;sid:84512109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649010)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/2.0/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649010/; classtype:trojan-activity;sid:84512110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649011)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649011/; classtype:trojan-activity;sid:84512111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649007)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649007/; classtype:trojan-activity;sid:84512107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649008/; classtype:trojan-activity;sid:84512108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649006)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649006/; classtype:trojan-activity;sid:84512106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649004)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649004/; classtype:trojan-activity;sid:84512104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649005/; classtype:trojan-activity;sid:84512105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649002)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649002/; classtype:trojan-activity;sid:84512102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649003/; classtype:trojan-activity;sid:84512103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649001)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649001/; classtype:trojan-activity;sid:84512101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649000)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649000/; classtype:trojan-activity;sid:84512100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-08-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648998/; classtype:trojan-activity;sid:84512098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-05-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648994/; classtype:trojan-activity;sid:84512094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166851/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648995/; classtype:trojan-activity;sid:84512095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648996/; classtype:trojan-activity;sid:84512096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791001053/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648997/; classtype:trojan-activity;sid:84512097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648992)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648992/; classtype:trojan-activity;sid:84512092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648993)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648993/; classtype:trojan-activity;sid:84512093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648987)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648987/; classtype:trojan-activity;sid:84512087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553613/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648988/; classtype:trojan-activity;sid:84512088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648989)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648989/; classtype:trojan-activity;sid:84512089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648990)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648990/; classtype:trojan-activity;sid:84512090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648982/; classtype:trojan-activity;sid:84512082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648983)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648983/; classtype:trojan-activity;sid:84512083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648985)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1042/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648985/; classtype:trojan-activity;sid:84512085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648980)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648980/; classtype:trojan-activity;sid:84512080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648979/; classtype:trojan-activity;sid:84512079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648975)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648975/; classtype:trojan-activity;sid:84512075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172670/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648972/; classtype:trojan-activity;sid:84512072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164510/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648973/; classtype:trojan-activity;sid:84512073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648974)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648974/; classtype:trojan-activity;sid:84512074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648970)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/syswow64/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648970/; classtype:trojan-activity;sid:84512070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648971)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/90/shared/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648971/; classtype:trojan-activity;sid:84512071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648969)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetmsp/ia64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648969/; classtype:trojan-activity;sid:84512069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648962)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648962/; classtype:trojan-activity;sid:84512062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648963/; classtype:trojan-activity;sid:84512063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648964/; classtype:trojan-activity;sid:84512064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648965)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648965/; classtype:trojan-activity;sid:84512065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167219/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648966/; classtype:trojan-activity;sid:84512066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648967)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/windows/gac_32/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648967/; classtype:trojan-activity;sid:84512067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648968/; classtype:trojan-activity;sid:84512068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648960/; classtype:trojan-activity;sid:84512060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171308/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648957/; classtype:trojan-activity;sid:84512057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648956/; classtype:trojan-activity;sid:84512056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171858/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648954/; classtype:trojan-activity;sid:84512054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-21/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648953/; classtype:trojan-activity;sid:84512053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648952/; classtype:trojan-activity;sid:84512052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648946)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648946/; classtype:trojan-activity;sid:84512046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629918/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648941/; classtype:trojan-activity;sid:84512041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/18296147000306/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648942/; classtype:trojan-activity;sid:84512042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648943/; classtype:trojan-activity;sid:84512043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648944)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648944/; classtype:trojan-activity;sid:84512044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648945)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/zh-chs/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648945/; classtype:trojan-activity;sid:84512045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648936/; classtype:trojan-activity;sid:84512036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648934)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648934/; classtype:trojan-activity;sid:84512034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168121/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648933/; classtype:trojan-activity;sid:84512033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648926/; classtype:trojan-activity;sid:84512026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648927/; classtype:trojan-activity;sid:84512027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-02-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648928/; classtype:trojan-activity;sid:84512028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648929)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/powershell/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648929/; classtype:trojan-activity;sid:84512029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648930/; classtype:trojan-activity;sid:84512030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648931/; classtype:trojan-activity;sid:84512031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648932)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648932/; classtype:trojan-activity;sid:84512032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648922)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648922/; classtype:trojan-activity;sid:84512022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648923)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648923/; classtype:trojan-activity;sid:84512023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648924)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648924/; classtype:trojan-activity;sid:84512024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226538/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648921/; classtype:trojan-activity;sid:84512021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648913)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648913/; classtype:trojan-activity;sid:84512013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648914/; classtype:trojan-activity;sid:84512014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648919)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648919/; classtype:trojan-activity;sid:84512019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648911)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648911/; classtype:trojan-activity;sid:84512011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000201084/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648912/; classtype:trojan-activity;sid:84512012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648910)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1036/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648910/; classtype:trojan-activity;sid:84512010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648902)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648902/; classtype:trojan-activity;sid:84512002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648904/; classtype:trojan-activity;sid:84512004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648906)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648906/; classtype:trojan-activity;sid:84512006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648907)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/res/1033/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648907/; classtype:trojan-activity;sid:84512007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648908)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/en/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648908/; classtype:trojan-activity;sid:84512008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648901)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648901/; classtype:trojan-activity;sid:84512001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648900/; classtype:trojan-activity;sid:84512000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648896)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648896/; classtype:trojan-activity;sid:84511996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648897)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648897/; classtype:trojan-activity;sid:84511997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648898/; classtype:trojan-activity;sid:84511998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648894)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/zh-chs/info.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648894/; classtype:trojan-activity;sid:84511994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648891/; classtype:trojan-activity;sid:84511991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171476/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648889/; classtype:trojan-activity;sid:84511989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168551/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648884/; classtype:trojan-activity;sid:84511984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165820/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648885/; classtype:trojan-activity;sid:84511985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603104/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648886/; classtype:trojan-activity;sid:84511986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648879)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648879/; classtype:trojan-activity;sid:84511979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648880)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648880/; classtype:trojan-activity;sid:84511980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-02-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648881/; classtype:trojan-activity;sid:84511981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648882)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648882/; classtype:trojan-activity;sid:84511982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166085/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648872/; classtype:trojan-activity;sid:84511972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648873)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/1033/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648873/; classtype:trojan-activity;sid:84511973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648874)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/2052/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648874/; classtype:trojan-activity;sid:84511974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648876/; classtype:trojan-activity;sid:84511976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648877/; classtype:trojan-activity;sid:84511977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648878)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1040/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648878/; classtype:trojan-activity;sid:84511978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648870)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648870/; classtype:trojan-activity;sid:84511970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648869)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648869/; classtype:trojan-activity;sid:84511969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648865)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/x64/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648865/; classtype:trojan-activity;sid:84511965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648866)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648866/; classtype:trojan-activity;sid:84511966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648867)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648867/; classtype:trojan-activity;sid:84511967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165486/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648868/; classtype:trojan-activity;sid:84511968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648864)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648864/; classtype:trojan-activity;sid:84511964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648863)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648863/; classtype:trojan-activity;sid:84511963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648857)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648857/; classtype:trojan-activity;sid:84511957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169013/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648858/; classtype:trojan-activity;sid:84511958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648856)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648856/; classtype:trojan-activity;sid:84511956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160982/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648854/; classtype:trojan-activity;sid:84511954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648850/; classtype:trojan-activity;sid:84511950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648851)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648851/; classtype:trojan-activity;sid:84511951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000618093/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648852/; classtype:trojan-activity;sid:84511952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648853)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648853/; classtype:trojan-activity;sid:84511953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648848)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648848/; classtype:trojan-activity;sid:84511948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165826/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648849/; classtype:trojan-activity;sid:84511949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648846)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648846/; classtype:trojan-activity;sid:84511946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648847)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648847/; classtype:trojan-activity;sid:84511947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648841/; classtype:trojan-activity;sid:84511941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648842)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648842/; classtype:trojan-activity;sid:84511942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648843)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648843/; classtype:trojan-activity;sid:84511943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648844)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648844/; classtype:trojan-activity;sid:84511944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648845)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648845/; classtype:trojan-activity;sid:84511945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648840)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648840/; classtype:trojan-activity;sid:84511940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648837)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/sdk/assembly/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648837/; classtype:trojan-activity;sid:84511937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648838)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648838/; classtype:trojan-activity;sid:84511938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648833)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648833/; classtype:trojan-activity;sid:84511933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648834)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648834/; classtype:trojan-activity;sid:84511934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648830/; classtype:trojan-activity;sid:84511930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591547/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648832/; classtype:trojan-activity;sid:84511932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648828/; classtype:trojan-activity;sid:84511928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648829)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648829/; classtype:trojan-activity;sid:84511929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648823)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648823/; classtype:trojan-activity;sid:84511923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648824/; classtype:trojan-activity;sid:84511924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171450/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648825/; classtype:trojan-activity;sid:84511925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648826)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648826/; classtype:trojan-activity;sid:84511926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648822)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648822/; classtype:trojan-activity;sid:84511922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166307/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648819/; classtype:trojan-activity;sid:84511919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648820/; classtype:trojan-activity;sid:84511920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648821)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648821/; classtype:trojan-activity;sid:84511921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648817)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648817/; classtype:trojan-activity;sid:84511917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648818)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648818/; classtype:trojan-activity;sid:84511918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648814)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648814/; classtype:trojan-activity;sid:84511914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648815)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648815/; classtype:trojan-activity;sid:84511915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648816)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648816/; classtype:trojan-activity;sid:84511916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648813)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648813/; classtype:trojan-activity;sid:84511913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648812/; classtype:trojan-activity;sid:84511912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171228/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648811/; classtype:trojan-activity;sid:84511911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648809)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648809/; classtype:trojan-activity;sid:84511909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648810/; classtype:trojan-activity;sid:84511910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648808)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648808/; classtype:trojan-activity;sid:84511908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648807)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/priassem/busproj/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648807/; classtype:trojan-activity;sid:84511907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648805/; classtype:trojan-activity;sid:84511905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648806/; classtype:trojan-activity;sid:84511906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648802/; classtype:trojan-activity;sid:84511902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648803)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648803/; classtype:trojan-activity;sid:84511903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648804)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648804/; classtype:trojan-activity;sid:84511904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595439/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648798/; classtype:trojan-activity;sid:84511898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648799/; classtype:trojan-activity;sid:84511899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648800)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648800/; classtype:trojan-activity;sid:84511900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648795)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/90/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648795/; classtype:trojan-activity;sid:84511895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648796)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648796/; classtype:trojan-activity;sid:84511896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648797)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/windows/gac/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648797/; classtype:trojan-activity;sid:84511897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648789/; classtype:trojan-activity;sid:84511889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648790/; classtype:trojan-activity;sid:84511890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648791/; classtype:trojan-activity;sid:84511891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648792)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/redist/dotnetframeworks/dotnetfx35/ia64/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648792/; classtype:trojan-activity;sid:84511892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648793)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648793/; classtype:trojan-activity;sid:84511893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625549/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648788/; classtype:trojan-activity;sid:84511888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648784)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648784/; classtype:trojan-activity;sid:84511884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648785/; classtype:trojan-activity;sid:84511885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648786)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648786/; classtype:trojan-activity;sid:84511886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648780/; classtype:trojan-activity;sid:84511880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168291/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648781/; classtype:trojan-activity;sid:84511881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648782)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1031/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648782/; classtype:trojan-activity;sid:84511882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648778/; classtype:trojan-activity;sid:84511878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648775)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/plcomps/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648775/; classtype:trojan-activity;sid:84511875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648776)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648776/; classtype:trojan-activity;sid:84511876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648772)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648772/; classtype:trojan-activity;sid:84511872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648774)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/com/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648774/; classtype:trojan-activity;sid:84511874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648768/; classtype:trojan-activity;sid:84511868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648769)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/2052/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648769/; classtype:trojan-activity;sid:84511869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648770)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648770/; classtype:trojan-activity;sid:84511870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648771/; classtype:trojan-activity;sid:84511871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648764)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648764/; classtype:trojan-activity;sid:84511864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648763)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/tasks/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648763/; classtype:trojan-activity;sid:84511863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648762)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp64/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648762/; classtype:trojan-activity;sid:84511862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-05-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648759/; classtype:trojan-activity;sid:84511859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648761)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/2052/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648761/; classtype:trojan-activity;sid:84511861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602408/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648758/; classtype:trojan-activity;sid:84511858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648753/; classtype:trojan-activity;sid:84511853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553198/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648755/; classtype:trojan-activity;sid:84511855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648756)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648756/; classtype:trojan-activity;sid:84511856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648757/; classtype:trojan-activity;sid:84511857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172872/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648750/; classtype:trojan-activity;sid:84511850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648751)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648751/; classtype:trojan-activity;sid:84511851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648748)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648748/; classtype:trojan-activity;sid:84511848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648746/; classtype:trojan-activity;sid:84511846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648744)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648744/; classtype:trojan-activity;sid:84511844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648738)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648738/; classtype:trojan-activity;sid:84511838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648739)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648739/; classtype:trojan-activity;sid:84511839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648741/; classtype:trojan-activity;sid:84511841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648742)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/zh-chs/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648742/; classtype:trojan-activity;sid:84511842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648743)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/provdesc/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648743/; classtype:trojan-activity;sid:84511843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648735)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/famen/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648735/; classtype:trojan-activity;sid:84511835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648736/; classtype:trojan-activity;sid:84511836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648737/; classtype:trojan-activity;sid:84511837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648733)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/tools/binn/res/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648733/; classtype:trojan-activity;sid:84511833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648731)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx35/x64/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648731/; classtype:trojan-activity;sid:84511831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648732)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/pfiles/sqlservr/100/com/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648732/; classtype:trojan-activity;sid:84511832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648729)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/shared/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648729/; classtype:trojan-activity;sid:84511829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648730)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648730/; classtype:trojan-activity;sid:84511830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648728/; classtype:trojan-activity;sid:84511828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648726)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/keyfile/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648726/; classtype:trojan-activity;sid:84511826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648727)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1041/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648727/; classtype:trojan-activity;sid:84511827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648725/; classtype:trojan-activity;sid:84511825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648724)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/sqltypes/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648724/; classtype:trojan-activity;sid:84511824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585561/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648722/; classtype:trojan-activity;sid:84511822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648721)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1046/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648721/; classtype:trojan-activity;sid:84511821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648718)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/80/tools/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648718/; classtype:trojan-activity;sid:84511818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648719/; classtype:trojan-activity;sid:84511819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648716)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/tools/binn/res/2052/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648716/; classtype:trojan-activity;sid:84511816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648715)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_msi/windows/system32/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648715/; classtype:trojan-activity;sid:84511815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648714)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648714/; classtype:trojan-activity;sid:84511814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648713)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648713/; classtype:trojan-activity;sid:84511813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648712/; classtype:trojan-activity;sid:84511812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648711/; classtype:trojan-activity;sid:84511811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648710/; classtype:trojan-activity;sid:84511810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648708/; classtype:trojan-activity;sid:84511808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648707/; classtype:trojan-activity;sid:84511807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648706/; classtype:trojan-activity;sid:84511806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648705)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648705/; classtype:trojan-activity;sid:84511805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648703)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/connect/zh-chs/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648703/; classtype:trojan-activity;sid:84511803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648700/; classtype:trojan-activity;sid:84511800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648701)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648701/; classtype:trojan-activity;sid:84511801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648702/; classtype:trojan-activity;sid:84511802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648698/; classtype:trojan-activity;sid:84511798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648699)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648699/; classtype:trojan-activity;sid:84511799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648695)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2006/11/events/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648695/; classtype:trojan-activity;sid:84511795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648693/; classtype:trojan-activity;sid:84511793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648692/; classtype:trojan-activity;sid:84511792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648689/; classtype:trojan-activity;sid:84511789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648690/; classtype:trojan-activity;sid:84511790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168329/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648686/; classtype:trojan-activity;sid:84511786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648687)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/shared/2052/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648687/; classtype:trojan-activity;sid:84511787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167041/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648682/; classtype:trojan-activity;sid:84511782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648679/; classtype:trojan-activity;sid:84511779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648680/; classtype:trojan-activity;sid:84511780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648674/; classtype:trojan-activity;sid:84511774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648675/; classtype:trojan-activity;sid:84511775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648673)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648673/; classtype:trojan-activity;sid:84511773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648670/; classtype:trojan-activity;sid:84511770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648671)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648671/; classtype:trojan-activity;sid:84511771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566430/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648672/; classtype:trojan-activity;sid:84511772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604501/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648669/; classtype:trojan-activity;sid:84511769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648664)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/upgrade/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648664/; classtype:trojan-activity;sid:84511764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648665)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648665/; classtype:trojan-activity;sid:84511765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648654)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles32/sqlservr/100/tools/binn/schemas/sqlservr/2004/soap/options/info.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648654/; classtype:trojan-activity;sid:84511754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648655/; classtype:trojan-activity;sid:84511755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648656/; classtype:trojan-activity;sid:84511756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230417/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648657/; classtype:trojan-activity;sid:84511757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648658)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648658/; classtype:trojan-activity;sid:84511758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648659)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648659/; classtype:trojan-activity;sid:84511759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648660/; classtype:trojan-activity;sid:84511760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648651)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648651/; classtype:trojan-activity;sid:84511751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648649/; classtype:trojan-activity;sid:84511749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648648)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648648/; classtype:trojan-activity;sid:84511748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-06-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648644/; classtype:trojan-activity;sid:84511744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648645)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_loc_msi/2052/pfiles32/sqlservr/100/tools/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648645/; classtype:trojan-activity;sid:84511745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648647/; classtype:trojan-activity;sid:84511747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648641)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648641/; classtype:trojan-activity;sid:84511741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648640/; classtype:trojan-activity;sid:84511740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604491/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648637/; classtype:trojan-activity;sid:84511737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648638/; classtype:trojan-activity;sid:84511738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585614/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648630/; classtype:trojan-activity;sid:84511730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648620)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/dlltmp32/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648620/; classtype:trojan-activity;sid:84511720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648621)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/shared/vs2008/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648621/; classtype:trojan-activity;sid:84511721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-10-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648622/; classtype:trojan-activity;sid:84511722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648623/; classtype:trojan-activity;sid:84511723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648625/; classtype:trojan-activity;sid:84511725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648626)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/fonts/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648626/; classtype:trojan-activity;sid:84511726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648609)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/sdk/assembly/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648609/; classtype:trojan-activity;sid:84511709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648611/; classtype:trojan-activity;sid:84511711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648612)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648612/; classtype:trojan-activity;sid:84511712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648613)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648613/; classtype:trojan-activity;sid:84511713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648614/; classtype:trojan-activity;sid:84511714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648615)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/sqlservr/100/com/res/1033/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648615/; classtype:trojan-activity;sid:84511715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648618)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648618/; classtype:trojan-activity;sid:84511718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648619)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648619/; classtype:trojan-activity;sid:84511719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_msi/pfiles/sqlservr/mssql.x/mssql/binn/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648603/; classtype:trojan-activity;sid:84511703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648604/; classtype:trojan-activity;sid:84511704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648605)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/zh-chs/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648605/; classtype:trojan-activity;sid:84511705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648606/; classtype:trojan-activity;sid:84511706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648607)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648607/; classtype:trojan-activity;sid:84511707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648608)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/feenmer/en/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648608/; classtype:trojan-activity;sid:84511708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648602)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648602/; classtype:trojan-activity;sid:84511702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648599/; classtype:trojan-activity;sid:84511699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648600/; classtype:trojan-activity;sid:84511700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648601)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1049/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648601/; classtype:trojan-activity;sid:84511701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648598)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_inst_loc_msi/2052/pfiles/sqlservr/mssql.x/mssql/binn/res/1028/info.zip"; http_uri; depth:146; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648598/; classtype:trojan-activity;sid:84511698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648595)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648595/; classtype:trojan-activity;sid:84511695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648597)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/pfiles/msnet/adomd.net/100/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648597/; classtype:trojan-activity;sid:84511697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648594/; classtype:trojan-activity;sid:84511694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648593)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/tools/binn/vsshell/common7/ide/info.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648593/; classtype:trojan-activity;sid:84511693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648592/; classtype:trojan-activity;sid:84511692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648591)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_common_core_loc_msi/2052/windows/gac/zh-chs/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648591/; classtype:trojan-activity;sid:84511691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171240/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648590/; classtype:trojan-activity;sid:84511690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648576)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/connect/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648576/; classtype:trojan-activity;sid:84511676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648577)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648577/; classtype:trojan-activity;sid:84511677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648578)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/fonts/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648578/; classtype:trojan-activity;sid:84511678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648579)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/sqlservr/100/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648579/; classtype:trojan-activity;sid:84511679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648581)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/sqlservr/100/dts/binn/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648581/; classtype:trojan-activity;sid:84511681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648582)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_engine_core_shared_msi/pfiles/msvs9/common7/ide/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648582/; classtype:trojan-activity;sid:84511682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-03-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648585/; classtype:trojan-activity;sid:84511685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648586)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/tools/binn/zh-chs/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648586/; classtype:trojan-activity;sid:84511686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648587)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648587/; classtype:trojan-activity;sid:84511687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648588/; classtype:trojan-activity;sid:84511688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648566)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_engine_core_shared_loc_msi/2052/pfiles/sqlservr/100/dts/plcomps/res/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648566/; classtype:trojan-activity;sid:84511666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648567/; classtype:trojan-activity;sid:84511667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600290/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648568/; classtype:trojan-activity;sid:84511668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648569)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648569/; classtype:trojan-activity;sid:84511669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648570)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/setup/sql_common_core_loc_msi/2052/pfiles32/msnet/adomd.net/100/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648570/; classtype:trojan-activity;sid:84511670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172690/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648571/; classtype:trojan-activity;sid:84511671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-03-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648572/; classtype:trojan-activity;sid:84511672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648564)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x64/setup/sql_common_core_msi/pfiles32/sqlservr/100/tools/binn/vsshell/common7/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648564/; classtype:trojan-activity;sid:84511664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624763/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648558/; classtype:trojan-activity;sid:84511658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648559)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/x86/redist/dotnetframeworks/dotnetfx20/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648559/; classtype:trojan-activity;sid:84511659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2019-08-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648561/; classtype:trojan-activity;sid:84511661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171726/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648562/; classtype:trojan-activity;sid:84511662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648549)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250606-148/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648549/; classtype:trojan-activity;sid:84511649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648548)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240417-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648548/; classtype:trojan-activity;sid:84511648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648546)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pbdll/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648546/; classtype:trojan-activity;sid:84511646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240625-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648547/; classtype:trojan-activity;sid:84511647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648544)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221219-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648544/; classtype:trojan-activity;sid:84511644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648545)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648545/; classtype:trojan-activity;sid:84511645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648542/; classtype:trojan-activity;sid:84511642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648541)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648541/; classtype:trojan-activity;sid:84511641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648537)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250610-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648537/; classtype:trojan-activity;sid:84511637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648538)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648538/; classtype:trojan-activity;sid:84511638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648539)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241205-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648539/; classtype:trojan-activity;sid:84511639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648540)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220804-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648540/; classtype:trojan-activity;sid:84511640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648534)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648534/; classtype:trojan-activity;sid:84511634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648535)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250709-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648535/; classtype:trojan-activity;sid:84511635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648536)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211026-077/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648536/; classtype:trojan-activity;sid:84511636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648530)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220317-085/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648530/; classtype:trojan-activity;sid:84511630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648531)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241128-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648531/; classtype:trojan-activity;sid:84511631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648532)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231228-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648532/; classtype:trojan-activity;sid:84511632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648533)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220916-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648533/; classtype:trojan-activity;sid:84511633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648528)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250616-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648528/; classtype:trojan-activity;sid:84511628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648529)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648529/; classtype:trojan-activity;sid:84511629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648525)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648525/; classtype:trojan-activity;sid:84511625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648527)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20pictures/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648527/; classtype:trojan-activity;sid:84511627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648522)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648522/; classtype:trojan-activity;sid:84511622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648524)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648524/; classtype:trojan-activity;sid:84511624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648515)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/update/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648515/; classtype:trojan-activity;sid:84511615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648517)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648517/; classtype:trojan-activity;sid:84511617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648518)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648518/; classtype:trojan-activity;sid:84511618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648512)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/setup/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648512/; classtype:trojan-activity;sid:84511612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648501)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/fonts/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648501/; classtype:trojan-activity;sid:84511601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648502)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230327-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648502/; classtype:trojan-activity;sid:84511602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648504)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648504/; classtype:trojan-activity;sid:84511604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648505)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw60/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648505/; classtype:trojan-activity;sid:84511605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648506)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648506/; classtype:trojan-activity;sid:84511606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648509)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231116-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648509/; classtype:trojan-activity;sid:84511609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648511)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648511/; classtype:trojan-activity;sid:84511611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648496)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648496/; classtype:trojan-activity;sid:84511596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648499)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648499/; classtype:trojan-activity;sid:84511599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648495)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648495/; classtype:trojan-activity;sid:84511595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648492)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250715-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648492/; classtype:trojan-activity;sid:84511592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648493)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648493/; classtype:trojan-activity;sid:84511593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648489)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0606/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648489/; classtype:trojan-activity;sid:84511589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648483)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648483/; classtype:trojan-activity;sid:84511583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648485)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240111-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648485/; classtype:trojan-activity;sid:84511585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648486)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210802-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648486/; classtype:trojan-activity;sid:84511586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648487)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/_pb%20decompiler%20dws/bjgl.pbd/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648487/; classtype:trojan-activity;sid:84511587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648480)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241016-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648480/; classtype:trojan-activity;sid:84511580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648479)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648479/; classtype:trojan-activity;sid:84511579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648475)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240403-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648475/; classtype:trojan-activity;sid:84511575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648476)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648476/; classtype:trojan-activity;sid:84511576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648477)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/logic/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648477/; classtype:trojan-activity;sid:84511577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648473)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648473/; classtype:trojan-activity;sid:84511573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648474)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220624-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648474/; classtype:trojan-activity;sid:84511574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648471)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231113-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648471/; classtype:trojan-activity;sid:84511571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648472)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/_pb%20decompiler%20dws/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648472/; classtype:trojan-activity;sid:84511572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648470)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231113-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648470/; classtype:trojan-activity;sid:84511570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648467)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648467/; classtype:trojan-activity;sid:84511567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648468)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240527-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648468/; classtype:trojan-activity;sid:84511568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648469)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648469/; classtype:trojan-activity;sid:84511569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648463)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648463/; classtype:trojan-activity;sid:84511563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648464)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648464/; classtype:trojan-activity;sid:84511564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648465)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/notanalyze/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648465/; classtype:trojan-activity;sid:84511565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648461)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648461/; classtype:trojan-activity;sid:84511561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648460)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231101-141/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648460/; classtype:trojan-activity;sid:84511560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648458)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648458/; classtype:trojan-activity;sid:84511558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648459)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648459/; classtype:trojan-activity;sid:84511559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648456)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648456/; classtype:trojan-activity;sid:84511556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648457)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/ppw0200/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648457/; classtype:trojan-activity;sid:84511557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648455)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250603-136/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648455/; classtype:trojan-activity;sid:84511555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648452)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648452/; classtype:trojan-activity;sid:84511552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648453)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240718-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648453/; classtype:trojan-activity;sid:84511553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648454)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211109-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648454/; classtype:trojan-activity;sid:84511554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648451)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250208-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648451/; classtype:trojan-activity;sid:84511551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648445)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648445/; classtype:trojan-activity;sid:84511545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648446)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648446/; classtype:trojan-activity;sid:84511546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648447)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241123-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648447/; classtype:trojan-activity;sid:84511547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648448)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220111-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648448/; classtype:trojan-activity;sid:84511548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648450)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pdffactory_pro_setup/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648450/; classtype:trojan-activity;sid:84511550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648443)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648443/; classtype:trojan-activity;sid:84511543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648444)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230323-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648444/; classtype:trojan-activity;sid:84511544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648430)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240608-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648430/; classtype:trojan-activity;sid:84511530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648419)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/scd/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648419/; classtype:trojan-activity;sid:84511519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648420)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/2052/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648420/; classtype:trojan-activity;sid:84511520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648421)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/logic/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648421/; classtype:trojan-activity;sid:84511521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648422)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230213-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648422/; classtype:trojan-activity;sid:84511522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648413)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240914-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648413/; classtype:trojan-activity;sid:84511513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648417)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240803-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648417/; classtype:trojan-activity;sid:84511517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648405)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648405/; classtype:trojan-activity;sid:84511505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648406)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240326-093/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648406/; classtype:trojan-activity;sid:84511506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648407)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230518-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648407/; classtype:trojan-activity;sid:84511507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648408)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211218-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648408/; classtype:trojan-activity;sid:84511508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648410)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648410/; classtype:trojan-activity;sid:84511510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648398)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231008-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648398/; classtype:trojan-activity;sid:84511498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648399)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648399/; classtype:trojan-activity;sid:84511499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648400)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221017-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648400/; classtype:trojan-activity;sid:84511500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648401)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241007-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648401/; classtype:trojan-activity;sid:84511501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648402)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221118-098/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648402/; classtype:trojan-activity;sid:84511502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648403)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230817-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648403/; classtype:trojan-activity;sid:84511503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648404)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648404/; classtype:trojan-activity;sid:84511504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648395)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240329-083/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648395/; classtype:trojan-activity;sid:84511495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648396)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648396/; classtype:trojan-activity;sid:84511496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648397)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250709-032/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648397/; classtype:trojan-activity;sid:84511497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648393)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250617-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648393/; classtype:trojan-activity;sid:84511493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648392)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220503-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648392/; classtype:trojan-activity;sid:84511492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648386)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648386/; classtype:trojan-activity;sid:84511486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648387)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648387/; classtype:trojan-activity;sid:84511487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648388)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241024-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648388/; classtype:trojan-activity;sid:84511488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648389)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230719-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648389/; classtype:trojan-activity;sid:84511489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648384)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648384/; classtype:trojan-activity;sid:84511484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648381)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648381/; classtype:trojan-activity;sid:84511481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648382)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241017-088/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648382/; classtype:trojan-activity;sid:84511482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648377)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648377/; classtype:trojan-activity;sid:84511477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648378)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648378/; classtype:trojan-activity;sid:84511478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648379)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230829-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648379/; classtype:trojan-activity;sid:84511479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648375)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240111-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648375/; classtype:trojan-activity;sid:84511475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648376)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648376/; classtype:trojan-activity;sid:84511476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648374)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240905-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648374/; classtype:trojan-activity;sid:84511474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648373)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231114-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648373/; classtype:trojan-activity;sid:84511473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648371)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210901-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648371/; classtype:trojan-activity;sid:84511471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648367)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240402-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648367/; classtype:trojan-activity;sid:84511467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648368)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/e3ee6be74f9a/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648368/; classtype:trojan-activity;sid:84511468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648369)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231206-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648369/; classtype:trojan-activity;sid:84511469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648370)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648370/; classtype:trojan-activity;sid:84511470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648365)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221130-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648365/; classtype:trojan-activity;sid:84511465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648366)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648366/; classtype:trojan-activity;sid:84511466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648363)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648363/; classtype:trojan-activity;sid:84511463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648364)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230309-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648364/; classtype:trojan-activity;sid:84511464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648361)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1050/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648361/; classtype:trojan-activity;sid:84511461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648357)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/vinod982038189896/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648357/; classtype:trojan-activity;sid:84511457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648360)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648360/; classtype:trojan-activity;sid:84511460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648354)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/unused%20desktop%20shortcuts/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648354/; classtype:trojan-activity;sid:84511454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648350)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241021-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648350/; classtype:trojan-activity;sid:84511450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648352)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648352/; classtype:trojan-activity;sid:84511452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648339)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648339/; classtype:trojan-activity;sid:84511439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648342)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230904-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648342/; classtype:trojan-activity;sid:84511442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648344)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250523-124/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648344/; classtype:trojan-activity;sid:84511444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648334)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648334/; classtype:trojan-activity;sid:84511434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648337)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231024-129/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648337/; classtype:trojan-activity;sid:84511437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648338)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/xiangdan/210721-020/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648338/; classtype:trojan-activity;sid:84511438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648331)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648331/; classtype:trojan-activity;sid:84511431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648333)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240425-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648333/; classtype:trojan-activity;sid:84511433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648330)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648330/; classtype:trojan-activity;sid:84511430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648329)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648329/; classtype:trojan-activity;sid:84511429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648327)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648327/; classtype:trojan-activity;sid:84511427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648328)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221019-077/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648328/; classtype:trojan-activity;sid:84511428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648323)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648323/; classtype:trojan-activity;sid:84511423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648324)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648324/; classtype:trojan-activity;sid:84511424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648325)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1150/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648325/; classtype:trojan-activity;sid:84511425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648319)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648319/; classtype:trojan-activity;sid:84511419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648320)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648320/; classtype:trojan-activity;sid:84511420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648322)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648322/; classtype:trojan-activity;sid:84511422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648317)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648317/; classtype:trojan-activity;sid:84511417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648318)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648318/; classtype:trojan-activity;sid:84511418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648316)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648316/; classtype:trojan-activity;sid:84511416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648314)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250702-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648314/; classtype:trojan-activity;sid:84511414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648311)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230317-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648311/; classtype:trojan-activity;sid:84511411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648312)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211215-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648312/; classtype:trojan-activity;sid:84511412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648310)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230511-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648310/; classtype:trojan-activity;sid:84511410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648308)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648308/; classtype:trojan-activity;sid:84511408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648309)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/sysdll/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648309/; classtype:trojan-activity;sid:84511409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648306)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648306/; classtype:trojan-activity;sid:84511406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648302)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648302/; classtype:trojan-activity;sid:84511402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648303)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240219-116/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648303/; classtype:trojan-activity;sid:84511403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648304)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210918-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648304/; classtype:trojan-activity;sid:84511404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648305)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211116-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648305/; classtype:trojan-activity;sid:84511405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648301)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240708-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648301/; classtype:trojan-activity;sid:84511401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648299)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648299/; classtype:trojan-activity;sid:84511399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648296)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220217-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648296/; classtype:trojan-activity;sid:84511396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648291)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648291/; classtype:trojan-activity;sid:84511391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648292)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648292/; classtype:trojan-activity;sid:84511392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648295)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648295/; classtype:trojan-activity;sid:84511395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648288)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240122-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648288/; classtype:trojan-activity;sid:84511388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648289)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/ppw0200/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648289/; classtype:trojan-activity;sid:84511389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648290)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/1033/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648290/; classtype:trojan-activity;sid:84511390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648287)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pbdll/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648287/; classtype:trojan-activity;sid:84511387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648284)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240724-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648284/; classtype:trojan-activity;sid:84511384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648285)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648285/; classtype:trojan-activity;sid:84511385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648282)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648282/; classtype:trojan-activity;sid:84511382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648279)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648279/; classtype:trojan-activity;sid:84511379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648277)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241205-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648277/; classtype:trojan-activity;sid:84511377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648275)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250513-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648275/; classtype:trojan-activity;sid:84511375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648276)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210911-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648276/; classtype:trojan-activity;sid:84511376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648273)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648273/; classtype:trojan-activity;sid:84511373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648272)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648272/; classtype:trojan-activity;sid:84511372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648269)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648269/; classtype:trojan-activity;sid:84511369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648270)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250403-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648270/; classtype:trojan-activity;sid:84511370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648266)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241017-114/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648266/; classtype:trojan-activity;sid:84511366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648265)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648265/; classtype:trojan-activity;sid:84511365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648262)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648262/; classtype:trojan-activity;sid:84511362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648258)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648258/; classtype:trojan-activity;sid:84511358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648259)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0505/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648259/; classtype:trojan-activity;sid:84511359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648260)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648260/; classtype:trojan-activity;sid:84511360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648255)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-010/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648255/; classtype:trojan-activity;sid:84511355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648254)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210826-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648254/; classtype:trojan-activity;sid:84511354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648252)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648252/; classtype:trojan-activity;sid:84511352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648253)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/sysdll/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648253/; classtype:trojan-activity;sid:84511353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648251)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250331-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648251/; classtype:trojan-activity;sid:84511351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648250)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648250/; classtype:trojan-activity;sid:84511350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648249)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648249/; classtype:trojan-activity;sid:84511349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648248)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-022/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648248/; classtype:trojan-activity;sid:84511348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648246)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250410-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648246/; classtype:trojan-activity;sid:84511346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648247)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230508-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648247/; classtype:trojan-activity;sid:84511347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648243)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648243/; classtype:trojan-activity;sid:84511343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648244)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648244/; classtype:trojan-activity;sid:84511344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648245)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/css/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648245/; classtype:trojan-activity;sid:84511345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648241)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1250/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648241/; classtype:trojan-activity;sid:84511341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648242)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648242/; classtype:trojan-activity;sid:84511342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648240)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220528-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648240/; classtype:trojan-activity;sid:84511340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648229)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250717-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648229/; classtype:trojan-activity;sid:84511329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648230)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221118-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648230/; classtype:trojan-activity;sid:84511330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648231)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240312-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648231/; classtype:trojan-activity;sid:84511331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648233)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221207-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648233/; classtype:trojan-activity;sid:84511333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648228)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1050/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648228/; classtype:trojan-activity;sid:84511328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648223)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/otherup/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648223/; classtype:trojan-activity;sid:84511323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648224)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241225-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648224/; classtype:trojan-activity;sid:84511324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648227)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648227/; classtype:trojan-activity;sid:84511327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648222)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648222/; classtype:trojan-activity;sid:84511322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648220)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648220/; classtype:trojan-activity;sid:84511320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648221)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648221/; classtype:trojan-activity;sid:84511321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648219)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230327-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648219/; classtype:trojan-activity;sid:84511319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648213)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/downloads/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648213/; classtype:trojan-activity;sid:84511313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648215)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220809-080/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648215/; classtype:trojan-activity;sid:84511315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648216)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648216/; classtype:trojan-activity;sid:84511316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648211)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648211/; classtype:trojan-activity;sid:84511311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648212)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648212/; classtype:trojan-activity;sid:84511312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648205)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250408-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648205/; classtype:trojan-activity;sid:84511305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648206)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250315-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648206/; classtype:trojan-activity;sid:84511306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648207)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230922-167/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648207/; classtype:trojan-activity;sid:84511307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648201)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648201/; classtype:trojan-activity;sid:84511301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648204)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250301-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648204/; classtype:trojan-activity;sid:84511304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648194)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648194/; classtype:trojan-activity;sid:84511294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648195)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0900/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648195/; classtype:trojan-activity;sid:84511295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648196)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648196/; classtype:trojan-activity;sid:84511296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648198)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220428-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648198/; classtype:trojan-activity;sid:84511298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648199)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648199/; classtype:trojan-activity;sid:84511299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648200)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240131-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648200/; classtype:trojan-activity;sid:84511300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648191)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0700/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648191/; classtype:trojan-activity;sid:84511291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648192)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw90/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648192/; classtype:trojan-activity;sid:84511292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648193)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220211-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648193/; classtype:trojan-activity;sid:84511293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648190)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648190/; classtype:trojan-activity;sid:84511290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648185)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648185/; classtype:trojan-activity;sid:84511285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648186)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648186/; classtype:trojan-activity;sid:84511286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648181)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648181/; classtype:trojan-activity;sid:84511281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648182)"; flow:established,from_client; content:"GET"; http_method; content:"/test/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"202.84.41.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648182/; classtype:trojan-activity;sid:84511282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648183)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0505/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648183/; classtype:trojan-activity;sid:84511283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648184)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230415-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648184/; classtype:trojan-activity;sid:84511284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648176)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648176/; classtype:trojan-activity;sid:84511276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648177)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648177/; classtype:trojan-activity;sid:84511277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648173)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230712-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648173/; classtype:trojan-activity;sid:84511273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648174)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221201-071/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648174/; classtype:trojan-activity;sid:84511274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648168)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648168/; classtype:trojan-activity;sid:84511268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648169)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250613-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648169/; classtype:trojan-activity;sid:84511269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648166)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241019-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648166/; classtype:trojan-activity;sid:84511266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648164)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648164/; classtype:trojan-activity;sid:84511264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648165)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648165/; classtype:trojan-activity;sid:84511265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648157)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648157/; classtype:trojan-activity;sid:84511257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648158)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648158/; classtype:trojan-activity;sid:84511258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648160)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240918-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648160/; classtype:trojan-activity;sid:84511260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648161)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1250/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648161/; classtype:trojan-activity;sid:84511261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648155)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/e3ee6be74f9a/info.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648155/; classtype:trojan-activity;sid:84511255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648149)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240403-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648149/; classtype:trojan-activity;sid:84511249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648151)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250613-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648151/; classtype:trojan-activity;sid:84511251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648145)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648145/; classtype:trojan-activity;sid:84511245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648143)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648143/; classtype:trojan-activity;sid:84511243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648138)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648138/; classtype:trojan-activity;sid:84511238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648139)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230705-085/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648139/; classtype:trojan-activity;sid:84511239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648140)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648140/; classtype:trojan-activity;sid:84511240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648141)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648141/; classtype:trojan-activity;sid:84511241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648142)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240823-011/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648142/; classtype:trojan-activity;sid:84511242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648135)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250421-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648135/; classtype:trojan-activity;sid:84511235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648136)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648136/; classtype:trojan-activity;sid:84511236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648130)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230310-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648130/; classtype:trojan-activity;sid:84511230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648131)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250310-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648131/; classtype:trojan-activity;sid:84511231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648125)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pbdll/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648125/; classtype:trojan-activity;sid:84511225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648127)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648127/; classtype:trojan-activity;sid:84511227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648118)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/setup/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648118/; classtype:trojan-activity;sid:84511218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648119)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648119/; classtype:trojan-activity;sid:84511219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648120)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648120/; classtype:trojan-activity;sid:84511220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648121)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0800/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648121/; classtype:trojan-activity;sid:84511221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648116)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221130-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648116/; classtype:trojan-activity;sid:84511216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648117)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648117/; classtype:trojan-activity;sid:84511217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648114)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648114/; classtype:trojan-activity;sid:84511214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648112)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/vinod982038189896/history/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648112/; classtype:trojan-activity;sid:84511212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648111)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240717-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648111/; classtype:trojan-activity;sid:84511211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648107)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220715-064/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648107/; classtype:trojan-activity;sid:84511207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648108)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240525-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648108/; classtype:trojan-activity;sid:84511208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648109)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648109/; classtype:trojan-activity;sid:84511209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648110)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648110/; classtype:trojan-activity;sid:84511210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648105)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-054/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648105/; classtype:trojan-activity;sid:84511205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648103)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240329-100/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648103/; classtype:trojan-activity;sid:84511203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648099)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230310-090/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648099/; classtype:trojan-activity;sid:84511199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648100)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-042/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648100/; classtype:trojan-activity;sid:84511200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648097)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250625-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648097/; classtype:trojan-activity;sid:84511197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648090)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210909-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648090/; classtype:trojan-activity;sid:84511190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648088)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648088/; classtype:trojan-activity;sid:84511188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648084)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240523-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648084/; classtype:trojan-activity;sid:84511184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648086)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648086/; classtype:trojan-activity;sid:84511186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648082)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648082/; classtype:trojan-activity;sid:84511182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648083)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/help/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648083/; classtype:trojan-activity;sid:84511183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648081)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-074/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648081/; classtype:trojan-activity;sid:84511181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648074)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230826-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648074/; classtype:trojan-activity;sid:84511174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648076)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648076/; classtype:trojan-activity;sid:84511176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648070)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648070/; classtype:trojan-activity;sid:84511170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648071)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648071/; classtype:trojan-activity;sid:84511171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648068)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210907-038/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648068/; classtype:trojan-activity;sid:84511168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648065)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250721-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648065/; classtype:trojan-activity;sid:84511165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648066)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210103-001/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648066/; classtype:trojan-activity;sid:84511166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648067)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pbdll/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648067/; classtype:trojan-activity;sid:84511167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648060)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648060/; classtype:trojan-activity;sid:84511160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648061)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648061/; classtype:trojan-activity;sid:84511161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648058)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648058/; classtype:trojan-activity;sid:84511158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648059)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240828-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648059/; classtype:trojan-activity;sid:84511159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648054)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250208-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648054/; classtype:trojan-activity;sid:84511154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648056)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648056/; classtype:trojan-activity;sid:84511156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648051)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648051/; classtype:trojan-activity;sid:84511151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648053)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/dist/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648053/; classtype:trojan-activity;sid:84511153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648049)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250410-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648049/; classtype:trojan-activity;sid:84511149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648041)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/aspjpeg_setup/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648041/; classtype:trojan-activity;sid:84511141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648042)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648042/; classtype:trojan-activity;sid:84511142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648043)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250308-120/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648043/; classtype:trojan-activity;sid:84511143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648045)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648045/; classtype:trojan-activity;sid:84511145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648046)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648046/; classtype:trojan-activity;sid:84511146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648047)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240807-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648047/; classtype:trojan-activity;sid:84511147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648039)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648039/; classtype:trojan-activity;sid:84511139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648037)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648037/; classtype:trojan-activity;sid:84511137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648035)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250701-032/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648035/; classtype:trojan-activity;sid:84511135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648036)"; flow:established,from_client; content:"GET"; http_method; content:"/update/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648036/; classtype:trojan-activity;sid:84511136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648032)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648032/; classtype:trojan-activity;sid:84511132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648027)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241114-115/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648027/; classtype:trojan-activity;sid:84511127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648028)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240531-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648028/; classtype:trojan-activity;sid:84511128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648026)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220419-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648026/; classtype:trojan-activity;sid:84511126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648023)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250214-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648023/; classtype:trojan-activity;sid:84511123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648024)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241031-080/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648024/; classtype:trojan-activity;sid:84511124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648022)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240903-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648022/; classtype:trojan-activity;sid:84511122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648017)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648017/; classtype:trojan-activity;sid:84511117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648018)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/notanalyze/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648018/; classtype:trojan-activity;sid:84511118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648020)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240131-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648020/; classtype:trojan-activity;sid:84511120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648021)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648021/; classtype:trojan-activity;sid:84511121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648012)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648012/; classtype:trojan-activity;sid:84511112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648013)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648013/; classtype:trojan-activity;sid:84511113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648014)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648014/; classtype:trojan-activity;sid:84511114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648015)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/conn/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648015/; classtype:trojan-activity;sid:84511115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648006)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230818-065/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648006/; classtype:trojan-activity;sid:84511106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648009)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-037/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648009/; classtype:trojan-activity;sid:84511109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648010)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241230-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648010/; classtype:trojan-activity;sid:84511110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648002)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250630-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648002/; classtype:trojan-activity;sid:84511102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648003)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648003/; classtype:trojan-activity;sid:84511103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648000)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648000/; classtype:trojan-activity;sid:84511100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648001)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648001/; classtype:trojan-activity;sid:84511101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647996)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/js/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647996/; classtype:trojan-activity;sid:84511096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647997)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647997/; classtype:trojan-activity;sid:84511097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647998)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pic/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647998/; classtype:trojan-activity;sid:84511098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647990)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250429-048/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647990/; classtype:trojan-activity;sid:84511090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647987)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220223-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647987/; classtype:trojan-activity;sid:84511087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647985)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647985/; classtype:trojan-activity;sid:84511085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647986)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250416-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647986/; classtype:trojan-activity;sid:84511086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647983)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647983/; classtype:trojan-activity;sid:84511083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647980)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230909-008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647980/; classtype:trojan-activity;sid:84511080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647977)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240127-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647977/; classtype:trojan-activity;sid:84511077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647978)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647978/; classtype:trojan-activity;sid:84511078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647979)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647979/; classtype:trojan-activity;sid:84511079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647971)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221015-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647971/; classtype:trojan-activity;sid:84511071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647972)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647972/; classtype:trojan-activity;sid:84511072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647973)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210820-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647973/; classtype:trojan-activity;sid:84511073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647974)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230526-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647974/; classtype:trojan-activity;sid:84511074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647975)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230307-014/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647975/; classtype:trojan-activity;sid:84511075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647976)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/info.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647976/; classtype:trojan-activity;sid:84511076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647968)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-059/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647968/; classtype:trojan-activity;sid:84511068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647966)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-045/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647966/; classtype:trojan-activity;sid:84511066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647967)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-046/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647967/; classtype:trojan-activity;sid:84511067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647965)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220729-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647965/; classtype:trojan-activity;sid:84511065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647964)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240827-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647964/; classtype:trojan-activity;sid:84511064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647963)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.84.41.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647963/; classtype:trojan-activity;sid:84511063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647957)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0606/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647957/; classtype:trojan-activity;sid:84511057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647958)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211021-034/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647958/; classtype:trojan-activity;sid:84511058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647959)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250724-113/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647959/; classtype:trojan-activity;sid:84511059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647960)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647960/; classtype:trojan-activity;sid:84511060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647961)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647961/; classtype:trojan-activity;sid:84511061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647951)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210726-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647951/; classtype:trojan-activity;sid:84511051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647952)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210720-027/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647952/; classtype:trojan-activity;sid:84511052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647953)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241105-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647953/; classtype:trojan-activity;sid:84511053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647954)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240328-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647954/; classtype:trojan-activity;sid:84511054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647948)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647948/; classtype:trojan-activity;sid:84511048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647949)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/sqlfull_chs/ia64/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647949/; classtype:trojan-activity;sid:84511049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647945)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647945/; classtype:trojan-activity;sid:84511045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647947)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/js/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647947/; classtype:trojan-activity;sid:84511047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647944)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/symantec/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647944/; classtype:trojan-activity;sid:84511044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647938)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220917-046/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647938/; classtype:trojan-activity;sid:84511038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647939)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw80/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647939/; classtype:trojan-activity;sid:84511039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647934)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0900/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647934/; classtype:trojan-activity;sid:84511034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647935)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220114-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647935/; classtype:trojan-activity;sid:84511035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647936)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240308-027/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647936/; classtype:trojan-activity;sid:84511036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647932)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647932/; classtype:trojan-activity;sid:84511032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647933)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210703-016/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647933/; classtype:trojan-activity;sid:84511033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647930)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240617-013/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647930/; classtype:trojan-activity;sid:84511030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647929)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100_beta1/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647929/; classtype:trojan-activity;sid:84511029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647924)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-015/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647924/; classtype:trojan-activity;sid:84511024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647925)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647925/; classtype:trojan-activity;sid:84511025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647921)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/cpbz/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647921/; classtype:trojan-activity;sid:84511021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647923)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647923/; classtype:trojan-activity;sid:84511023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647914)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241106-151/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647914/; classtype:trojan-activity;sid:84511014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647916)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/css/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647916/; classtype:trojan-activity;sid:84511016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647917)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211224-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647917/; classtype:trojan-activity;sid:84511017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647918)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250625-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647918/; classtype:trojan-activity;sid:84511018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647913)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250212-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647913/; classtype:trojan-activity;sid:84511013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647910)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/pic/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647910/; classtype:trojan-activity;sid:84511010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647911)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231110-090/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647911/; classtype:trojan-activity;sid:84511011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647909)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-075/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647909/; classtype:trojan-activity;sid:84511009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647908)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230817-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647908/; classtype:trojan-activity;sid:84511008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647905)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250429-119/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647905/; classtype:trojan-activity;sid:84511005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647906)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250219-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647906/; classtype:trojan-activity;sid:84511006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647901)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210817-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647901/; classtype:trojan-activity;sid:84511001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647902)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/bookmark/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647902/; classtype:trojan-activity;sid:84511002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647904)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221227-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647904/; classtype:trojan-activity;sid:84511004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647898)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250315-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647898/; classtype:trojan-activity;sid:84510998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647899)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210706-066/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647899/; classtype:trojan-activity;sid:84510999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647894)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210807-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647894/; classtype:trojan-activity;sid:84510994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647895)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647895/; classtype:trojan-activity;sid:84510995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647887)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240919-102/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647887/; classtype:trojan-activity;sid:84510987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647888)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211230-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647888/; classtype:trojan-activity;sid:84510988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647890)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210910-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647890/; classtype:trojan-activity;sid:84510990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647891)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230629-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647891/; classtype:trojan-activity;sid:84510991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647892)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647892/; classtype:trojan-activity;sid:84510992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647883)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647883/; classtype:trojan-activity;sid:84510983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647884)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210804-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647884/; classtype:trojan-activity;sid:84510984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647885)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/otherup/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647885/; classtype:trojan-activity;sid:84510985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647886)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210810-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647886/; classtype:trojan-activity;sid:84510986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647878)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647878/; classtype:trojan-activity;sid:84510978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647874)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210816-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647874/; classtype:trojan-activity;sid:84510974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647875)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-029/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647875/; classtype:trojan-activity;sid:84510975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647872)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250214-089/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647872/; classtype:trojan-activity;sid:84510972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647873)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210723-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647873/; classtype:trojan-activity;sid:84510973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647870)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220618-010/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647870/; classtype:trojan-activity;sid:84510970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647871)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230403-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647871/; classtype:trojan-activity;sid:84510971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647865)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240711-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647865/; classtype:trojan-activity;sid:84510965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647867)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241008-082/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647867/; classtype:trojan-activity;sid:84510967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647868)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647868/; classtype:trojan-activity;sid:84510968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647859)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-057/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647859/; classtype:trojan-activity;sid:84510959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647860)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647860/; classtype:trojan-activity;sid:84510960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647862)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647862/; classtype:trojan-activity;sid:84510962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647857)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647857/; classtype:trojan-activity;sid:84510957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647854)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230607-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647854/; classtype:trojan-activity;sid:84510954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647855)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210607-069/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647855/; classtype:trojan-activity;sid:84510955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647852)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647852/; classtype:trojan-activity;sid:84510952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647847)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250110-100/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647847/; classtype:trojan-activity;sid:84510947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647848)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw60/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647848/; classtype:trojan-activity;sid:84510948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647849)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231120-099/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647849/; classtype:trojan-activity;sid:84510949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647850)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210729-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647850/; classtype:trojan-activity;sid:84510950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647846)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647846/; classtype:trojan-activity;sid:84510946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647839)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647839/; classtype:trojan-activity;sid:84510939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647841)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240726-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647841/; classtype:trojan-activity;sid:84510941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647843)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240912-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647843/; classtype:trojan-activity;sid:84510943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647844)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230406-086/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647844/; classtype:trojan-activity;sid:84510944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647845)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230424-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647845/; classtype:trojan-activity;sid:84510945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647836)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pdffactory_pro_setup/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647836/; classtype:trojan-activity;sid:84510936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647832)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/language/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647832/; classtype:trojan-activity;sid:84510932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647833)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240708-067/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647833/; classtype:trojan-activity;sid:84510933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647826)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/raj%20sir/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647826/; classtype:trojan-activity;sid:84510926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647827)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250604-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647827/; classtype:trojan-activity;sid:84510927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647828)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220210-142/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647828/; classtype:trojan-activity;sid:84510928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647829)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-020/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647829/; classtype:trojan-activity;sid:84510929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647830)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-070/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647830/; classtype:trojan-activity;sid:84510930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647831)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250626-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647831/; classtype:trojan-activity;sid:84510931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647823)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230918-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647823/; classtype:trojan-activity;sid:84510923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647824)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240417-165/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647824/; classtype:trojan-activity;sid:84510924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647816)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250104-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647816/; classtype:trojan-activity;sid:84510916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647817)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221213-037/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647817/; classtype:trojan-activity;sid:84510917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647815)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221110-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647815/; classtype:trojan-activity;sid:84510915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647812)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240619-028/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647812/; classtype:trojan-activity;sid:84510912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647813)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647813/; classtype:trojan-activity;sid:84510913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647806)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-036/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647806/; classtype:trojan-activity;sid:84510906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647808)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647808/; classtype:trojan-activity;sid:84510908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647803)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647803/; classtype:trojan-activity;sid:84510903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647805)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240617-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647805/; classtype:trojan-activity;sid:84510905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647799)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647799/; classtype:trojan-activity;sid:84510899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647800)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250628-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647800/; classtype:trojan-activity;sid:84510900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647801)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647801/; classtype:trojan-activity;sid:84510901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647802)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647802/; classtype:trojan-activity;sid:84510902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647795)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250211-096/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647795/; classtype:trojan-activity;sid:84510895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647798)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647798/; classtype:trojan-activity;sid:84510898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647792)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230414-050/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647792/; classtype:trojan-activity;sid:84510892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647790)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210724-033/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647790/; classtype:trojan-activity;sid:84510890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647791)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1100_beta1/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647791/; classtype:trojan-activity;sid:84510891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647787)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220824-006/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647787/; classtype:trojan-activity;sid:84510887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647788)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647788/; classtype:trojan-activity;sid:84510888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647786)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210624-084/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647786/; classtype:trojan-activity;sid:84510886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647782)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211112-030/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647782/; classtype:trojan-activity;sid:84510882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647783)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250328-154/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647783/; classtype:trojan-activity;sid:84510883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647780)"; flow:established,from_client; content:"GET"; http_method; content:"/update/%e8%a5%bf%e7%be%8e%e5%8d%b0%e5%88%b7%e7%94%9f%e4%ba%a7%e4%bb%93%e5%ba%93%e7%b3%bb%e7%bb%9f/update/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647780/; classtype:trojan-activity;sid:84510880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647781)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210529-031/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647781/; classtype:trojan-activity;sid:84510881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647777)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210814-005/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647777/; classtype:trojan-activity;sid:84510877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647778)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231213-078/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647778/; classtype:trojan-activity;sid:84510878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647779)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tx/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647779/; classtype:trojan-activity;sid:84510879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647772)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220825-055/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647772/; classtype:trojan-activity;sid:84510872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647773)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241123-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647773/; classtype:trojan-activity;sid:84510873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647776)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-017/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647776/; classtype:trojan-activity;sid:84510876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647771)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230503-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647771/; classtype:trojan-activity;sid:84510871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647769)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647769/; classtype:trojan-activity;sid:84510869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647765)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240903-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647765/; classtype:trojan-activity;sid:84510865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647767)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231110-108/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647767/; classtype:trojan-activity;sid:84510867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647760)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/images/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647760/; classtype:trojan-activity;sid:84510860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647762)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241219-043/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647762/; classtype:trojan-activity;sid:84510862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647755)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-013/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647755/; classtype:trojan-activity;sid:84510855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647757)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210809-047/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647757/; classtype:trojan-activity;sid:84510857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647758)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240726-073/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647758/; classtype:trojan-activity;sid:84510858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647750)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211201-059/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647750/; classtype:trojan-activity;sid:84510850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647751)"; flow:established,from_client; content:"GET"; http_method; content:"/dddrupdate/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647751/; classtype:trojan-activity;sid:84510851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647753)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/ylcgd/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647753/; classtype:trojan-activity;sid:84510853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647749)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/goods/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647749/; classtype:trojan-activity;sid:84510849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647744)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647744/; classtype:trojan-activity;sid:84510844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647745)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220117-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647745/; classtype:trojan-activity;sid:84510845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647746)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw70/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647746/; classtype:trojan-activity;sid:84510846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647743)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240701-062/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647743/; classtype:trojan-activity;sid:84510843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647740)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-035/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647740/; classtype:trojan-activity;sid:84510840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647738)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250305-083/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647738/; classtype:trojan-activity;sid:84510838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647739)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647739/; classtype:trojan-activity;sid:84510839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647736)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw90/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647736/; classtype:trojan-activity;sid:84510836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647730)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.murshidabad_noble_250408_012/charter%20parties/main%20body/main%20body/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647730/; classtype:trojan-activity;sid:84510830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647732)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-051/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647732/; classtype:trojan-activity;sid:84510832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647729)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240224-074/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647729/; classtype:trojan-activity;sid:84510829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647723)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/bookmark/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647723/; classtype:trojan-activity;sid:84510823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647724)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw70/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647724/; classtype:trojan-activity;sid:84510824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647722)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-072/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647722/; classtype:trojan-activity;sid:84510822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647720)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220224-016/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647720/; classtype:trojan-activity;sid:84510820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647721)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211228-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647721/; classtype:trojan-activity;sid:84510821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647719)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/src/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647719/; classtype:trojan-activity;sid:84510819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647715)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647715/; classtype:trojan-activity;sid:84510815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647709)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240803-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647709/; classtype:trojan-activity;sid:84510809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647707)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220125-007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647707/; classtype:trojan-activity;sid:84510807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647701)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240521-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647701/; classtype:trojan-activity;sid:84510801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647703)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240907-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647703/; classtype:trojan-activity;sid:84510803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647704)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647704/; classtype:trojan-activity;sid:84510804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647705)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221207-040/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647705/; classtype:trojan-activity;sid:84510805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647698)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/images/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647698/; classtype:trojan-activity;sid:84510798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647697)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240523-018/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647697/; classtype:trojan-activity;sid:84510797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647694)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231026-003/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647694/; classtype:trojan-activity;sid:84510794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647695)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230728-087/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647695/; classtype:trojan-activity;sid:84510795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647692)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220421-042/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647692/; classtype:trojan-activity;sid:84510792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647687)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647687/; classtype:trojan-activity;sid:84510787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647686)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240315-095/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647686/; classtype:trojan-activity;sid:84510786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647677)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240413-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647677/; classtype:trojan-activity;sid:84510777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647678)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211206-052/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647678/; classtype:trojan-activity;sid:84510778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647673)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210813-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647673/; classtype:trojan-activity;sid:84510773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647675)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1150/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647675/; classtype:trojan-activity;sid:84510775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647669)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647669/; classtype:trojan-activity;sid:84510769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647670)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211005-031/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647670/; classtype:trojan-activity;sid:84510770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647671)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210629-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647671/; classtype:trojan-activity;sid:84510771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647672)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250621-084/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647672/; classtype:trojan-activity;sid:84510772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647667)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1200/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647667/; classtype:trojan-activity;sid:84510767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647663)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220423-022/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647663/; classtype:trojan-activity;sid:84510763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647662)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250715-023/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647662/; classtype:trojan-activity;sid:84510762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647659)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/230629-126/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647659/; classtype:trojan-activity;sid:84510759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647660)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220913-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647660/; classtype:trojan-activity;sid:84510760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647661)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-002/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647661/; classtype:trojan-activity;sid:84510761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647651)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211125-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647651/; classtype:trojan-activity;sid:84510751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647652)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211030-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647652/; classtype:trojan-activity;sid:84510752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647653)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-056/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647653/; classtype:trojan-activity;sid:84510753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647654)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-034/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647654/; classtype:trojan-activity;sid:84510754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647655)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/sail%20performa%20jan11/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647655/; classtype:trojan-activity;sid:84510755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647656)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240830-004/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647656/; classtype:trojan-activity;sid:84510756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647657)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220427-069/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647657/; classtype:trojan-activity;sid:84510757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647647)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250111-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647647/; classtype:trojan-activity;sid:84510747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647648)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241130-012/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647648/; classtype:trojan-activity;sid:84510748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647644)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-026/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647644/; classtype:trojan-activity;sid:84510744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647646)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211202-019/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647646/; classtype:trojan-activity;sid:84510746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647639)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647639/; classtype:trojan-activity;sid:84510739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647640)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw0700/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647640/; classtype:trojan-activity;sid:84510740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647637)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250516-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647637/; classtype:trojan-activity;sid:84510737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647629)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1000/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647629/; classtype:trojan-activity;sid:84510729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647630)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/cache/1.8933demo/177278d1757f/41dae12595c9/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647630/; classtype:trojan-activity;sid:84510730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647631)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240618-124/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647631/; classtype:trojan-activity;sid:84510731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647632)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210728-058/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647632/; classtype:trojan-activity;sid:84510732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647633)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210727-041/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647633/; classtype:trojan-activity;sid:84510733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647634)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1200/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647634/; classtype:trojan-activity;sid:84510734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647636)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/shudedw/pdw1000/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647636/; classtype:trojan-activity;sid:84510736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647624)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%b8%b8%e7%94%a8%e8%bd%af%e4%bb%b6/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647624/; classtype:trojan-activity;sid:84510724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647626)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/images/famen/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647626/; classtype:trojan-activity;sid:84510726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647627)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-076/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647627/; classtype:trojan-activity;sid:84510727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647621)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211008-021/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647621/; classtype:trojan-activity;sid:84510721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647622)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241113-091/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647622/; classtype:trojan-activity;sid:84510722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647620)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220929-056/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647620/; classtype:trojan-activity;sid:84510720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647614)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250301-019/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647614/; classtype:trojan-activity;sid:84510714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647615)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-023/document/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647615/; classtype:trojan-activity;sid:84510715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647616)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241029-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647616/; classtype:trojan-activity;sid:84510716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647618)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210721-001/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647618/; classtype:trojan-activity;sid:84510718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647613)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210730-024/images/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647613/; classtype:trojan-activity;sid:84510713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647608)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210923-026/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647608/; classtype:trojan-activity;sid:84510708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647609)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/undw/undw80/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647609/; classtype:trojan-activity;sid:84510709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647610)"; flow:established,from_client; content:"GET"; http_method; content:"/update%20-%20%e5%89%af%e6%9c%ac/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647610/; classtype:trojan-activity;sid:84510710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647606)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250603-130/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647606/; classtype:trojan-activity;sid:84510706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647607)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210731-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647607/; classtype:trojan-activity;sid:84510707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647600)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/241112-002/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647600/; classtype:trojan-activity;sid:84510700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647601)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210805-049/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647601/; classtype:trojan-activity;sid:84510701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647602)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-020/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647602/; classtype:trojan-activity;sid:84510702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647599)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221209-001/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647599/; classtype:trojan-activity;sid:84510699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647595)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/210722-024/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647595/; classtype:trojan-activity;sid:84510695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647596)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240722-081/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647596/; classtype:trojan-activity;sid:84510696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647597)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pb%e5%8f%8d%e7%bc%96%e8%af%91%e5%b7%a5%e5%85%b7/shudepb/language/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647597/; classtype:trojan-activity;sid:84510697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647589)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240831-053/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647589/; classtype:trojan-activity;sid:84510689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647591)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240913-107/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647591/; classtype:trojan-activity;sid:84510691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647592)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250726-060/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647592/; classtype:trojan-activity;sid:84510692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647582)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/wjgl/otherup/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647582/; classtype:trojan-activity;sid:84510682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647584)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211110-006/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647584/; classtype:trojan-activity;sid:84510684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647586)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/231016-103/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647586/; classtype:trojan-activity;sid:84510686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647587)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sbillno/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647587/; classtype:trojan-activity;sid:84510687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647579)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/250718-044/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647579/; classtype:trojan-activity;sid:84510679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647577)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/211208-061/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647577/; classtype:trojan-activity;sid:84510677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647571)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/221125-039/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647571/; classtype:trojan-activity;sid:84510671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647574)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/240531-121/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647574/; classtype:trojan-activity;sid:84510674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647575)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/file/sorder/220406-025/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647575/; classtype:trojan-activity;sid:84510675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647570)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/tpcl/dist/js/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647570/; classtype:trojan-activity;sid:84510670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647522)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.103.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647522/; classtype:trojan-activity;sid:84510622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647521)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.255.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647521/; classtype:trojan-activity;sid:84510621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647520)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.113.186.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647520/; classtype:trojan-activity;sid:84510620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.220.234.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647513/; classtype:trojan-activity;sid:84510613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.162.140.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647514/; classtype:trojan-activity;sid:84510614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.188.102.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647507/; classtype:trojan-activity;sid:84510607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.213.79.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647511/; classtype:trojan-activity;sid:84510611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647482)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647482/; classtype:trojan-activity;sid:84510582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647483)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647483/; classtype:trojan-activity;sid:84510583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647484)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647484/; classtype:trojan-activity;sid:84510584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647485/; classtype:trojan-activity;sid:84510585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647486)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647486/; classtype:trojan-activity;sid:84510586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647487)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647487/; classtype:trojan-activity;sid:84510587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647472)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647472/; classtype:trojan-activity;sid:84510572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647473)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647473/; classtype:trojan-activity;sid:84510573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647474)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647474/; classtype:trojan-activity;sid:84510574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647475)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647475/; classtype:trojan-activity;sid:84510575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647476/; classtype:trojan-activity;sid:84510576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647457)"; flow:established,from_client; content:"GET"; http_method; content:"/recipes/staging/a-89fb7017-7780-4b72-950d-c2db1146a34a.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"best10cdn.blob.core.windows.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647457/; classtype:trojan-activity;sid:84510557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646426)"; flow:established,from_client; content:"GET"; http_method; content:"/images/optimized_msi.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mobshah.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646426/; classtype:trojan-activity;sid:84509526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646414)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano/image.jpg|3f|12711343"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ybgctdtbzvgpdxjivafy.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646414/; classtype:trojan-activity;sid:84509514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646420)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646420/; classtype:trojan-activity;sid:84509520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646403)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg|3f|12711343h"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646403/; classtype:trojan-activity;sid:84509503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646408)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jqqvlru0vaih3z.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"toolshare.com.tr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646408/; classtype:trojan-activity;sid:84509508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.13.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646344/; classtype:trojan-activity;sid:84509444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.13.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646339/; classtype:trojan-activity;sid:84509439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646205/; classtype:trojan-activity;sid:84509305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3646089/; classtype:trojan-activity;sid:84509189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645969)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645969/; classtype:trojan-activity;sid:84509069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645970)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/av.scr"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645970/; classtype:trojan-activity;sid:84509070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645971)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/photo.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645971/; classtype:trojan-activity;sid:84509071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645967)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/video.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645967/; classtype:trojan-activity;sid:84509067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645962)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645962/; classtype:trojan-activity;sid:84509062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645964)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/photo.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645964/; classtype:trojan-activity;sid:84509064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645965)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/av.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645965/; classtype:trojan-activity;sid:84509065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645961)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645961/; classtype:trojan-activity;sid:84509061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645960)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645960/; classtype:trojan-activity;sid:84509060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645957)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645957/; classtype:trojan-activity;sid:84509057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645955)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/video.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645955/; classtype:trojan-activity;sid:84509055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645956)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645956/; classtype:trojan-activity;sid:84509056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645950)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.intelligradeeducation.vicentecisnerospub.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645950/; classtype:trojan-activity;sid:84509050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645889)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20pictures/neha%20imagecopy/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645889/; classtype:trojan-activity;sid:84508989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645874)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.185.26.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645874/; classtype:trojan-activity;sid:84508974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645854)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/wallpaper/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645854/; classtype:trojan-activity;sid:84508954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645847)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20music/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645847/; classtype:trojan-activity;sid:84508947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645832)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20scans/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645832/; classtype:trojan-activity;sid:84508932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645827)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645827/; classtype:trojan-activity;sid:84508927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645811)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ulcas_jaldhi_240409_016/charter%20parties/riders/mv%20ulcas%20-%20riders_files/info.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645811/; classtype:trojan-activity;sid:84508911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645760)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/various%20files/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645760/; classtype:trojan-activity;sid:84508860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645751)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/charter%20party/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645751/; classtype:trojan-activity;sid:84508851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645748)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20lynx_bspl_021107_045/mv.shou%20chang%20hai_wamopl_130907_034/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645748/; classtype:trojan-activity;sid:84508848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645728)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20lynx_bspl_021107_045/mv.shou%20chang%20hai_wamopl_130907_034/charter%20parties/main%20body/info.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645728/; classtype:trojan-activity;sid:84508828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645677)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/bhushan/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645677/; classtype:trojan-activity;sid:84508777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645674)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.apj%20jad_ssoe_050607_020/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645674/; classtype:trojan-activity;sid:84508774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645652)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.port%20melbourne_ispat_221107_050/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645652/; classtype:trojan-activity;sid:84508752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645648)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20primrose_wamspl_041009_044/charter%20parties/riders/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645648/; classtype:trojan-activity;sid:84508748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645646)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20crown_bilgent_040209_006/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645646/; classtype:trojan-activity;sid:84508746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645639)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.captain%20george%20ii_ispat_161107_049/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645639/; classtype:trojan-activity;sid:84508739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645635)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20kanpur_noble_080110_001/charter%20parties/riders/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645635/; classtype:trojan-activity;sid:84508735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645600)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft/windows/powershell/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645600/; classtype:trojan-activity;sid:84508700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645601)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lok%20rajeshwari_stxpanocean_040209_007/reacp-fixture%20note/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645601/; classtype:trojan-activity;sid:84508701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645586)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20iron%20man_jaldhi_080809_035/charter%20parties/riders/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645586/; classtype:trojan-activity;sid:84508686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645572)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20frontier%20angel_eta_201108/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645572/; classtype:trojan-activity;sid:84508672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645569)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645569/; classtype:trojan-activity;sid:84508669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645565)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs_070507_16/recap-fixture%20notes/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645565/; classtype:trojan-activity;sid:84508665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645516)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/deepak/my%20docs/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645516/; classtype:trojan-activity;sid:84508616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645515)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20aranda%20colossus_nob_061008_030/market%20report/market%20report%20dtd%207%20nov%202008/info.zip"; http_uri; depth:152; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645515/; classtype:trojan-activity;sid:84508615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645468)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown_jki_160707_027/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645468/; classtype:trojan-activity;sid:84508568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645460)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2011/september/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645460/; classtype:trojan-activity;sid:84508560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645428)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs%20_311007_044/recap-fixture%20notes/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645428/; classtype:trojan-activity;sid:84508528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645429)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20uttarkashi_ncs_151007_040/charter%20parties/riders/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645429/; classtype:trojan-activity;sid:84508529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645417)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20cemtex%20orient_kispl_311208_038/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645417/; classtype:trojan-activity;sid:84508517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645401)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20kang%20yao_jaldhi_220109_003/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645401/; classtype:trojan-activity;sid:84508501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645386)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20rishikesh_nob_010409_011/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645386/; classtype:trojan-activity;sid:84508486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645382)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20magic_jaldhi_210110_007/charter%20parties/riders/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645382/; classtype:trojan-activity;sid:84508482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645341)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20aranda%20colossus_nob_061008_030/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645341/; classtype:trojan-activity;sid:84508441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645332)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20lok%20maheshwari_nob_050908_027/recap-fixture%20note/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645332/; classtype:trojan-activity;sid:84508432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645335)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.falcon_ispat_050907_035/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645335/; classtype:trojan-activity;sid:84508435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645322)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/desktop/tai%20ping%20shan-phaethon-cp/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645322/; classtype:trojan-activity;sid:84508422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645315)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/crossbridge_unity%20coa%20dtd%209th%20feb%202010/riders/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645315/; classtype:trojan-activity;sid:84508415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645248)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/vk%20jain/my%20webs/_vti_pvt/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645248/; classtype:trojan-activity;sid:84508348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645246)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20sanko%20king_bulkmarine_040209_013/charter%20parties/riders/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645246/; classtype:trojan-activity;sid:84508346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645234)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/cp%20transchart/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645234/; classtype:trojan-activity;sid:84508334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645219)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_nob_300808_026/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645219/; classtype:trojan-activity;sid:84508319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645220)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20four%20mogami_ispat_0160709_032/charter%20parties/riders/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645220/; classtype:trojan-activity;sid:84508320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645200)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202006/mv%20china%20trader_eta_020806_032/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645200/; classtype:trojan-activity;sid:84508300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645196)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20spar%20scorpio_ispat_261007_043/charter%20parties/riders/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645196/; classtype:trojan-activity;sid:84508296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645195)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20rishikesh_nob_010409_011/recap-fixture%20note/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645195/; classtype:trojan-activity;sid:84508295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645188)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20devigloryi_seatrek_180509_022/riders/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645188/; classtype:trojan-activity;sid:84508288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645182)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20captain%20george%20ii_nedstar_151208_037/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645182/; classtype:trojan-activity;sid:84508282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645161)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20devprayag_nob_230409_015/recap-fixture%20note/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645161/; classtype:trojan-activity;sid:84508261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645165)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20parvati_ispat_020607_019/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645165/; classtype:trojan-activity;sid:84508265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645148)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.apj%20jad_noble_230408_010/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645148/; classtype:trojan-activity;sid:84508248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645145)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.mp%20panamax%201_nob_240707_028/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645145/; classtype:trojan-activity;sid:84508245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645139)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645139/; classtype:trojan-activity;sid:84508239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645120)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ulcas_jaldhi_240409_016/charter%20parties/vsssl%20descrp/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645120/; classtype:trojan-activity;sid:84508220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645108)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.mandakini_noble_030408_007/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645108/; classtype:trojan-activity;sid:84508208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645099)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20kanpur_trimex_061108_034/recap-fixture%20note/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645099/; classtype:trojan-activity;sid:84508199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645094)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.gem%20of%20kilakarai_ispat_051007_038/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645094/; classtype:trojan-activity;sid:84508194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645096)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20goa_china%20national_140110_004/recap-fixture%20note/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645096/; classtype:trojan-activity;sid:84508196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645083)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.mandakini_ncs_030108_001/recap-fixture%20notes/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645083/; classtype:trojan-activity;sid:84508183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645065)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20vancouver%20victory_jaldhi_300109_005/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645065/; classtype:trojan-activity;sid:84508165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645055)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown_ispat_300607_024/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645055/; classtype:trojan-activity;sid:84508155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645048)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20goa_china%20national_140110_004/charter%20parties/riders/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645048/; classtype:trojan-activity;sid:84508148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645030)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20id%20tide_ispat_080709_027/charter%20parties/riders/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645030/; classtype:trojan-activity;sid:84508130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645031)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20moonvazs_hct_090908_028/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645031/; classtype:trojan-activity;sid:84508131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645013)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20devprayag_nob_230409_015/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645013/; classtype:trojan-activity;sid:84508113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645004)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202006/mv%20china%20trader_eta_020806_032/charter%20parties/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645004/; classtype:trojan-activity;sid:84508104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644990)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.dubai%20energy_noble_100508_001/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644990/; classtype:trojan-activity;sid:84508090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644992)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.murshidabad_noble_250408_012/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644992/; classtype:trojan-activity;sid:84508092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644989)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_ispat_040808_023/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644989/; classtype:trojan-activity;sid:84508089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644985)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.uttarkashi_ncs_151007_040/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644985/; classtype:trojan-activity;sid:84508085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644978)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20major_jaldhi_210909_040/charter%20parties/riders/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644978/; classtype:trojan-activity;sid:84508078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644951)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20alaknanda_nob_140509_019/charter%20parties/riders/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644951/; classtype:trojan-activity;sid:84508051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644938)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv.ocean%20crown_wbc_100209_008/charter%20parties/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644938/; classtype:trojan-activity;sid:84508038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644920)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20murshidabad_nob_041108%20_033/recap-fixture%20note/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644920/; classtype:trojan-activity;sid:84508020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644921)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20varanasi_noble_160310_013/recap-fixture%20note/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644921/; classtype:trojan-activity;sid:84508021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644914)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20apj%20kais_noble_090709_028/charter%20parties/riders/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644914/; classtype:trojan-activity;sid:84508014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644882)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20pataliputra_nob_100309_010/recap-fixture%20note/info.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644882/; classtype:trojan-activity;sid:84507982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644849)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.st.paul_nsi_211107_053/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644849/; classtype:trojan-activity;sid:84507949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644839)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.mp%20panamax%202_nob_120707_026/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644839/; classtype:trojan-activity;sid:84507939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644816)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20devprayag_nob_201008_032/recap-fixture%20note/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644816/; classtype:trojan-activity;sid:84507916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644804)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_ncs_291107_051/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644804/; classtype:trojan-activity;sid:84507904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644805)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.uttarkashi_nob_250208_005/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644805/; classtype:trojan-activity;sid:84507905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644784)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644784/; classtype:trojan-activity;sid:84507884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644756)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20bao%20success_ispahia_161109_047/charter%20parties/riders/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644756/; classtype:trojan-activity;sid:84507856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644736)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.christos_eta_180607_021/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644736/; classtype:trojan-activity;sid:84507836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644707)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.jbu%20orient_ispat_121107_047/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644707/; classtype:trojan-activity;sid:84507807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644700)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20yk%20sentosa_noble_230109_004/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644700/; classtype:trojan-activity;sid:84507800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644696)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.blue%20coral_bcm_010607_018/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644696/; classtype:trojan-activity;sid:84507796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644683)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/noor%20enterprise_unity%20cp%20dtd%2015th%20apr%202010/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644683/; classtype:trojan-activity;sid:84507783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644684)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv.ocean%20crown_wbc_100209_008/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644684/; classtype:trojan-activity;sid:84507784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644678)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.devprayag_noble_180408_009/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644678/; classtype:trojan-activity;sid:84507778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644676)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20karolina_jaldhi_160709_031/rider%20clauses/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644676/; classtype:trojan-activity;sid:84507776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644667)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lok%20pratap_hct_230609_025/reacp-fixture%20note/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644667/; classtype:trojan-activity;sid:84507767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644663)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_sinoway_290110_009/charter%20parties/riders/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644663/; classtype:trojan-activity;sid:84507763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644625)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.murshidabad_noble_250408_012/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644625/; classtype:trojan-activity;sid:84507725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644620)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.uttarkashi_nob_250208_005/charter%20parties/main%20body/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644620/; classtype:trojan-activity;sid:84507720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644621)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/transchart/my%20webs/_vti_pvt/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644621/; classtype:trojan-activity;sid:84507721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644615)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.star%20canopus_allocean_261007_042/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644615/; classtype:trojan-activity;sid:84507715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644602)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.port%20mouton_ispat_080408_008/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644602/; classtype:trojan-activity;sid:84507702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644600)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20galactic_jki_101007_039/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644600/; classtype:trojan-activity;sid:84507700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644579)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ocean%20crown_wbc_100209_008/charter%20parties/riders/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644579/; classtype:trojan-activity;sid:84507679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644567)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2012/september/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644567/; classtype:trojan-activity;sid:84507667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644540)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20desert%20hawk_eta_aplspore_111008/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644540/; classtype:trojan-activity;sid:84507640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644534)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20gem%20of%20haldia_noble_191109_048/charter%20parties/riders/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644534/; classtype:trojan-activity;sid:84507634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644522)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lietta_crossbridge_121109_046/charter%20parties/riders/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644522/; classtype:trojan-activity;sid:84507622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644521)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.joviality_wamopl_220208_004/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644521/; classtype:trojan-activity;sid:84507621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644505)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs%20_311007_044/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644505/; classtype:trojan-activity;sid:84507605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644506)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20mihika_refined%20sucess_270407_015/recap-fixture%20notes/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644506/; classtype:trojan-activity;sid:84507606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644492)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.talisman_ispat_230508_001/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644492/; classtype:trojan-activity;sid:84507592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644486)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20lynx_bspl_021107_045/mv.shou%20chang%20hai_wamopl_130907_034/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644486/; classtype:trojan-activity;sid:84507586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644445)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20galactic_jki_101007_039/recap-fixture%20notes/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644445/; classtype:trojan-activity;sid:84507545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644420)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.murshidabad_noble_250408_012/recap-fixture%20notes/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644420/; classtype:trojan-activity;sid:84507520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644415)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv.ocean%20crown_wbc_100209_008/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644415/; classtype:trojan-activity;sid:84507515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644403)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_nob_210507_017/recap-fixture%20notes/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644403/; classtype:trojan-activity;sid:84507503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644404)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20alaknanda_nob_140509_019/recap-fixture%20note/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644404/; classtype:trojan-activity;sid:84507504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644388)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.apj%20jad_nob_300807_032/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644388/; classtype:trojan-activity;sid:84507488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644373)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.uttarkashi_nob_250208_005/recap-fixture%20notes/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644373/; classtype:trojan-activity;sid:84507473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644375)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jbu%20orient_bulk%20marine_170609_024/charter%20parties/riders/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644375/; classtype:trojan-activity;sid:84507475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644364)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20super%20star_prime%20east_171209_051/charter%20parties/riders/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644364/; classtype:trojan-activity;sid:84507464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644352)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20gem%20of%20kilakarai_uniwell_300310_015/charter%20parties/riders/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644352/; classtype:trojan-activity;sid:84507452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644345)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20energy_ispat_010409_012/charter%20parties/riders/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644345/; classtype:trojan-activity;sid:84507445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644339)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644339/; classtype:trojan-activity;sid:84507439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644337)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20yangtze%20river_wamopl_161007_041/charter%20parties/riders/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644337/; classtype:trojan-activity;sid:84507437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644319)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ulcas_jaldhi_151009_044/rider%20clauses/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644319/; classtype:trojan-activity;sid:84507419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644316)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.uttarkashi_nob_250208_005/charter%20parties/info.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644316/; classtype:trojan-activity;sid:84507416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644311)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20pataliputra_noble_290808_025/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644311/; classtype:trojan-activity;sid:84507411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644299)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.m.p.panamax%201_nob_301107_052/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644299/; classtype:trojan-activity;sid:84507399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644279)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20uttarkashi_nob_310707_029/charter%20parties/riders/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644279/; classtype:trojan-activity;sid:84507379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644272)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20desert%20hawk_nedstar_101108_035/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644272/; classtype:trojan-activity;sid:84507372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644263)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20knight_noble_210607_022/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644263/; classtype:trojan-activity;sid:84507363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644250)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20serasih_primeeast_091009_043/charter%20parties/riders/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644250/; classtype:trojan-activity;sid:84507350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644234)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/sci_nob_260107_003/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644234/; classtype:trojan-activity;sid:84507334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644222)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_ncs_291107_051/recap-fixture%20notes/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644222/; classtype:trojan-activity;sid:84507322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644219)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_ssoe_090110_003/charter%20parties/riders/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644219/; classtype:trojan-activity;sid:84507319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644209)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bonasia_ispat_090707_025/recap-fixture%20notes/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644209/; classtype:trojan-activity;sid:84507309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644177)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20spar%20lynx_bspl_021107_045/charter%20parties/riders/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644177/; classtype:trojan-activity;sid:84507277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644160)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20ulcas_jaldhi_240409_016/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644160/; classtype:trojan-activity;sid:84507260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644147)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20desert%20hawk_nedstar_101108_035/recap-fixture%20note/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644147/; classtype:trojan-activity;sid:84507247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644135)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20murshidabad_nob_041108%20_033/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644135/; classtype:trojan-activity;sid:84507235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644136)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20rishikesh_ncs_291107_051/charter%20parties/riders/info.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644136/; classtype:trojan-activity;sid:84507236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644118)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/noor%20enterprise_unity%20cp%20dtd%2015th%20apr%202010/riders/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644118/; classtype:trojan-activity;sid:84507218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644085)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20varanasi_noble_160310_013/charter%20parties/riders/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644085/; classtype:trojan-activity;sid:84507185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644077)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20zsq%20star_spartan_071309_029/charter%20parties/riders/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644077/; classtype:trojan-activity;sid:84507177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644072)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20woodstar_stxpanocean_091209_050/charter%20parties/riders/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644072/; classtype:trojan-activity;sid:84507172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644064)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown%20_%20ispat_250907_036/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644064/; classtype:trojan-activity;sid:84507164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644060)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs_070507_016/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644060/; classtype:trojan-activity;sid:84507160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644056)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/market%20report/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644056/; classtype:trojan-activity;sid:84507156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644053)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.rishikesh_nob_210507_017/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644053/; classtype:trojan-activity;sid:84507153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644039)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20teo_eta_050310_012/charter%20parties/riders/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644039/; classtype:trojan-activity;sid:84507139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644033)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lok%20rajeshwari_stxpanocean_040209_007/charter%20parties/riders/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644033/; classtype:trojan-activity;sid:84507133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644019)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.fratzis%20star_eta_230108_002/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644019/; classtype:trojan-activity;sid:84507119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643992)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jiu%20hua%20hai_ispat_250509_022/charter%20parties/riders/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643992/; classtype:trojan-activity;sid:84507092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643987)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.goldmar_ssoe_230508_001/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643987/; classtype:trojan-activity;sid:84507087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643950)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.yangtze%20river_wamopl_161007_041/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643950/; classtype:trojan-activity;sid:84507050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643954)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20uttarkashi_ncs_110908_029/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643954/; classtype:trojan-activity;sid:84507054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643941)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20galactic_ispat_241207_054/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643941/; classtype:trojan-activity;sid:84507041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643933)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bulk%20saturn_eta_141107_048/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643933/; classtype:trojan-activity;sid:84507033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643917)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.aranda%20colossus_ncs_230408_011/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643917/; classtype:trojan-activity;sid:84507017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643908)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20uttarkashi_nob_310707_029/recap-fixture%20note/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643908/; classtype:trojan-activity;sid:84507008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643905)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20maritime%20alliance_jaldhi_310709_034/charter%20parties/riders/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643905/; classtype:trojan-activity;sid:84507005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643894)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202006/mv%20china%20trader_eta_020806_032/charter%20parties/main%20body/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643894/; classtype:trojan-activity;sid:84506994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643869)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20nantor_aht_190110_006/riders/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643869/; classtype:trojan-activity;sid:84506969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643855)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20mandarin%20fortune_wbc_160209_009/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643855/; classtype:trojan-activity;sid:84506955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643841)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20dubai%20knight_noble_220109_002/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643841/; classtype:trojan-activity;sid:84506941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643815)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20papillon_aquavita_230610_017/charter%20parties/riders/info.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643815/; classtype:trojan-activity;sid:84506915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643800)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20vba%20tbn_maheshwari_290710_018/recap-fixture%20note/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643800/; classtype:trojan-activity;sid:84506900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643771)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv.ocean%20crown_wbc_100209_008/charter%20parties/main%20body/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643771/; classtype:trojan-activity;sid:84506871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643772)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20fanoula_crossbridge_201109_049/charter%20parties/riders/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643772/; classtype:trojan-activity;sid:84506872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643766)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20karolina_jaldhi_260609_026/charter%20parties/riders/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643766/; classtype:trojan-activity;sid:84506866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643759)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20knight_ispat_091008_031/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643759/; classtype:trojan-activity;sid:84506859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643753)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.goldmar_ssoe_230508_001/recap-fixture%20notes/info.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643753/; classtype:trojan-activity;sid:84506853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643738)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.hardwar_ncs_020807_030/recap-fixture%20notes/info.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643738/; classtype:trojan-activity;sid:84506838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643740)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.marigold_seafreight_3000408_015/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643740/; classtype:trojan-activity;sid:84506840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643735)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20lynx_bspl_021107_045/mv.shou%20chang%20hai_wamopl_130907_034/charter%20parties/info.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643735/; classtype:trojan-activity;sid:84506835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643730)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20hay_bulk%20marine_180808_024/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643730/; classtype:trojan-activity;sid:84506830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643686)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/krunal%20desk%20bkp%20210410/vsl%20dets%20isl/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643686/; classtype:trojan-activity;sid:84506786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643679)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20aranda%20colossus_nob_061008_030/market%20report/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643679/; classtype:trojan-activity;sid:84506779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643630)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20yasa%20ozcan_jaldhi_231009_045/charter%20parties/riders/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643630/; classtype:trojan-activity;sid:84506730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643613)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20devprayag_nob_201008_032/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643613/; classtype:trojan-activity;sid:84506713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643600)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20uttarkashi_ncs_151007_040/recap-fixture%20note/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643600/; classtype:trojan-activity;sid:84506700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643580)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20yuan%20shun%20hai_nedstar_180610_016/recap-fixture%20note/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643580/; classtype:trojan-activity;sid:84506680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643583)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20parvati_refined%20sucess_270407_015/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643583/; classtype:trojan-activity;sid:84506683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643551)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20kanpur_trimex_061108_034/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643551/; classtype:trojan-activity;sid:84506651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643525)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/eta/weather%20news/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643525/; classtype:trojan-activity;sid:84506625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643509)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20pataliputra_noble_290808_025/recap%20-%20fixture%20notes/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643509/; classtype:trojan-activity;sid:84506609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643510)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixture_reports/2013/march/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643510/; classtype:trojan-activity;sid:84506610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643477)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20apj%20suryavir_seafreight_080509_018/charter%20parties/riders/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643477/; classtype:trojan-activity;sid:84506577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643475)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202006/mv%20china%20trader_eta_020806_032/charter%20parties/riders/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643475/; classtype:trojan-activity;sid:84506575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643476)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20talisman_ispat_230508_019/charter%20parties/riders/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643476/; classtype:trojan-activity;sid:84506576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643471)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.dubai%20crown_ispat_300607_024/notices/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643471/; classtype:trojan-activity;sid:84506571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643426)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.alaknanda_nob_140208_003/recap-fixture%20notes/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643426/; classtype:trojan-activity;sid:84506526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643424)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20uttarkashi_nob_250208_005/recap-fixture%20note/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643424/; classtype:trojan-activity;sid:84506524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643418)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.evnia_wamopl_200308_006/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643418/; classtype:trojan-activity;sid:84506518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643416)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20voc%20progress_eta_290509_023/charter%20parties/riders/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643416/; classtype:trojan-activity;sid:84506516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643413)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.hardwar_ncs_020807_030/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643413/; classtype:trojan-activity;sid:84506513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643372)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20margrave_nedstar_190109_001/recap%20-%20fixture%20note/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643372/; classtype:trojan-activity;sid:84506472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643359)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.devprayag_noble_180408_009/recap-fixture%20notes/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643359/; classtype:trojan-activity;sid:84506459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643353)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20lok%20rajeshwari_noble_140110_005/charter%20parties/riders/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643353/; classtype:trojan-activity;sid:84506453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643331)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20dubai%20guardian_ispat_131108_036/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643331/; classtype:trojan-activity;sid:84506431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643329)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.bonasia_ispat_090707_025/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643329/; classtype:trojan-activity;sid:84506429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643318)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.gem%20of%20aqaba_daewoo_300408_013/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643318/; classtype:trojan-activity;sid:84506418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643295)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/noor%20enterprise_unity%20cp%20dtd%2015th%20apr%202010/main%20body/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643295/; classtype:trojan-activity;sid:84506395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643280)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.alaknanda_nob_140208_003/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643280/; classtype:trojan-activity;sid:84506380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643274)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs_070507_016/recap-fixture%20notes/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643274/; classtype:trojan-activity;sid:84506374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643267)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20kanpur_noble_080110_001/recap-fixture%20note/info.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643267/; classtype:trojan-activity;sid:84506367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643268)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20sinin_ssoe_030210_010/charter%20parties/riders/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643268/; classtype:trojan-activity;sid:84506368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643266)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20lok%20maheshwari_nob_050908_027/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643266/; classtype:trojan-activity;sid:84506366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643228)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.mandakini_noble_030408_007/recap-fixture%20notes/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643228/; classtype:trojan-activity;sid:84506328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643220)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20genco%20knight_wamopl_080508_016/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643220/; classtype:trojan-activity;sid:84506320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643203)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.ocean%20predator_ispat_080907_033/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643203/; classtype:trojan-activity;sid:84506303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643199)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.spar%20lynx_bspl_021107_045/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643199/; classtype:trojan-activity;sid:84506299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643189)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20yuan%20shun%20hai_nedstar_180610_016/charter%20parties/riders/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643189/; classtype:trojan-activity;sid:84506289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643168)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jag%20ratan_bulkmarine_090709_039/charter%20parties/riders/info.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643168/; classtype:trojan-activity;sid:84506268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643147)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/for%20xp%20sp2/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643147/; classtype:trojan-activity;sid:84506247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643139)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20lok%20rajeshwari_noble_140110_005/recap-fixture%20note/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643139/; classtype:trojan-activity;sid:84506239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643131)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202010/mv%20jbu%20orient_crossbridge_080110_002/charter%20parties/riders/info.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643131/; classtype:trojan-activity;sid:84506231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643094)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20four%20shinano_ispat_110708_022/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643094/; classtype:trojan-activity;sid:84506194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643059)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20shou%20chang%20hai_wamopl_130907_034/charter%20parties/riders/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643059/; classtype:trojan-activity;sid:84506159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643052)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20parvati_refined%20sucess_270407_015/recap-fixture%20notes/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643052/; classtype:trojan-activity;sid:84506152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643029)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20uttarkashi_ncs_110908_029/recap-fixture%20note/info.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643029/; classtype:trojan-activity;sid:84506129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643019)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv%20rishikesh_ncs_291107_051/recap-fixture%20note/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643019/; classtype:trojan-activity;sid:84506119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643023)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20id%20integrity_bulk%20marine_100409_014/charter%20parties/riders/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643023/; classtype:trojan-activity;sid:84506123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643012)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.barcelona%20bright_metchart_3000408_014/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643012/; classtype:trojan-activity;sid:84506112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643005)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.uttarkashi_nob_310707_029/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643005/; classtype:trojan-activity;sid:84506105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642995)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.uttarkashi_nob_250208_005/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642995/; classtype:trojan-activity;sid:84506095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642991)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.prabhu%20mihika_refined%20sucess_270407_015/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642991/; classtype:trojan-activity;sid:84506091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642958)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.alaknanda_ncs_070507_16/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642958/; classtype:trojan-activity;sid:84506058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642943)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv%20uttarkashi_nob_250208_005/charter%20parties/riders/info.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642943/; classtype:trojan-activity;sid:84506043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642920)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20iran%20yazd_jaldhi_240809_038/charter%20parties/riders/info.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642920/; classtype:trojan-activity;sid:84506020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642913)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20pataliputra_nob_100309_010/charter%20parties/riders/info.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642913/; classtype:trojan-activity;sid:84506013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642877)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.uttarkashi_nob_310707_029/recap-fixture%20notes/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642877/; classtype:trojan-activity;sid:84505977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642873)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20margrave_nedstar_190109_001/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642873/; classtype:trojan-activity;sid:84505973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642868)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202008/mv.mandakini_ncs_030108_001/charter%20parties/rider%20clauses/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642868/; classtype:trojan-activity;sid:84505968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642854)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20jag%20ratan_bulkmarine_090709_039/recap/info.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642854/; classtype:trojan-activity;sid:84505954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642822)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202009/mv%20lok%20pratap_hct_230609_025/charter%20parties/riders/info.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642822/; classtype:trojan-activity;sid:84505922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642817)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/fixtures%202007/mv.uttarkashi_ncs_151007_040/recap-fixture%20notes/info.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642817/; classtype:trojan-activity;sid:84505917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642808)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642808/; classtype:trojan-activity;sid:84505908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642807)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/common/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642807/; classtype:trojan-activity;sid:84505907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642806)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/scripts/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642806/; classtype:trojan-activity;sid:84505906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642804)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/info/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642804/; classtype:trojan-activity;sid:84505904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642805)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642805/; classtype:trojan-activity;sid:84505905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642803)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/wicon/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642803/; classtype:trojan-activity;sid:84505903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642799)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202308/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642799/; classtype:trojan-activity;sid:84505899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642800)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/0f/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642800/; classtype:trojan-activity;sid:84505900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642801)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642801/; classtype:trojan-activity;sid:84505901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642802)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/common/exceptions/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642802/; classtype:trojan-activity;sid:84505902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642796)"; flow:established,from_client; content:"GET"; http_method; content:"/data/202304/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642796/; classtype:trojan-activity;sid:84505896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642797)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/resource/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642797/; classtype:trojan-activity;sid:84505897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642798)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642798/; classtype:trojan-activity;sid:84505898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642794)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642794/; classtype:trojan-activity;sid:84505894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642795)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642795/; classtype:trojan-activity;sid:84505895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642791)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642791/; classtype:trojan-activity;sid:84505891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642792)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642792/; classtype:trojan-activity;sid:84505892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642793)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642793/; classtype:trojan-activity;sid:84505893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642789)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642789/; classtype:trojan-activity;sid:84505889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642790)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642790/; classtype:trojan-activity;sid:84505890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642786)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642786/; classtype:trojan-activity;sid:84505886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642787)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642787/; classtype:trojan-activity;sid:84505887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642788)"; flow:established,from_client; content:"GET"; http_method; content:"/big/microsoft.sql.server.2012.enterprise.edition.with.service.pack.1-kopie/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642788/; classtype:trojan-activity;sid:84505888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642785)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642785/; classtype:trojan-activity;sid:84505885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642783)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642783/; classtype:trojan-activity;sid:84505883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642784)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642784/; classtype:trojan-activity;sid:84505884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642781)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642781/; classtype:trojan-activity;sid:84505881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642782)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642782/; classtype:trojan-activity;sid:84505882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642777)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642777/; classtype:trojan-activity;sid:84505877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642778)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642778/; classtype:trojan-activity;sid:84505878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642779)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642779/; classtype:trojan-activity;sid:84505879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642780)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642780/; classtype:trojan-activity;sid:84505880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642775)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642775/; classtype:trojan-activity;sid:84505875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642776)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642776/; classtype:trojan-activity;sid:84505876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642770)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642770/; classtype:trojan-activity;sid:84505870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642771)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642771/; classtype:trojan-activity;sid:84505871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642772)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642772/; classtype:trojan-activity;sid:84505872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642773)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642773/; classtype:trojan-activity;sid:84505873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642769)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642769/; classtype:trojan-activity;sid:84505869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642765)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202206/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642765/; classtype:trojan-activity;sid:84505865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642766)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642766/; classtype:trojan-activity;sid:84505866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642767)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642767/; classtype:trojan-activity;sid:84505867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642768)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642768/; classtype:trojan-activity;sid:84505868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642761)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642761/; classtype:trojan-activity;sid:84505861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642762)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/8a/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642762/; classtype:trojan-activity;sid:84505862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642763)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642763/; classtype:trojan-activity;sid:84505863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642764)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642764/; classtype:trojan-activity;sid:84505864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642758)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642758/; classtype:trojan-activity;sid:84505858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642759)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642759/; classtype:trojan-activity;sid:84505859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642760)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642760/; classtype:trojan-activity;sid:84505860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642756)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/scripts/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642756/; classtype:trojan-activity;sid:84505856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642757)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/wicon/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642757/; classtype:trojan-activity;sid:84505857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642754)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642754/; classtype:trojan-activity;sid:84505854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642755)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642755/; classtype:trojan-activity;sid:84505855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642753)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642753/; classtype:trojan-activity;sid:84505853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642750)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642750/; classtype:trojan-activity;sid:84505850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642751)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642751/; classtype:trojan-activity;sid:84505851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642748)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642748/; classtype:trojan-activity;sid:84505848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642749)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642749/; classtype:trojan-activity;sid:84505849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642746)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642746/; classtype:trojan-activity;sid:84505846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642747)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642747/; classtype:trojan-activity;sid:84505847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642744)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642744/; classtype:trojan-activity;sid:84505844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642745)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642745/; classtype:trojan-activity;sid:84505845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642743)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642743/; classtype:trojan-activity;sid:84505843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642740)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642740/; classtype:trojan-activity;sid:84505840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642741)"; flow:established,from_client; content:"GET"; http_method; content:"/data/202205/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642741/; classtype:trojan-activity;sid:84505841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642742)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642742/; classtype:trojan-activity;sid:84505842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642739)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642739/; classtype:trojan-activity;sid:84505839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642735)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642735/; classtype:trojan-activity;sid:84505835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642736)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642736/; classtype:trojan-activity;sid:84505836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642737)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642737/; classtype:trojan-activity;sid:84505837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642738)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642738/; classtype:trojan-activity;sid:84505838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642733)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642733/; classtype:trojan-activity;sid:84505833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642734)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642734/; classtype:trojan-activity;sid:84505834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642731)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642731/; classtype:trojan-activity;sid:84505831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642732)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642732/; classtype:trojan-activity;sid:84505832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642727)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202207/sjk-ic/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642727/; classtype:trojan-activity;sid:84505827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642728)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642728/; classtype:trojan-activity;sid:84505828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642729)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642729/; classtype:trojan-activity;sid:84505829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642730)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642730/; classtype:trojan-activity;sid:84505830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642726)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642726/; classtype:trojan-activity;sid:84505826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642725)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642725/; classtype:trojan-activity;sid:84505825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642724)"; flow:established,from_client; content:"GET"; http_method; content:"/wimx/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642724/; classtype:trojan-activity;sid:84505824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642722)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642722/; classtype:trojan-activity;sid:84505822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642723)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642723/; classtype:trojan-activity;sid:84505823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642720)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642720/; classtype:trojan-activity;sid:84505820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642721)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642721/; classtype:trojan-activity;sid:84505821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642714)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642714/; classtype:trojan-activity;sid:84505814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642715)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642715/; classtype:trojan-activity;sid:84505815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642716)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642716/; classtype:trojan-activity;sid:84505816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642717)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/key/inipaytest/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642717/; classtype:trojan-activity;sid:84505817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642718)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/refs/heads/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642718/; classtype:trojan-activity;sid:84505818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642719)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642719/; classtype:trojan-activity;sid:84505819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642712)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642712/; classtype:trojan-activity;sid:84505812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642713)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642713/; classtype:trojan-activity;sid:84505813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642711)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642711/; classtype:trojan-activity;sid:84505811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642709)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642709/; classtype:trojan-activity;sid:84505809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642710)"; flow:established,from_client; content:"GET"; http_method; content:"/log/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642710/; classtype:trojan-activity;sid:84505810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642707)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642707/; classtype:trojan-activity;sid:84505807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642708)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642708/; classtype:trojan-activity;sid:84505808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642703)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642703/; classtype:trojan-activity;sid:84505803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642704)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642704/; classtype:trojan-activity;sid:84505804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642705)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642705/; classtype:trojan-activity;sid:84505805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642706)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642706/; classtype:trojan-activity;sid:84505806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642700)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642700/; classtype:trojan-activity;sid:84505800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642701)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642701/; classtype:trojan-activity;sid:84505801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642702)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642702/; classtype:trojan-activity;sid:84505802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642698)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642698/; classtype:trojan-activity;sid:84505798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642699)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642699/; classtype:trojan-activity;sid:84505799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642695)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/plc/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642695/; classtype:trojan-activity;sid:84505795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642696)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642696/; classtype:trojan-activity;sid:84505796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642697)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642697/; classtype:trojan-activity;sid:84505797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642694)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642694/; classtype:trojan-activity;sid:84505794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642692)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft/windows/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642692/; classtype:trojan-activity;sid:84505792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642693)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642693/; classtype:trojan-activity;sid:84505793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642689)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642689/; classtype:trojan-activity;sid:84505789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642690)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642690/; classtype:trojan-activity;sid:84505790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642691)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642691/; classtype:trojan-activity;sid:84505791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642685)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642685/; classtype:trojan-activity;sid:84505785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642686)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642686/; classtype:trojan-activity;sid:84505786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642687)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642687/; classtype:trojan-activity;sid:84505787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642688)"; flow:established,from_client; content:"GET"; http_method; content:"/areas/helppage/models/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642688/; classtype:trojan-activity;sid:84505788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642679)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642679/; classtype:trojan-activity;sid:84505779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642680)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642680/; classtype:trojan-activity;sid:84505780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642681)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642681/; classtype:trojan-activity;sid:84505781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642682)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642682/; classtype:trojan-activity;sid:84505782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642683)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642683/; classtype:trojan-activity;sid:84505783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642684)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642684/; classtype:trojan-activity;sid:84505784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642678)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642678/; classtype:trojan-activity;sid:84505778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642674)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642674/; classtype:trojan-activity;sid:84505774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642675)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642675/; classtype:trojan-activity;sid:84505775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642676)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642676/; classtype:trojan-activity;sid:84505776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642677)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/key/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642677/; classtype:trojan-activity;sid:84505777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642673)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642673/; classtype:trojan-activity;sid:84505773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642667)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642667/; classtype:trojan-activity;sid:84505767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642668)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642668/; classtype:trojan-activity;sid:84505768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642669)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642669/; classtype:trojan-activity;sid:84505769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642670)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642670/; classtype:trojan-activity;sid:84505770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642671)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642671/; classtype:trojan-activity;sid:84505771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642672)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642672/; classtype:trojan-activity;sid:84505772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642664)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642664/; classtype:trojan-activity;sid:84505764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642665)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642665/; classtype:trojan-activity;sid:84505765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642666)"; flow:established,from_client; content:"GET"; http_method; content:"/data/ingprice_%ec%9b%90%eb%a3%8c%ea%b0%80%ea%b2%a9/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642666/; classtype:trojan-activity;sid:84505766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642663)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642663/; classtype:trojan-activity;sid:84505763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642662)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642662/; classtype:trojan-activity;sid:84505762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642661)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642661/; classtype:trojan-activity;sid:84505761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642655)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642655/; classtype:trojan-activity;sid:84505755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642656)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/backup/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642656/; classtype:trojan-activity;sid:84505756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642657)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/a4/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642657/; classtype:trojan-activity;sid:84505757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642658)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642658/; classtype:trojan-activity;sid:84505758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642659)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642659/; classtype:trojan-activity;sid:84505759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642649)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642649/; classtype:trojan-activity;sid:84505749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642650)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/refs/remotes/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642650/; classtype:trojan-activity;sid:84505750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642651)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642651/; classtype:trojan-activity;sid:84505751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642652)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/resource/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642652/; classtype:trojan-activity;sid:84505752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642653)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642653/; classtype:trojan-activity;sid:84505753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642654)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642654/; classtype:trojan-activity;sid:84505754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642646)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642646/; classtype:trojan-activity;sid:84505746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642647)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/scripts/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642647/; classtype:trojan-activity;sid:84505747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642648)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642648/; classtype:trojan-activity;sid:84505748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642644)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642644/; classtype:trojan-activity;sid:84505744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642645)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/wicon/__pycache__/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642645/; classtype:trojan-activity;sid:84505745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642640)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642640/; classtype:trojan-activity;sid:84505740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642641)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642641/; classtype:trojan-activity;sid:84505741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642642)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642642/; classtype:trojan-activity;sid:84505742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642643)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/log/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642643/; classtype:trojan-activity;sid:84505743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642637)"; flow:established,from_client; content:"GET"; http_method; content:"/device/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642637/; classtype:trojan-activity;sid:84505737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642638)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642638/; classtype:trojan-activity;sid:84505738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642639)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642639/; classtype:trojan-activity;sid:84505739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642636)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642636/; classtype:trojan-activity;sid:84505736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642634)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/ammicafefile/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642634/; classtype:trojan-activity;sid:84505734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642635)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642635/; classtype:trojan-activity;sid:84505735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642633)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642633/; classtype:trojan-activity;sid:84505733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642631)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642631/; classtype:trojan-activity;sid:84505731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642632)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642632/; classtype:trojan-activity;sid:84505732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642624)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642624/; classtype:trojan-activity;sid:84505724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642625)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642625/; classtype:trojan-activity;sid:84505725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642626)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642626/; classtype:trojan-activity;sid:84505726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642627)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642627/; classtype:trojan-activity;sid:84505727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642628)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642628/; classtype:trojan-activity;sid:84505728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642629)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642629/; classtype:trojan-activity;sid:84505729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642630)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642630/; classtype:trojan-activity;sid:84505730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642623)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642623/; classtype:trojan-activity;sid:84505723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642621)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642621/; classtype:trojan-activity;sid:84505721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642622)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642622/; classtype:trojan-activity;sid:84505722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642617)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642617/; classtype:trojan-activity;sid:84505717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642618)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642618/; classtype:trojan-activity;sid:84505718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642619)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642619/; classtype:trojan-activity;sid:84505719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642620)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642620/; classtype:trojan-activity;sid:84505720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642616)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642616/; classtype:trojan-activity;sid:84505716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642613)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/eb/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642613/; classtype:trojan-activity;sid:84505713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642614)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/04/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642614/; classtype:trojan-activity;sid:84505714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642615)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"134.195.137.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642615/; classtype:trojan-activity;sid:84505715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642612)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642612/; classtype:trojan-activity;sid:84505712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642608)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642608/; classtype:trojan-activity;sid:84505708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642609)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642609/; classtype:trojan-activity;sid:84505709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642610)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642610/; classtype:trojan-activity;sid:84505710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642611)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642611/; classtype:trojan-activity;sid:84505711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642606)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642606/; classtype:trojan-activity;sid:84505706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642607)"; flow:established,from_client; content:"GET"; http_method; content:"/log/error/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642607/; classtype:trojan-activity;sid:84505707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642605)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/client/__pycache__/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642605/; classtype:trojan-activity;sid:84505705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642603)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642603/; classtype:trojan-activity;sid:84505703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642604)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642604/; classtype:trojan-activity;sid:84505704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642598)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642598/; classtype:trojan-activity;sid:84505698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642599)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642599/; classtype:trojan-activity;sid:84505699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642600)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642600/; classtype:trojan-activity;sid:84505700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642601)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642601/; classtype:trojan-activity;sid:84505701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642596)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642596/; classtype:trojan-activity;sid:84505696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642597)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642597/; classtype:trojan-activity;sid:84505697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642595)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642595/; classtype:trojan-activity;sid:84505695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642590)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/03/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642590/; classtype:trojan-activity;sid:84505690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642591)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642591/; classtype:trojan-activity;sid:84505691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642592)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/pack/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642592/; classtype:trojan-activity;sid:84505692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642593)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642593/; classtype:trojan-activity;sid:84505693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642594)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642594/; classtype:trojan-activity;sid:84505694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642588)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/logs/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642588/; classtype:trojan-activity;sid:84505688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642589)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/plc/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642589/; classtype:trojan-activity;sid:84505689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642584)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/ba/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642584/; classtype:trojan-activity;sid:84505684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642585)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642585/; classtype:trojan-activity;sid:84505685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642586)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/f9/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642586/; classtype:trojan-activity;sid:84505686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642587)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642587/; classtype:trojan-activity;sid:84505687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642579)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/refs/remotes/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642579/; classtype:trojan-activity;sid:84505679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642580)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642580/; classtype:trojan-activity;sid:84505680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642581)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642581/; classtype:trojan-activity;sid:84505681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642582)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642582/; classtype:trojan-activity;sid:84505682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642583)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642583/; classtype:trojan-activity;sid:84505683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642575)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642575/; classtype:trojan-activity;sid:84505675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642576)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/common/exceptions/__pycache__/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642576/; classtype:trojan-activity;sid:84505676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642577)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/77/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642577/; classtype:trojan-activity;sid:84505677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642578)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642578/; classtype:trojan-activity;sid:84505678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642571)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642571/; classtype:trojan-activity;sid:84505671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642572)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642572/; classtype:trojan-activity;sid:84505672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642573)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642573/; classtype:trojan-activity;sid:84505673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642574)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642574/; classtype:trojan-activity;sid:84505674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642568)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642568/; classtype:trojan-activity;sid:84505668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642569)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642569/; classtype:trojan-activity;sid:84505669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642570)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/common/exceptions/__pycache__/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642570/; classtype:trojan-activity;sid:84505670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642563)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642563/; classtype:trojan-activity;sid:84505663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642564)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642564/; classtype:trojan-activity;sid:84505664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642565)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/15/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642565/; classtype:trojan-activity;sid:84505665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642566)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642566/; classtype:trojan-activity;sid:84505666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642567)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642567/; classtype:trojan-activity;sid:84505667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642561)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642561/; classtype:trojan-activity;sid:84505661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642562)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642562/; classtype:trojan-activity;sid:84505662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642560)"; flow:established,from_client; content:"GET"; http_method; content:"/areas/helppage/controllers/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642560/; classtype:trojan-activity;sid:84505660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642557)"; flow:established,from_client; content:"GET"; http_method; content:"/obj/debug/temppe/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642557/; classtype:trojan-activity;sid:84505657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642558)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642558/; classtype:trojan-activity;sid:84505658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642559)"; flow:established,from_client; content:"GET"; http_method; content:"/log/fatal/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642559/; classtype:trojan-activity;sid:84505659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642555)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642555/; classtype:trojan-activity;sid:84505655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642556)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/refs/remotes/origin/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642556/; classtype:trojan-activity;sid:84505656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642554)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642554/; classtype:trojan-activity;sid:84505654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642551)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642551/; classtype:trojan-activity;sid:84505651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642552)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642552/; classtype:trojan-activity;sid:84505652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642553)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642553/; classtype:trojan-activity;sid:84505653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642547)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642547/; classtype:trojan-activity;sid:84505647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642548)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642548/; classtype:trojan-activity;sid:84505648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642549)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642549/; classtype:trojan-activity;sid:84505649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642550)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642550/; classtype:trojan-activity;sid:84505650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642546)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/c8/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642546/; classtype:trojan-activity;sid:84505646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642545)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642545/; classtype:trojan-activity;sid:84505645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642543)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642543/; classtype:trojan-activity;sid:84505643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642542)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/plc/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642542/; classtype:trojan-activity;sid:84505642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642541)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642541/; classtype:trojan-activity;sid:84505641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642538)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642538/; classtype:trojan-activity;sid:84505638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642539)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642539/; classtype:trojan-activity;sid:84505639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642540)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642540/; classtype:trojan-activity;sid:84505640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642534)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642534/; classtype:trojan-activity;sid:84505634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642535)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/common/__pycache__/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642535/; classtype:trojan-activity;sid:84505635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642536)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/common/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642536/; classtype:trojan-activity;sid:84505636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642537)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/wicon/__pycache__/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642537/; classtype:trojan-activity;sid:84505637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642529)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642529/; classtype:trojan-activity;sid:84505629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642530)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642530/; classtype:trojan-activity;sid:84505630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642531)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642531/; classtype:trojan-activity;sid:84505631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642532)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642532/; classtype:trojan-activity;sid:84505632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642533)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642533/; classtype:trojan-activity;sid:84505633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642526)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642526/; classtype:trojan-activity;sid:84505626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642527)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642527/; classtype:trojan-activity;sid:84505627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642528)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642528/; classtype:trojan-activity;sid:84505628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642525)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642525/; classtype:trojan-activity;sid:84505625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642522)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/ammicafefile/ammicafesetup/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642522/; classtype:trojan-activity;sid:84505622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642523)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642523/; classtype:trojan-activity;sid:84505623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642524)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642524/; classtype:trojan-activity;sid:84505624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642515)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642515/; classtype:trojan-activity;sid:84505615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642516)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642516/; classtype:trojan-activity;sid:84505616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642517)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/common/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642517/; classtype:trojan-activity;sid:84505617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642519)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/plc/__pycache__/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642519/; classtype:trojan-activity;sid:84505619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642520)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642520/; classtype:trojan-activity;sid:84505620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642521)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642521/; classtype:trojan-activity;sid:84505621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642512)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642512/; classtype:trojan-activity;sid:84505612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642513)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642513/; classtype:trojan-activity;sid:84505613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642514)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642514/; classtype:trojan-activity;sid:84505614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642510)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642510/; classtype:trojan-activity;sid:84505610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642511)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642511/; classtype:trojan-activity;sid:84505611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642508)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642508/; classtype:trojan-activity;sid:84505608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642509)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642509/; classtype:trojan-activity;sid:84505609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642503)"; flow:established,from_client; content:"GET"; http_method; content:"/wimx/file/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642503/; classtype:trojan-activity;sid:84505603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642504)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642504/; classtype:trojan-activity;sid:84505604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642505)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642505/; classtype:trojan-activity;sid:84505605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642506)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642506/; classtype:trojan-activity;sid:84505606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642507)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642507/; classtype:trojan-activity;sid:84505607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642499)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642499/; classtype:trojan-activity;sid:84505599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642500)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642500/; classtype:trojan-activity;sid:84505600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642501)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642501/; classtype:trojan-activity;sid:84505601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642498)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/hooks/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642498/; classtype:trojan-activity;sid:84505598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642497)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642497/; classtype:trojan-activity;sid:84505597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642496)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/plc/__pycache__/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642496/; classtype:trojan-activity;sid:84505596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642494)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642494/; classtype:trojan-activity;sid:84505594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642495)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/refs/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642495/; classtype:trojan-activity;sid:84505595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642492)"; flow:established,from_client; content:"GET"; http_method; content:"/log/info/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642492/; classtype:trojan-activity;sid:84505592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642493)"; flow:established,from_client; content:"GET"; http_method; content:"/upgradefiles/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642493/; classtype:trojan-activity;sid:84505593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642490)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642490/; classtype:trojan-activity;sid:84505590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642491)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642491/; classtype:trojan-activity;sid:84505591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642487)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/b4/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642487/; classtype:trojan-activity;sid:84505587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642488)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642488/; classtype:trojan-activity;sid:84505588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642489)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642489/; classtype:trojan-activity;sid:84505589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642485)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642485/; classtype:trojan-activity;sid:84505585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642486)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642486/; classtype:trojan-activity;sid:84505586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642484)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642484/; classtype:trojan-activity;sid:84505584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642483)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642483/; classtype:trojan-activity;sid:84505583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642482)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642482/; classtype:trojan-activity;sid:84505582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642478)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642478/; classtype:trojan-activity;sid:84505578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642479)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642479/; classtype:trojan-activity;sid:84505579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642480)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642480/; classtype:trojan-activity;sid:84505580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642481)"; flow:established,from_client; content:"GET"; http_method; content:"/wimx/file/icon/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642481/; classtype:trojan-activity;sid:84505581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642475)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642475/; classtype:trojan-activity;sid:84505575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642476)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642476/; classtype:trojan-activity;sid:84505576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642477)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642477/; classtype:trojan-activity;sid:84505577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642468)"; flow:established,from_client; content:"GET"; http_method; content:"/data/ingprice_%ec%9b%90%eb%a3%8c%ea%b0%80%ea%b2%a9/202207/sjk-ic/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642468/; classtype:trojan-activity;sid:84505568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642469)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642469/; classtype:trojan-activity;sid:84505569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642470)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642470/; classtype:trojan-activity;sid:84505570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642471)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642471/; classtype:trojan-activity;sid:84505571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642472)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642472/; classtype:trojan-activity;sid:84505572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642473)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642473/; classtype:trojan-activity;sid:84505573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642474)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/22/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642474/; classtype:trojan-activity;sid:84505574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642466)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642466/; classtype:trojan-activity;sid:84505566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642467)"; flow:established,from_client; content:"GET"; http_method; content:"/data/ingprice_%ec%9b%90%eb%a3%8c%ea%b0%80%ea%b2%a9/202207/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642467/; classtype:trojan-activity;sid:84505567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642464)"; flow:established,from_client; content:"GET"; http_method; content:"/log/debug/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642464/; classtype:trojan-activity;sid:84505564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642459)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642459/; classtype:trojan-activity;sid:84505559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642460)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642460/; classtype:trojan-activity;sid:84505560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642461)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642461/; classtype:trojan-activity;sid:84505561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642462)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642462/; classtype:trojan-activity;sid:84505562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642463)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642463/; classtype:trojan-activity;sid:84505563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642457)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642457/; classtype:trojan-activity;sid:84505557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642458)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642458/; classtype:trojan-activity;sid:84505558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642456)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642456/; classtype:trojan-activity;sid:84505556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642451)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642451/; classtype:trojan-activity;sid:84505551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642452)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642452/; classtype:trojan-activity;sid:84505552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642453)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642453/; classtype:trojan-activity;sid:84505553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642454)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642454/; classtype:trojan-activity;sid:84505554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642449)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642449/; classtype:trojan-activity;sid:84505549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642450)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642450/; classtype:trojan-activity;sid:84505550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642447)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642447/; classtype:trojan-activity;sid:84505547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642448)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642448/; classtype:trojan-activity;sid:84505548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642446)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642446/; classtype:trojan-activity;sid:84505546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642436)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642436/; classtype:trojan-activity;sid:84505536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642437)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20mumbai/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642437/; classtype:trojan-activity;sid:84505537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642438)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642438/; classtype:trojan-activity;sid:84505538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642439)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642439/; classtype:trojan-activity;sid:84505539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642440)"; flow:established,from_client; content:"GET"; http_method; content:"/log/fatal/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642440/; classtype:trojan-activity;sid:84505540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642441)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/src/common/exceptions/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642441/; classtype:trojan-activity;sid:84505541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642442)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642442/; classtype:trojan-activity;sid:84505542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642443)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642443/; classtype:trojan-activity;sid:84505543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642444)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642444/; classtype:trojan-activity;sid:84505544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642445)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642445/; classtype:trojan-activity;sid:84505545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642433)"; flow:established,from_client; content:"GET"; http_method; content:"/upgradefiles/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642433/; classtype:trojan-activity;sid:84505533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642434)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642434/; classtype:trojan-activity;sid:84505534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642435)"; flow:established,from_client; content:"GET"; http_method; content:"/data/202205/sjk-ic/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642435/; classtype:trojan-activity;sid:84505535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642432)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642432/; classtype:trojan-activity;sid:84505532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642429)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642429/; classtype:trojan-activity;sid:84505529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642430)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642430/; classtype:trojan-activity;sid:84505530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642431)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642431/; classtype:trojan-activity;sid:84505531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642428)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642428/; classtype:trojan-activity;sid:84505528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642426)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/01/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642426/; classtype:trojan-activity;sid:84505526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642427)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642427/; classtype:trojan-activity;sid:84505527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642424)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642424/; classtype:trojan-activity;sid:84505524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642425)"; flow:established,from_client; content:"GET"; http_method; content:"/log/info/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642425/; classtype:trojan-activity;sid:84505525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642421)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642421/; classtype:trojan-activity;sid:84505521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642422)"; flow:established,from_client; content:"GET"; http_method; content:"/02/info.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642422/; classtype:trojan-activity;sid:84505522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642423)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642423/; classtype:trojan-activity;sid:84505523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642418)"; flow:established,from_client; content:"GET"; http_method; content:"/data/202207/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642418/; classtype:trojan-activity;sid:84505518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642419)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642419/; classtype:trojan-activity;sid:84505519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642420)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/refs/remotes/origin/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642420/; classtype:trojan-activity;sid:84505520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642417)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/ammicafe2file/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642417/; classtype:trojan-activity;sid:84505517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642415)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642415/; classtype:trojan-activity;sid:84505515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642416)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642416/; classtype:trojan-activity;sid:84505516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642410)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642410/; classtype:trojan-activity;sid:84505510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642411)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642411/; classtype:trojan-activity;sid:84505511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642412)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642412/; classtype:trojan-activity;sid:84505512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642413)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642413/; classtype:trojan-activity;sid:84505513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642414)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642414/; classtype:trojan-activity;sid:84505514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642407)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642407/; classtype:trojan-activity;sid:84505507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642408)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/refs/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642408/; classtype:trojan-activity;sid:84505508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642409)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/2b/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642409/; classtype:trojan-activity;sid:84505509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642405)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642405/; classtype:trojan-activity;sid:84505505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642406)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/ammicafe2file/ammicafe2setup/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642406/; classtype:trojan-activity;sid:84505506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642403)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642403/; classtype:trojan-activity;sid:84505503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642397)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642397/; classtype:trojan-activity;sid:84505497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642398)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642398/; classtype:trojan-activity;sid:84505498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642399)"; flow:established,from_client; content:"GET"; http_method; content:"/obj/debug/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642399/; classtype:trojan-activity;sid:84505499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642400)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642400/; classtype:trojan-activity;sid:84505500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642401)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/22/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642401/; classtype:trojan-activity;sid:84505501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642402)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642402/; classtype:trojan-activity;sid:84505502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642395)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642395/; classtype:trojan-activity;sid:84505495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642396)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642396/; classtype:trojan-activity;sid:84505496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642394)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/flowmeter-report-system/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642394/; classtype:trojan-activity;sid:84505494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642391)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/logs/refs/heads/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642391/; classtype:trojan-activity;sid:84505491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642392)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202308/sjp-bt/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642392/; classtype:trojan-activity;sid:84505492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642390)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642390/; classtype:trojan-activity;sid:84505490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642389)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642389/; classtype:trojan-activity;sid:84505489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642387)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642387/; classtype:trojan-activity;sid:84505487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642388)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642388/; classtype:trojan-activity;sid:84505488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642386)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642386/; classtype:trojan-activity;sid:84505486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642382)"; flow:established,from_client; content:"GET"; http_method; content:"/big/html/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642382/; classtype:trojan-activity;sid:84505482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642383)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642383/; classtype:trojan-activity;sid:84505483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642384)"; flow:established,from_client; content:"GET"; http_method; content:"/models/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642384/; classtype:trojan-activity;sid:84505484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642385)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/18/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642385/; classtype:trojan-activity;sid:84505485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642380)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642380/; classtype:trojan-activity;sid:84505480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642381)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/resource/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642381/; classtype:trojan-activity;sid:84505481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642379)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642379/; classtype:trojan-activity;sid:84505479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642378)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642378/; classtype:trojan-activity;sid:84505478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642374)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642374/; classtype:trojan-activity;sid:84505474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642375)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642375/; classtype:trojan-activity;sid:84505475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642376)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642376/; classtype:trojan-activity;sid:84505476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642377)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642377/; classtype:trojan-activity;sid:84505477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642368)"; flow:established,from_client; content:"GET"; http_method; content:"/log/error/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642368/; classtype:trojan-activity;sid:84505468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642369)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642369/; classtype:trojan-activity;sid:84505469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642370)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642370/; classtype:trojan-activity;sid:84505470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642371)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642371/; classtype:trojan-activity;sid:84505471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642372)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/common/__pycache__/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642372/; classtype:trojan-activity;sid:84505472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642373)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642373/; classtype:trojan-activity;sid:84505473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642365)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642365/; classtype:trojan-activity;sid:84505465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642366)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642366/; classtype:trojan-activity;sid:84505466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642367)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642367/; classtype:trojan-activity;sid:84505467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642362)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642362/; classtype:trojan-activity;sid:84505462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642363)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/23/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642363/; classtype:trojan-activity;sid:84505463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642360)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642360/; classtype:trojan-activity;sid:84505460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642361)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642361/; classtype:trojan-activity;sid:84505461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642359)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642359/; classtype:trojan-activity;sid:84505459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642357)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642357/; classtype:trojan-activity;sid:84505457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642358)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642358/; classtype:trojan-activity;sid:84505458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642355)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642355/; classtype:trojan-activity;sid:84505455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642356)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642356/; classtype:trojan-activity;sid:84505456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642354)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642354/; classtype:trojan-activity;sid:84505454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642352)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642352/; classtype:trojan-activity;sid:84505452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642350)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/01/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642350/; classtype:trojan-activity;sid:84505450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642351)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642351/; classtype:trojan-activity;sid:84505451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642344)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642344/; classtype:trojan-activity;sid:84505444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642345)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642345/; classtype:trojan-activity;sid:84505445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642346)"; flow:established,from_client; content:"GET"; http_method; content:"/big/sql%20server%202014/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642346/; classtype:trojan-activity;sid:84505446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642347)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/03/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642347/; classtype:trojan-activity;sid:84505447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642348)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642348/; classtype:trojan-activity;sid:84505448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642349)"; flow:established,from_client; content:"GET"; http_method; content:"/images/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642349/; classtype:trojan-activity;sid:84505449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642342)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642342/; classtype:trojan-activity;sid:84505442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642343)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642343/; classtype:trojan-activity;sid:84505443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642332)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642332/; classtype:trojan-activity;sid:84505432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642333)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642333/; classtype:trojan-activity;sid:84505433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642334)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642334/; classtype:trojan-activity;sid:84505434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642335)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642335/; classtype:trojan-activity;sid:84505435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642336)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642336/; classtype:trojan-activity;sid:84505436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642337)"; flow:established,from_client; content:"GET"; http_method; content:"/log/warn/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642337/; classtype:trojan-activity;sid:84505437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642338)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642338/; classtype:trojan-activity;sid:84505438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642339)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642339/; classtype:trojan-activity;sid:84505439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642340)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642340/; classtype:trojan-activity;sid:84505440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642341)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202207/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642341/; classtype:trojan-activity;sid:84505441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642330)"; flow:established,from_client; content:"GET"; http_method; content:"/data/202207/sjk-ic/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642330/; classtype:trojan-activity;sid:84505430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642331)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642331/; classtype:trojan-activity;sid:84505431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642326)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642326/; classtype:trojan-activity;sid:84505426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642327)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642327/; classtype:trojan-activity;sid:84505427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642328)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642328/; classtype:trojan-activity;sid:84505428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642329)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642329/; classtype:trojan-activity;sid:84505429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642325)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/latest/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642325/; classtype:trojan-activity;sid:84505425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642323)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642323/; classtype:trojan-activity;sid:84505423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642324)"; flow:established,from_client; content:"GET"; http_method; content:"/01/info.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642324/; classtype:trojan-activity;sid:84505424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642320)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642320/; classtype:trojan-activity;sid:84505420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642322)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/client/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642322/; classtype:trojan-activity;sid:84505422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642319)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/00/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642319/; classtype:trojan-activity;sid:84505419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642316)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642316/; classtype:trojan-activity;sid:84505416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642317)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642317/; classtype:trojan-activity;sid:84505417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642318)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642318/; classtype:trojan-activity;sid:84505418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642315)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642315/; classtype:trojan-activity;sid:84505415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642313)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642313/; classtype:trojan-activity;sid:84505413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642314)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642314/; classtype:trojan-activity;sid:84505414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642312)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642312/; classtype:trojan-activity;sid:84505412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642311)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/common/exceptions/__pycache__/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642311/; classtype:trojan-activity;sid:84505411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642310)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642310/; classtype:trojan-activity;sid:84505410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642304)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642304/; classtype:trojan-activity;sid:84505404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642305)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/06/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642305/; classtype:trojan-activity;sid:84505405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642306)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642306/; classtype:trojan-activity;sid:84505406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642307)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/11/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642307/; classtype:trojan-activity;sid:84505407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642308)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642308/; classtype:trojan-activity;sid:84505408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642309)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/13/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642309/; classtype:trojan-activity;sid:84505409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642301)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642301/; classtype:trojan-activity;sid:84505401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642302)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/d1/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642302/; classtype:trojan-activity;sid:84505402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642303)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642303/; classtype:trojan-activity;sid:84505403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642296)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642296/; classtype:trojan-activity;sid:84505396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642297)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642297/; classtype:trojan-activity;sid:84505397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642298)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642298/; classtype:trojan-activity;sid:84505398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642299)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642299/; classtype:trojan-activity;sid:84505399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642300)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/06/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642300/; classtype:trojan-activity;sid:84505400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642294)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/inipaytest/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642294/; classtype:trojan-activity;sid:84505394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642292)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642292/; classtype:trojan-activity;sid:84505392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642293)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642293/; classtype:trojan-activity;sid:84505393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642289)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642289/; classtype:trojan-activity;sid:84505389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642290)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/src/common/exceptions/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642290/; classtype:trojan-activity;sid:84505390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642291)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642291/; classtype:trojan-activity;sid:84505391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642284)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/07/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642284/; classtype:trojan-activity;sid:84505384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642285)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/22/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642285/; classtype:trojan-activity;sid:84505385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642286)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642286/; classtype:trojan-activity;sid:84505386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642287)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642287/; classtype:trojan-activity;sid:84505387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642288)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642288/; classtype:trojan-activity;sid:84505388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642282)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/05/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642282/; classtype:trojan-activity;sid:84505382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642283)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/9a/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642283/; classtype:trojan-activity;sid:84505383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642280)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/20/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642280/; classtype:trojan-activity;sid:84505380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642281)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642281/; classtype:trojan-activity;sid:84505381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642278)"; flow:established,from_client; content:"GET"; http_method; content:"/log/warn/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642278/; classtype:trojan-activity;sid:84505378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642279)"; flow:established,from_client; content:"GET"; http_method; content:"/02/24/01/31/03/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642279/; classtype:trojan-activity;sid:84505379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642275)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642275/; classtype:trojan-activity;sid:84505375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642276)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642276/; classtype:trojan-activity;sid:84505376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642277)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-l-serial-gscam/latest/wicon-l-serial-gscam/.git/objects/5e/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642277/; classtype:trojan-activity;sid:84505377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642273)"; flow:established,from_client; content:"GET"; http_method; content:"/device/flowmeter-report-system/v0.400/flowmeter-report-system/src/common/__pycache__/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642273/; classtype:trojan-activity;sid:84505373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642268)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642268/; classtype:trojan-activity;sid:84505368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642269)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642269/; classtype:trojan-activity;sid:84505369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642270)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642270/; classtype:trojan-activity;sid:84505370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642271)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/02/21/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642271/; classtype:trojan-activity;sid:84505371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642267)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/02/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642267/; classtype:trojan-activity;sid:84505367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642265)"; flow:established,from_client; content:"GET"; http_method; content:"/device/wicon-moxa/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642265/; classtype:trojan-activity;sid:84505365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642266)"; flow:established,from_client; content:"GET"; http_method; content:"/data/forecast_%ec%a0%9c%ed%92%88%ec%98%88%ec%83%81%ec%83%9d%ec%82%b0%eb%9f%89/202206/sjk-ic/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"211.62.140.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642266/; classtype:trojan-activity;sid:84505366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642264)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642264/; classtype:trojan-activity;sid:84505364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642262)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/06/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642262/; classtype:trojan-activity;sid:84505362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642263)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/03/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642263/; classtype:trojan-activity;sid:84505363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642257)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/01/20/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642257/; classtype:trojan-activity;sid:84505357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642258)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/12/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642258/; classtype:trojan-activity;sid:84505358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642259)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642259/; classtype:trojan-activity;sid:84505359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642260)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642260/; classtype:trojan-activity;sid:84505360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642261)"; flow:established,from_client; content:"GET"; http_method; content:"/log/debug/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642261/; classtype:trojan-activity;sid:84505361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642256)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642256/; classtype:trojan-activity;sid:84505356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642254)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/16/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642254/; classtype:trojan-activity;sid:84505354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642255)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/12/31/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642255/; classtype:trojan-activity;sid:84505355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642252)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642252/; classtype:trojan-activity;sid:84505352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642253)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/09/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642253/; classtype:trojan-activity;sid:84505353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642248)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642248/; classtype:trojan-activity;sid:84505348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642249)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642249/; classtype:trojan-activity;sid:84505349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642251)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/19/18/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642251/; classtype:trojan-activity;sid:84505351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642245)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642245/; classtype:trojan-activity;sid:84505345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642246)"; flow:established,from_client; content:"GET"; http_method; content:"/big/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642246/; classtype:trojan-activity;sid:84505346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642247)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/09/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642247/; classtype:trojan-activity;sid:84505347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642244)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/01/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642244/; classtype:trojan-activity;sid:84505344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642243)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/11/12/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642243/; classtype:trojan-activity;sid:84505343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642241)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642241/; classtype:trojan-activity;sid:84505341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642242)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/14/17/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642242/; classtype:trojan-activity;sid:84505342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642240)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/16/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642240/; classtype:trojan-activity;sid:84505340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642239)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/10/07/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642239/; classtype:trojan-activity;sid:84505339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642238)"; flow:established,from_client; content:"GET"; http_method; content:"/log/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"58.52.216.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642238/; classtype:trojan-activity;sid:84505338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642236)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642236/; classtype:trojan-activity;sid:84505336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642237)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/08/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642237/; classtype:trojan-activity;sid:84505337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642234)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/05/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642234/; classtype:trojan-activity;sid:84505334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642235)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"58.52.216.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642235/; classtype:trojan-activity;sid:84505335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642227)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/04/08/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642227/; classtype:trojan-activity;sid:84505327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642230)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/03/14/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642230/; classtype:trojan-activity;sid:84505330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642231)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/09/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642231/; classtype:trojan-activity;sid:84505331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642232)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/10/10/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642232/; classtype:trojan-activity;sid:84505332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642233)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/04/11/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642233/; classtype:trojan-activity;sid:84505333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642224)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/05/15/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642224/; classtype:trojan-activity;sid:84505324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642225)"; flow:established,from_client; content:"GET"; http_method; content:"/01/23/11/07/13/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642225/; classtype:trojan-activity;sid:84505325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642226)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/jungminsof/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642226/; classtype:trojan-activity;sid:84505326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642095/; classtype:trojan-activity;sid:84505195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642094/; classtype:trojan-activity;sid:84505194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642093/; classtype:trojan-activity;sid:84505193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642092/; classtype:trojan-activity;sid:84505192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642091/; classtype:trojan-activity;sid:84505191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642090/; classtype:trojan-activity;sid:84505190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642089/; classtype:trojan-activity;sid:84505189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642088/; classtype:trojan-activity;sid:84505188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01042020144633/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642087/; classtype:trojan-activity;sid:84505187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642086/; classtype:trojan-activity;sid:84505186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020090013/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642085/; classtype:trojan-activity;sid:84505185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642084)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/outlook.pt-br/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642084/; classtype:trojan-activity;sid:84505184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642083/; classtype:trojan-activity;sid:84505183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642082/; classtype:trojan-activity;sid:84505182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642081/; classtype:trojan-activity;sid:84505181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642080/; classtype:trojan-activity;sid:84505180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642079/; classtype:trojan-activity;sid:84505179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/18082020081838/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642078/; classtype:trojan-activity;sid:84505178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/08092020083703/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642077/; classtype:trojan-activity;sid:84505177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642076/; classtype:trojan-activity;sid:84505176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06102020120914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642074/; classtype:trojan-activity;sid:84505174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020102922/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642075/; classtype:trojan-activity;sid:84505175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642073/; classtype:trojan-activity;sid:84505173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20022020082449/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642072/; classtype:trojan-activity;sid:84505172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642071/; classtype:trojan-activity;sid:84505171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12032020083345/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642070/; classtype:trojan-activity;sid:84505170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642069/; classtype:trojan-activity;sid:84505169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642068/; classtype:trojan-activity;sid:84505168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642067/; classtype:trojan-activity;sid:84505167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642066/; classtype:trojan-activity;sid:84505166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642065/; classtype:trojan-activity;sid:84505165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642064/; classtype:trojan-activity;sid:84505164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642063/; classtype:trojan-activity;sid:84505163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27082019111951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642062/; classtype:trojan-activity;sid:84505162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642061/; classtype:trojan-activity;sid:84505161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20112020075659/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642060/; classtype:trojan-activity;sid:84505160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06032020085842/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642059/; classtype:trojan-activity;sid:84505159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642058/; classtype:trojan-activity;sid:84505158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30042020084106/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642057/; classtype:trojan-activity;sid:84505157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642056/; classtype:trojan-activity;sid:84505156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642054/; classtype:trojan-activity;sid:84505154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22012020083435/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642055/; classtype:trojan-activity;sid:84505155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642051/; classtype:trojan-activity;sid:84505151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/22072020095449/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642052/; classtype:trojan-activity;sid:84505152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642053/; classtype:trojan-activity;sid:84505153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/16092020083639/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642050/; classtype:trojan-activity;sid:84505150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07082019095156/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642049/; classtype:trojan-activity;sid:84505149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02062020083409/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642048/; classtype:trojan-activity;sid:84505148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642046/; classtype:trojan-activity;sid:84505146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642047/; classtype:trojan-activity;sid:84505147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04102019092515/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642045/; classtype:trojan-activity;sid:84505145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642044/; classtype:trojan-activity;sid:84505144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/05082020084128/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642042/; classtype:trojan-activity;sid:84505142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04052020084825/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642041/; classtype:trojan-activity;sid:84505141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642040/; classtype:trojan-activity;sid:84505140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642038/; classtype:trojan-activity;sid:84505138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642037/; classtype:trojan-activity;sid:84505137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09012020082105/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642033/; classtype:trojan-activity;sid:84505133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12062020065326/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642034/; classtype:trojan-activity;sid:84505134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642027/; classtype:trojan-activity;sid:84505127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642026/; classtype:trojan-activity;sid:84505126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642025/; classtype:trojan-activity;sid:84505125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642024/; classtype:trojan-activity;sid:84505124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09092019082602/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642023/; classtype:trojan-activity;sid:84505123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24032020073038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642022/; classtype:trojan-activity;sid:84505122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642021/; classtype:trojan-activity;sid:84505121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642020/; classtype:trojan-activity;sid:84505120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642016/; classtype:trojan-activity;sid:84505116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642017/; classtype:trojan-activity;sid:84505117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642015/; classtype:trojan-activity;sid:84505115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642013/; classtype:trojan-activity;sid:84505113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642012/; classtype:trojan-activity;sid:84505112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642011/; classtype:trojan-activity;sid:84505111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-07/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642009/; classtype:trojan-activity;sid:84505109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642008/; classtype:trojan-activity;sid:84505108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642007/; classtype:trojan-activity;sid:84505107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642006/; classtype:trojan-activity;sid:84505106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22112019085154/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642005/; classtype:trojan-activity;sid:84505105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26112019085945/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642004/; classtype:trojan-activity;sid:84505104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642003/; classtype:trojan-activity;sid:84505103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642002/; classtype:trojan-activity;sid:84505102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642001/; classtype:trojan-activity;sid:84505101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11082019114157/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642000/; classtype:trojan-activity;sid:84505100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/31082020082340/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641999/; classtype:trojan-activity;sid:84505099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06102019070128/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641998/; classtype:trojan-activity;sid:84505098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641997)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/word.pt-br/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641997/; classtype:trojan-activity;sid:84505097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25102019084914/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641996/; classtype:trojan-activity;sid:84505096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641994/; classtype:trojan-activity;sid:84505094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07112019111454/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641995/; classtype:trojan-activity;sid:84505095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641993/; classtype:trojan-activity;sid:84505093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641992/; classtype:trojan-activity;sid:84505092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641991/; classtype:trojan-activity;sid:84505091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641989/; classtype:trojan-activity;sid:84505089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641990/; classtype:trojan-activity;sid:84505090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641988/; classtype:trojan-activity;sid:84505088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641987/; classtype:trojan-activity;sid:84505087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641985/; classtype:trojan-activity;sid:84505085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12032020102935/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641984/; classtype:trojan-activity;sid:84505084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641983/; classtype:trojan-activity;sid:84505083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15082019084619/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641982/; classtype:trojan-activity;sid:84505082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641981/; classtype:trojan-activity;sid:84505081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641980/; classtype:trojan-activity;sid:84505080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641979/; classtype:trojan-activity;sid:84505079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/19082020090554/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641978/; classtype:trojan-activity;sid:84505078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641977/; classtype:trojan-activity;sid:84505077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12012020114658/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641975/; classtype:trojan-activity;sid:84505075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-06-15/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641976/; classtype:trojan-activity;sid:84505076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04052020131203/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641974/; classtype:trojan-activity;sid:84505074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641973/; classtype:trojan-activity;sid:84505073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641971/; classtype:trojan-activity;sid:84505071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641970/; classtype:trojan-activity;sid:84505070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-06-22/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641969/; classtype:trojan-activity;sid:84505069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641967/; classtype:trojan-activity;sid:84505067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641966/; classtype:trojan-activity;sid:84505066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019100253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641964/; classtype:trojan-activity;sid:84505064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641965/; classtype:trojan-activity;sid:84505065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22052020090704/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641963/; classtype:trojan-activity;sid:84505063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641962/; classtype:trojan-activity;sid:84505062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09062020065325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641961/; classtype:trojan-activity;sid:84505061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641959/; classtype:trojan-activity;sid:84505059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641960/; classtype:trojan-activity;sid:84505060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-07/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641958/; classtype:trojan-activity;sid:84505058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641956/; classtype:trojan-activity;sid:84505056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641957/; classtype:trojan-activity;sid:84505057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641955/; classtype:trojan-activity;sid:84505055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/23112020082722/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641954/; classtype:trojan-activity;sid:84505054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641952/; classtype:trojan-activity;sid:84505052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641953/; classtype:trojan-activity;sid:84505053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-10/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641950/; classtype:trojan-activity;sid:84505050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641951/; classtype:trojan-activity;sid:84505051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641949/; classtype:trojan-activity;sid:84505049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641948/; classtype:trojan-activity;sid:84505048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20032020075744/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641947/; classtype:trojan-activity;sid:84505047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21102019084639/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641946/; classtype:trojan-activity;sid:84505046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641945/; classtype:trojan-activity;sid:84505045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641944/; classtype:trojan-activity;sid:84505044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641943/; classtype:trojan-activity;sid:84505043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/22092020082856/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641942/; classtype:trojan-activity;sid:84505042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14032020102525/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641941/; classtype:trojan-activity;sid:84505041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20112019085047/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641940/; classtype:trojan-activity;sid:84505040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641939/; classtype:trojan-activity;sid:84505039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641938/; classtype:trojan-activity;sid:84505038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641937/; classtype:trojan-activity;sid:84505037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06082020090723/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641935/; classtype:trojan-activity;sid:84505035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641930/; classtype:trojan-activity;sid:84505030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641929)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_29/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641929/; classtype:trojan-activity;sid:84505029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641928/; classtype:trojan-activity;sid:84505028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641927)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/office.pt-br/1046/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641927/; classtype:trojan-activity;sid:84505027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641926/; classtype:trojan-activity;sid:84505026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641925/; classtype:trojan-activity;sid:84505025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020135624/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641924/; classtype:trojan-activity;sid:84505024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641922/; classtype:trojan-activity;sid:84505022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641923/; classtype:trojan-activity;sid:84505023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641921/; classtype:trojan-activity;sid:84505021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641920/; classtype:trojan-activity;sid:84505020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641919)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641919/; classtype:trojan-activity;sid:84505019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641918/; classtype:trojan-activity;sid:84505018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641917/; classtype:trojan-activity;sid:84505017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641915/; classtype:trojan-activity;sid:84505015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641914/; classtype:trojan-activity;sid:84505014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641912/; classtype:trojan-activity;sid:84505012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641911)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27112019090820/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641911/; classtype:trojan-activity;sid:84505011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020084438/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641909/; classtype:trojan-activity;sid:84505009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641907)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/updates/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641907/; classtype:trojan-activity;sid:84505007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641906/; classtype:trojan-activity;sid:84505006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18112019131027/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641905/; classtype:trojan-activity;sid:84505005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641904/; classtype:trojan-activity;sid:84505004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641903/; classtype:trojan-activity;sid:84505003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641902/; classtype:trojan-activity;sid:84505002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641901/; classtype:trojan-activity;sid:84505001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641900/; classtype:trojan-activity;sid:84505000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641899/; classtype:trojan-activity;sid:84504999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641896/; classtype:trojan-activity;sid:84504996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641894/; classtype:trojan-activity;sid:84504994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641893/; classtype:trojan-activity;sid:84504993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641892/; classtype:trojan-activity;sid:84504992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09032020102512/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641891/; classtype:trojan-activity;sid:84504991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28082020083513/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641890/; classtype:trojan-activity;sid:84504990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641889/; classtype:trojan-activity;sid:84504989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641887/; classtype:trojan-activity;sid:84504987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641886/; classtype:trojan-activity;sid:84504986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641885)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proplus.ww/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641885/; classtype:trojan-activity;sid:84504985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11032020083252/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641884/; classtype:trojan-activity;sid:84504984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641883/; classtype:trojan-activity;sid:84504983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641882/; classtype:trojan-activity;sid:84504982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-03/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641881/; classtype:trojan-activity;sid:84504981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07052020090035/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641880/; classtype:trojan-activity;sid:84504980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641877/; classtype:trojan-activity;sid:84504977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641878/; classtype:trojan-activity;sid:84504978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641876/; classtype:trojan-activity;sid:84504976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641875/; classtype:trojan-activity;sid:84504975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641873)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/onenote.pt-br/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641873/; classtype:trojan-activity;sid:84504973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641874/; classtype:trojan-activity;sid:84504974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641872/; classtype:trojan-activity;sid:84504972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641871/; classtype:trojan-activity;sid:84504971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641870/; classtype:trojan-activity;sid:84504970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18012020091226/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641868/; classtype:trojan-activity;sid:84504968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641866/; classtype:trojan-activity;sid:84504966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641867/; classtype:trojan-activity;sid:84504967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641865/; classtype:trojan-activity;sid:84504965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10032020085405/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641863/; classtype:trojan-activity;sid:84504963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641860)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_36/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641860/; classtype:trojan-activity;sid:84504960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-19/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641861/; classtype:trojan-activity;sid:84504961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641859/; classtype:trojan-activity;sid:84504959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641858/; classtype:trojan-activity;sid:84504958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641857/; classtype:trojan-activity;sid:84504957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641856/; classtype:trojan-activity;sid:84504956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641855/; classtype:trojan-activity;sid:84504955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641853/; classtype:trojan-activity;sid:84504953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641852/; classtype:trojan-activity;sid:84504952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641851/; classtype:trojan-activity;sid:84504951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641850/; classtype:trojan-activity;sid:84504950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-19/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641849/; classtype:trojan-activity;sid:84504949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14112019083146/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641848/; classtype:trojan-activity;sid:84504948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019101059/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641845/; classtype:trojan-activity;sid:84504945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641834)"; flow:established,from_client; content:"GET"; http_method; content:"/images/art/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641834/; classtype:trojan-activity;sid:84504934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641832/; classtype:trojan-activity;sid:84504932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641831/; classtype:trojan-activity;sid:84504931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641830/; classtype:trojan-activity;sid:84504930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25102019073347/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641828/; classtype:trojan-activity;sid:84504928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641829/; classtype:trojan-activity;sid:84504929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641827/; classtype:trojan-activity;sid:84504927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641826/; classtype:trojan-activity;sid:84504926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25062020085902/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641825/; classtype:trojan-activity;sid:84504925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641824/; classtype:trojan-activity;sid:84504924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641822/; classtype:trojan-activity;sid:84504922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641823/; classtype:trojan-activity;sid:84504923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641821/; classtype:trojan-activity;sid:84504921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641820/; classtype:trojan-activity;sid:84504920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641818/; classtype:trojan-activity;sid:84504918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641819/; classtype:trojan-activity;sid:84504919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641817/; classtype:trojan-activity;sid:84504917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020083708/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641816/; classtype:trojan-activity;sid:84504916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-11-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641815/; classtype:trojan-activity;sid:84504915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641814)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/appdata/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641814/; classtype:trojan-activity;sid:84504914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641813/; classtype:trojan-activity;sid:84504913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641812/; classtype:trojan-activity;sid:84504912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641811/; classtype:trojan-activity;sid:84504911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641810/; classtype:trojan-activity;sid:84504910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641809)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/office.pt-br/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641809/; classtype:trojan-activity;sid:84504909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04112019085211/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641808/; classtype:trojan-activity;sid:84504908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641807)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_144/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641807/; classtype:trojan-activity;sid:84504907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641804/; classtype:trojan-activity;sid:84504904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641805/; classtype:trojan-activity;sid:84504905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641806/; classtype:trojan-activity;sid:84504906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112019084824/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641803/; classtype:trojan-activity;sid:84504903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-07-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641802/; classtype:trojan-activity;sid:84504902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641800)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/publisher.pt-br/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641800/; classtype:trojan-activity;sid:84504900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641801/; classtype:trojan-activity;sid:84504901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27022020083333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641799/; classtype:trojan-activity;sid:84504899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19032020073909/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641798/; classtype:trojan-activity;sid:84504898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641797/; classtype:trojan-activity;sid:84504897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641796/; classtype:trojan-activity;sid:84504896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641794/; classtype:trojan-activity;sid:84504894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641793)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21012020082218/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641793/; classtype:trojan-activity;sid:84504893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641792/; classtype:trojan-activity;sid:84504892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641790/; classtype:trojan-activity;sid:84504890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020095618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641791/; classtype:trojan-activity;sid:84504891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641788/; classtype:trojan-activity;sid:84504888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641789/; classtype:trojan-activity;sid:84504889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641787/; classtype:trojan-activity;sid:84504887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06022020093844/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641785/; classtype:trojan-activity;sid:84504885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641786/; classtype:trojan-activity;sid:84504886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641784/; classtype:trojan-activity;sid:84504884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-25/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641783/; classtype:trojan-activity;sid:84504883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641782/; classtype:trojan-activity;sid:84504882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641781/; classtype:trojan-activity;sid:84504881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641780/; classtype:trojan-activity;sid:84504880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641779/; classtype:trojan-activity;sid:84504879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17082020083348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641777/; classtype:trojan-activity;sid:84504877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641776/; classtype:trojan-activity;sid:84504876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641775/; classtype:trojan-activity;sid:84504875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641774/; classtype:trojan-activity;sid:84504874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641773/; classtype:trojan-activity;sid:84504873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641772/; classtype:trojan-activity;sid:84504872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641771/; classtype:trojan-activity;sid:84504871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641770/; classtype:trojan-activity;sid:84504870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641769/; classtype:trojan-activity;sid:84504869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17012020091428/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641768/; classtype:trojan-activity;sid:84504868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13082019090556/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641767/; classtype:trojan-activity;sid:84504867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18112019112607/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641766/; classtype:trojan-activity;sid:84504866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13012020082802/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641765/; classtype:trojan-activity;sid:84504865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641764/; classtype:trojan-activity;sid:84504864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641762/; classtype:trojan-activity;sid:84504862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641761/; classtype:trojan-activity;sid:84504861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641760/; classtype:trojan-activity;sid:84504860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641759/; classtype:trojan-activity;sid:84504859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641758/; classtype:trojan-activity;sid:84504858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641757/; classtype:trojan-activity;sid:84504857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05062020082912/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641756/; classtype:trojan-activity;sid:84504856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641755/; classtype:trojan-activity;sid:84504855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-26/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641754/; classtype:trojan-activity;sid:84504854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0011/29072020113926/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641753/; classtype:trojan-activity;sid:84504853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641752/; classtype:trojan-activity;sid:84504852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641751/; classtype:trojan-activity;sid:84504851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10022020085604/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641750/; classtype:trojan-activity;sid:84504850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641748/; classtype:trojan-activity;sid:84504848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641749/; classtype:trojan-activity;sid:84504849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641746/; classtype:trojan-activity;sid:84504846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10082020090725/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641747/; classtype:trojan-activity;sid:84504847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641745/; classtype:trojan-activity;sid:84504845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/05102020084802/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641744/; classtype:trojan-activity;sid:84504844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16122019112226/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641742/; classtype:trojan-activity;sid:84504842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641739/; classtype:trojan-activity;sid:84504839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641740/; classtype:trojan-activity;sid:84504840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641736/; classtype:trojan-activity;sid:84504836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-11/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641737/; classtype:trojan-activity;sid:84504837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641738/; classtype:trojan-activity;sid:84504838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641734/; classtype:trojan-activity;sid:84504834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16092019083649/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641733/; classtype:trojan-activity;sid:84504833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641732/; classtype:trojan-activity;sid:84504832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641730/; classtype:trojan-activity;sid:84504830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/13102020085236/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641729/; classtype:trojan-activity;sid:84504829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641728/; classtype:trojan-activity;sid:84504828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02042020085850/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641727/; classtype:trojan-activity;sid:84504827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641726/; classtype:trojan-activity;sid:84504826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641711/; classtype:trojan-activity;sid:84504811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14022020075534/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641712/; classtype:trojan-activity;sid:84504812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641713/; classtype:trojan-activity;sid:84504813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20042020090107/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641714/; classtype:trojan-activity;sid:84504814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/01102020083605/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641715/; classtype:trojan-activity;sid:84504815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641716/; classtype:trojan-activity;sid:84504816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641717/; classtype:trojan-activity;sid:84504817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641718/; classtype:trojan-activity;sid:84504818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12112019090951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641719/; classtype:trojan-activity;sid:84504819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641720/; classtype:trojan-activity;sid:84504820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020083823/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641721/; classtype:trojan-activity;sid:84504821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641722/; classtype:trojan-activity;sid:84504822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641723/; classtype:trojan-activity;sid:84504823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14112019082716/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641724/; classtype:trojan-activity;sid:84504824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641725/; classtype:trojan-activity;sid:84504825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23012020080014/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641709/; classtype:trojan-activity;sid:84504809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641710/; classtype:trojan-activity;sid:84504810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641708/; classtype:trojan-activity;sid:84504808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/16112020080645/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641707/; classtype:trojan-activity;sid:84504807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641706)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/themes/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641706/; classtype:trojan-activity;sid:84504806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020083528/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641704/; classtype:trojan-activity;sid:84504804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06122019085029/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641702/; classtype:trojan-activity;sid:84504802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641703/; classtype:trojan-activity;sid:84504803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641700/; classtype:trojan-activity;sid:84504800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06112019090428/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641701/; classtype:trojan-activity;sid:84504801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641699/; classtype:trojan-activity;sid:84504799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/31082020083336/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641698/; classtype:trojan-activity;sid:84504798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641697/; classtype:trojan-activity;sid:84504797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/04082020085104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641696/; classtype:trojan-activity;sid:84504796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641695/; classtype:trojan-activity;sid:84504795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28112019084833/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641694/; classtype:trojan-activity;sid:84504794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641693/; classtype:trojan-activity;sid:84504793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24062020085042/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641692/; classtype:trojan-activity;sid:84504792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641690/; classtype:trojan-activity;sid:84504790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/09112020084312/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641689/; classtype:trojan-activity;sid:84504789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30082019094430/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641688/; classtype:trojan-activity;sid:84504788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641684/; classtype:trojan-activity;sid:84504784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641686/; classtype:trojan-activity;sid:84504786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06112019090008/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641683/; classtype:trojan-activity;sid:84504783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641680/; classtype:trojan-activity;sid:84504780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641681/; classtype:trojan-activity;sid:84504781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641682/; classtype:trojan-activity;sid:84504782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641678/; classtype:trojan-activity;sid:84504778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641679/; classtype:trojan-activity;sid:84504779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641677/; classtype:trojan-activity;sid:84504777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-10-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641676/; classtype:trojan-activity;sid:84504776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641675/; classtype:trojan-activity;sid:84504775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641673)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05032020083018/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641673/; classtype:trojan-activity;sid:84504773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-11-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641674/; classtype:trojan-activity;sid:84504774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641671/; classtype:trojan-activity;sid:84504771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641672/; classtype:trojan-activity;sid:84504772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641670/; classtype:trojan-activity;sid:84504770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641669/; classtype:trojan-activity;sid:84504769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641667/; classtype:trojan-activity;sid:84504767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641666/; classtype:trojan-activity;sid:84504766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14022020101750/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641665/; classtype:trojan-activity;sid:84504765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641664/; classtype:trojan-activity;sid:84504764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06012020093800/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641662/; classtype:trojan-activity;sid:84504762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14052020083553/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641663/; classtype:trojan-activity;sid:84504763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641661/; classtype:trojan-activity;sid:84504761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641660/; classtype:trojan-activity;sid:84504760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641659/; classtype:trojan-activity;sid:84504759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641658/; classtype:trojan-activity;sid:84504758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641657/; classtype:trojan-activity;sid:84504757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641656/; classtype:trojan-activity;sid:84504756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18112019085624/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641654/; classtype:trojan-activity;sid:84504754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27012020084558/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641653/; classtype:trojan-activity;sid:84504753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641652/; classtype:trojan-activity;sid:84504752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641651/; classtype:trojan-activity;sid:84504751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641650)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_69/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641650/; classtype:trojan-activity;sid:84504750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641649/; classtype:trojan-activity;sid:84504749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641643)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_347/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641643/; classtype:trojan-activity;sid:84504743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641642)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_3/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641642/; classtype:trojan-activity;sid:84504742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06112020090241/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641635/; classtype:trojan-activity;sid:84504735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641636/; classtype:trojan-activity;sid:84504736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24042020083722/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641634/; classtype:trojan-activity;sid:84504734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641633/; classtype:trojan-activity;sid:84504733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641632/; classtype:trojan-activity;sid:84504732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641629/; classtype:trojan-activity;sid:84504729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641628/; classtype:trojan-activity;sid:84504728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641625/; classtype:trojan-activity;sid:84504725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-12-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641626/; classtype:trojan-activity;sid:84504726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020091931/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641627/; classtype:trojan-activity;sid:84504727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-06/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641623/; classtype:trojan-activity;sid:84504723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01122019102545/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641621/; classtype:trojan-activity;sid:84504721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06032020084117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641622/; classtype:trojan-activity;sid:84504722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/23102020082938/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641620/; classtype:trojan-activity;sid:84504720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641619/; classtype:trojan-activity;sid:84504719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641617/; classtype:trojan-activity;sid:84504717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641618/; classtype:trojan-activity;sid:84504718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/22102020084232/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641616/; classtype:trojan-activity;sid:84504716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641615/; classtype:trojan-activity;sid:84504715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112019085719/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641614/; classtype:trojan-activity;sid:84504714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641613/; classtype:trojan-activity;sid:84504713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20102020083408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641612/; classtype:trojan-activity;sid:84504712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641611/; classtype:trojan-activity;sid:84504711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641610/; classtype:trojan-activity;sid:84504710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641609/; classtype:trojan-activity;sid:84504709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30122019104034/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641608/; classtype:trojan-activity;sid:84504708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641607/; classtype:trojan-activity;sid:84504707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10122019131606/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641606/; classtype:trojan-activity;sid:84504706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-17/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641602/; classtype:trojan-activity;sid:84504702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05012020072812/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641600/; classtype:trojan-activity;sid:84504700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20092019072321/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641598/; classtype:trojan-activity;sid:84504698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13012020090053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641599/; classtype:trojan-activity;sid:84504699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641596/; classtype:trojan-activity;sid:84504696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641595/; classtype:trojan-activity;sid:84504695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05112019084645/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641594/; classtype:trojan-activity;sid:84504694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641593/; classtype:trojan-activity;sid:84504693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16092019113153/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641591/; classtype:trojan-activity;sid:84504691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641590/; classtype:trojan-activity;sid:84504690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641589/; classtype:trojan-activity;sid:84504689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-15/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641588/; classtype:trojan-activity;sid:84504688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641587)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/resources/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641587/; classtype:trojan-activity;sid:84504687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641582/; classtype:trojan-activity;sid:84504682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17082020084115/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641583/; classtype:trojan-activity;sid:84504683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641584/; classtype:trojan-activity;sid:84504684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17082019083733/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641585/; classtype:trojan-activity;sid:84504685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641586/; classtype:trojan-activity;sid:84504686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641581/; classtype:trojan-activity;sid:84504681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27112019091721/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641580/; classtype:trojan-activity;sid:84504680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641579/; classtype:trojan-activity;sid:84504679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641578/; classtype:trojan-activity;sid:84504678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641576/; classtype:trojan-activity;sid:84504676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/11022020085457/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641577/; classtype:trojan-activity;sid:84504677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641575/; classtype:trojan-activity;sid:84504675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641574/; classtype:trojan-activity;sid:84504674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-10-19/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641573/; classtype:trojan-activity;sid:84504673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641572/; classtype:trojan-activity;sid:84504672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641569/; classtype:trojan-activity;sid:84504669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641568/; classtype:trojan-activity;sid:84504668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641566/; classtype:trojan-activity;sid:84504666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641565/; classtype:trojan-activity;sid:84504665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641563/; classtype:trojan-activity;sid:84504663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13052020090138/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641564/; classtype:trojan-activity;sid:84504664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641562/; classtype:trojan-activity;sid:84504662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641561/; classtype:trojan-activity;sid:84504661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641560/; classtype:trojan-activity;sid:84504660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10032020084152/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641559/; classtype:trojan-activity;sid:84504659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13012020081632/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641558/; classtype:trojan-activity;sid:84504658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641557/; classtype:trojan-activity;sid:84504657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641556/; classtype:trojan-activity;sid:84504656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641555/; classtype:trojan-activity;sid:84504655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641554/; classtype:trojan-activity;sid:84504654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641553/; classtype:trojan-activity;sid:84504653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641551/; classtype:trojan-activity;sid:84504651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17102019085236/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641552/; classtype:trojan-activity;sid:84504652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641550/; classtype:trojan-activity;sid:84504650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641549/; classtype:trojan-activity;sid:84504649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23042020084528/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641548/; classtype:trojan-activity;sid:84504648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641547/; classtype:trojan-activity;sid:84504647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641546/; classtype:trojan-activity;sid:84504646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/01092020082447/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641545/; classtype:trojan-activity;sid:84504645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08062020064956/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641544/; classtype:trojan-activity;sid:84504644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641542/; classtype:trojan-activity;sid:84504642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641541/; classtype:trojan-activity;sid:84504641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641540)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020074518/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641540/; classtype:trojan-activity;sid:84504640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20122019085806/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641536/; classtype:trojan-activity;sid:84504636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641537/; classtype:trojan-activity;sid:84504637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641538)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17062020070325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641538/; classtype:trojan-activity;sid:84504638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641539/; classtype:trojan-activity;sid:84504639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641533/; classtype:trojan-activity;sid:84504633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641534)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_92/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641534/; classtype:trojan-activity;sid:84504634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112019094548/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641532/; classtype:trojan-activity;sid:84504632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641530/; classtype:trojan-activity;sid:84504630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641531/; classtype:trojan-activity;sid:84504631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641529/; classtype:trojan-activity;sid:84504629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641528/; classtype:trojan-activity;sid:84504628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641527)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_19/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641527/; classtype:trojan-activity;sid:84504627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641526/; classtype:trojan-activity;sid:84504626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641525)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_0/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641525/; classtype:trojan-activity;sid:84504625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04112019140630/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641523/; classtype:trojan-activity;sid:84504623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641524/; classtype:trojan-activity;sid:84504624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22112019085600/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641522/; classtype:trojan-activity;sid:84504622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641520/; classtype:trojan-activity;sid:84504620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641519/; classtype:trojan-activity;sid:84504619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641518/; classtype:trojan-activity;sid:84504618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641517/; classtype:trojan-activity;sid:84504617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641516/; classtype:trojan-activity;sid:84504616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641515/; classtype:trojan-activity;sid:84504615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019083450/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641513/; classtype:trojan-activity;sid:84504613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641512/; classtype:trojan-activity;sid:84504612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641511)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_17/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641511/; classtype:trojan-activity;sid:84504611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29122019152504/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641510/; classtype:trojan-activity;sid:84504610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641509/; classtype:trojan-activity;sid:84504609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641508/; classtype:trojan-activity;sid:84504608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-09-08/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641507/; classtype:trojan-activity;sid:84504607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-11-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641506/; classtype:trojan-activity;sid:84504606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06052020085414/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641505/; classtype:trojan-activity;sid:84504605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17122019110411/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641504/; classtype:trojan-activity;sid:84504604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641501)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_191/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641501/; classtype:trojan-activity;sid:84504601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641499)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proofing.pt-br/proof.pt-br/info.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641499/; classtype:trojan-activity;sid:84504599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641498/; classtype:trojan-activity;sid:84504598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641496/; classtype:trojan-activity;sid:84504596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019094240/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641495/; classtype:trojan-activity;sid:84504595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641494/; classtype:trojan-activity;sid:84504594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641493/; classtype:trojan-activity;sid:84504593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641491/; classtype:trojan-activity;sid:84504591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641492/; classtype:trojan-activity;sid:84504592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641490/; classtype:trojan-activity;sid:84504590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641489/; classtype:trojan-activity;sid:84504589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641488/; classtype:trojan-activity;sid:84504588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641486/; classtype:trojan-activity;sid:84504586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/05112020085432/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641484/; classtype:trojan-activity;sid:84504584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19102020082918/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641485/; classtype:trojan-activity;sid:84504585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641482/; classtype:trojan-activity;sid:84504582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/13082020083033/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641480/; classtype:trojan-activity;sid:84504580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641481/; classtype:trojan-activity;sid:84504581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641479/; classtype:trojan-activity;sid:84504579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641478/; classtype:trojan-activity;sid:84504578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641475)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/idi/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641475/; classtype:trojan-activity;sid:84504575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641476/; classtype:trojan-activity;sid:84504576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641474/; classtype:trojan-activity;sid:84504574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641473/; classtype:trojan-activity;sid:84504573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10102019112808/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641472/; classtype:trojan-activity;sid:84504572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641471/; classtype:trojan-activity;sid:84504571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10112020091952/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641470/; classtype:trojan-activity;sid:84504570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641469/; classtype:trojan-activity;sid:84504569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641467/; classtype:trojan-activity;sid:84504567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14012020073013/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641468/; classtype:trojan-activity;sid:84504568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641465/; classtype:trojan-activity;sid:84504565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641466/; classtype:trojan-activity;sid:84504566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641464/; classtype:trojan-activity;sid:84504564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641463/; classtype:trojan-activity;sid:84504563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020114247/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641462/; classtype:trojan-activity;sid:84504562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15052020095253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641461/; classtype:trojan-activity;sid:84504561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28012020091001/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641460/; classtype:trojan-activity;sid:84504560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641459)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proofing.pt-br/proof.es/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641459/; classtype:trojan-activity;sid:84504559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-28/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641458/; classtype:trojan-activity;sid:84504558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641457/; classtype:trojan-activity;sid:84504557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641456/; classtype:trojan-activity;sid:84504556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641455/; classtype:trojan-activity;sid:84504555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641454/; classtype:trojan-activity;sid:84504554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641453/; classtype:trojan-activity;sid:84504553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020112701/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641450/; classtype:trojan-activity;sid:84504550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06012020095258/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641451/; classtype:trojan-activity;sid:84504551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641449)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641449/; classtype:trojan-activity;sid:84504549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641448/; classtype:trojan-activity;sid:84504548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10022020071241/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641447/; classtype:trojan-activity;sid:84504547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25022020080706/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641445/; classtype:trojan-activity;sid:84504545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641446/; classtype:trojan-activity;sid:84504546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-11-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641443/; classtype:trojan-activity;sid:84504543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641442/; classtype:trojan-activity;sid:84504542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641441/; classtype:trojan-activity;sid:84504541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641440/; classtype:trojan-activity;sid:84504540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641438/; classtype:trojan-activity;sid:84504538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641437/; classtype:trojan-activity;sid:84504537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641436/; classtype:trojan-activity;sid:84504536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-31/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641433/; classtype:trojan-activity;sid:84504533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11102019090058/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641434/; classtype:trojan-activity;sid:84504534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641435/; classtype:trojan-activity;sid:84504535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24062020085549/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641432/; classtype:trojan-activity;sid:84504532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641428/; classtype:trojan-activity;sid:84504528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18052020084343/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641426/; classtype:trojan-activity;sid:84504526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13102020085232/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641427/; classtype:trojan-activity;sid:84504527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641424/; classtype:trojan-activity;sid:84504524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641423/; classtype:trojan-activity;sid:84504523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641421/; classtype:trojan-activity;sid:84504521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641422/; classtype:trojan-activity;sid:84504522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641419)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/rosebud.pt-br/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641419/; classtype:trojan-activity;sid:84504519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09102019082543/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641420/; classtype:trojan-activity;sid:84504520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641418/; classtype:trojan-activity;sid:84504518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22092019102818/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641417/; classtype:trojan-activity;sid:84504517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641416/; classtype:trojan-activity;sid:84504516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641413/; classtype:trojan-activity;sid:84504513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641414/; classtype:trojan-activity;sid:84504514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641415/; classtype:trojan-activity;sid:84504515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641411/; classtype:trojan-activity;sid:84504511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641410)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641410/; classtype:trojan-activity;sid:84504510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641409)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641409/; classtype:trojan-activity;sid:84504509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02122019130901/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641408/; classtype:trojan-activity;sid:84504508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03082020090209/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641404/; classtype:trojan-activity;sid:84504504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641401/; classtype:trojan-activity;sid:84504501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641396/; classtype:trojan-activity;sid:84504496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02102019104453/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641395/; classtype:trojan-activity;sid:84504495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641394/; classtype:trojan-activity;sid:84504494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14022020103240/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641393/; classtype:trojan-activity;sid:84504493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04122019080359/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641392/; classtype:trojan-activity;sid:84504492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15122019082258/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641390/; classtype:trojan-activity;sid:84504490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17092020090857/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641389/; classtype:trojan-activity;sid:84504489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641388/; classtype:trojan-activity;sid:84504488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17032020103439/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641387/; classtype:trojan-activity;sid:84504487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641386/; classtype:trojan-activity;sid:84504486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03032020095833/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641385/; classtype:trojan-activity;sid:84504485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641383/; classtype:trojan-activity;sid:84504483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10012020083037/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641382/; classtype:trojan-activity;sid:84504482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16012020082754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641381/; classtype:trojan-activity;sid:84504481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641380/; classtype:trojan-activity;sid:84504480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641379/; classtype:trojan-activity;sid:84504479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-24/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641376/; classtype:trojan-activity;sid:84504476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-11-03/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641374/; classtype:trojan-activity;sid:84504474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-21/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641372/; classtype:trojan-activity;sid:84504472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641373/; classtype:trojan-activity;sid:84504473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641371/; classtype:trojan-activity;sid:84504471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641370/; classtype:trojan-activity;sid:84504470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641368/; classtype:trojan-activity;sid:84504468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23102019085610/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641369/; classtype:trojan-activity;sid:84504469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641366/; classtype:trojan-activity;sid:84504466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641365/; classtype:trojan-activity;sid:84504465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641362/; classtype:trojan-activity;sid:84504462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641363)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_16/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641363/; classtype:trojan-activity;sid:84504463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06022020082635/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641364/; classtype:trojan-activity;sid:84504464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019095431/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641360/; classtype:trojan-activity;sid:84504460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641361)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-12/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641361/; classtype:trojan-activity;sid:84504461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641358/; classtype:trojan-activity;sid:84504458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641359/; classtype:trojan-activity;sid:84504459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641357/; classtype:trojan-activity;sid:84504457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641356/; classtype:trojan-activity;sid:84504456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16012020075146/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641353/; classtype:trojan-activity;sid:84504453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641354/; classtype:trojan-activity;sid:84504454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641355/; classtype:trojan-activity;sid:84504455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641352/; classtype:trojan-activity;sid:84504452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020101213/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641351/; classtype:trojan-activity;sid:84504451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641350)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641350/; classtype:trojan-activity;sid:84504450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03012020082328/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641349/; classtype:trojan-activity;sid:84504449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641348/; classtype:trojan-activity;sid:84504448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12122019124813/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641347/; classtype:trojan-activity;sid:84504447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641346/; classtype:trojan-activity;sid:84504446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641345/; classtype:trojan-activity;sid:84504445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641344/; classtype:trojan-activity;sid:84504444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18082019071306/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641343/; classtype:trojan-activity;sid:84504443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641342/; classtype:trojan-activity;sid:84504442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07022020083601/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641341/; classtype:trojan-activity;sid:84504441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09082019095803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641340/; classtype:trojan-activity;sid:84504440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641338/; classtype:trojan-activity;sid:84504438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641337/; classtype:trojan-activity;sid:84504437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641336)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_57/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641336/; classtype:trojan-activity;sid:84504436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13102020082733/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641335/; classtype:trojan-activity;sid:84504435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641329)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_26/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641329/; classtype:trojan-activity;sid:84504429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641321)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_65/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641321/; classtype:trojan-activity;sid:84504421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641320)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10092020084119/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641320/; classtype:trojan-activity;sid:84504420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641319/; classtype:trojan-activity;sid:84504419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641318/; classtype:trojan-activity;sid:84504418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641317)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/platform/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641317/; classtype:trojan-activity;sid:84504417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-02/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641316/; classtype:trojan-activity;sid:84504416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641315)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29012020102806/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641315/; classtype:trojan-activity;sid:84504415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641314/; classtype:trojan-activity;sid:84504414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641313/; classtype:trojan-activity;sid:84504413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641312/; classtype:trojan-activity;sid:84504412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641311/; classtype:trojan-activity;sid:84504411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641310/; classtype:trojan-activity;sid:84504410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641309/; classtype:trojan-activity;sid:84504409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641308/; classtype:trojan-activity;sid:84504408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641307/; classtype:trojan-activity;sid:84504407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641305/; classtype:trojan-activity;sid:84504405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641303/; classtype:trojan-activity;sid:84504403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641304/; classtype:trojan-activity;sid:84504404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641302/; classtype:trojan-activity;sid:84504402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641301/; classtype:trojan-activity;sid:84504401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641300/; classtype:trojan-activity;sid:84504400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641299)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/excel.pt-br/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641299/; classtype:trojan-activity;sid:84504399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641298/; classtype:trojan-activity;sid:84504398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641297)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-12-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641297/; classtype:trojan-activity;sid:84504397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641296/; classtype:trojan-activity;sid:84504396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641295/; classtype:trojan-activity;sid:84504395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641294/; classtype:trojan-activity;sid:84504394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641293/; classtype:trojan-activity;sid:84504393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641292/; classtype:trojan-activity;sid:84504392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/11092020084859/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641291/; classtype:trojan-activity;sid:84504391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641290/; classtype:trojan-activity;sid:84504390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641289/; classtype:trojan-activity;sid:84504389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641288/; classtype:trojan-activity;sid:84504388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641287/; classtype:trojan-activity;sid:84504387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16102019085056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641286/; classtype:trojan-activity;sid:84504386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641285/; classtype:trojan-activity;sid:84504385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/18092020084624/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641284/; classtype:trojan-activity;sid:84504384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641283/; classtype:trojan-activity;sid:84504383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27122019091404/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641282/; classtype:trojan-activity;sid:84504382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-06/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641281/; classtype:trojan-activity;sid:84504381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21052020140329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641280/; classtype:trojan-activity;sid:84504380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641279/; classtype:trojan-activity;sid:84504379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641277)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_51/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641277/; classtype:trojan-activity;sid:84504377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18032020103100/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641278/; classtype:trojan-activity;sid:84504378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21102019085251/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641276/; classtype:trojan-activity;sid:84504376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641275/; classtype:trojan-activity;sid:84504375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641274/; classtype:trojan-activity;sid:84504374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/27012020083530/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641273/; classtype:trojan-activity;sid:84504373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020104426/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641272/; classtype:trojan-activity;sid:84504372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641271/; classtype:trojan-activity;sid:84504371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641270/; classtype:trojan-activity;sid:84504370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16122019125537/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641269/; classtype:trojan-activity;sid:84504369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02092019094948/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641268/; classtype:trojan-activity;sid:84504368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-03/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641267/; classtype:trojan-activity;sid:84504367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28012020083516/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641266/; classtype:trojan-activity;sid:84504366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641264)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_70/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641264/; classtype:trojan-activity;sid:84504364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641263)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_202/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641263/; classtype:trojan-activity;sid:84504363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05052020085418/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641260/; classtype:trojan-activity;sid:84504360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641259/; classtype:trojan-activity;sid:84504359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641258/; classtype:trojan-activity;sid:84504358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641257)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/resources/xd/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641257/; classtype:trojan-activity;sid:84504357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-20/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641255/; classtype:trojan-activity;sid:84504355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/15102020085336/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641256/; classtype:trojan-activity;sid:84504356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05032020100126/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641254/; classtype:trojan-activity;sid:84504354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641253/; classtype:trojan-activity;sid:84504353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641252/; classtype:trojan-activity;sid:84504352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641251/; classtype:trojan-activity;sid:84504351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641250/; classtype:trojan-activity;sid:84504350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641249/; classtype:trojan-activity;sid:84504349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/inutiliza%c3%a7%c3%a3o/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641248/; classtype:trojan-activity;sid:84504348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-14/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641247/; classtype:trojan-activity;sid:84504347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641245/; classtype:trojan-activity;sid:84504345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17082020135018/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641243/; classtype:trojan-activity;sid:84504343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641242/; classtype:trojan-activity;sid:84504342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641241/; classtype:trojan-activity;sid:84504341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641240/; classtype:trojan-activity;sid:84504340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641239/; classtype:trojan-activity;sid:84504339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641238)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_6/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641238/; classtype:trojan-activity;sid:84504338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641237/; classtype:trojan-activity;sid:84504337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641236/; classtype:trojan-activity;sid:84504336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641234)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_158/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641234/; classtype:trojan-activity;sid:84504334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641233/; classtype:trojan-activity;sid:84504333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641232/; classtype:trojan-activity;sid:84504332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641231/; classtype:trojan-activity;sid:84504331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16102019085534/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641230/; classtype:trojan-activity;sid:84504330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10102019084942/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641228/; classtype:trojan-activity;sid:84504328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641229/; classtype:trojan-activity;sid:84504329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641227)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641227/; classtype:trojan-activity;sid:84504327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641226)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641226/; classtype:trojan-activity;sid:84504326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/30102020083443/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641225/; classtype:trojan-activity;sid:84504325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17122019085328/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641224/; classtype:trojan-activity;sid:84504324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641223/; classtype:trojan-activity;sid:84504323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641222/; classtype:trojan-activity;sid:84504322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641221/; classtype:trojan-activity;sid:84504321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13032020094005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641220/; classtype:trojan-activity;sid:84504320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641217/; classtype:trojan-activity;sid:84504317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641218/; classtype:trojan-activity;sid:84504318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641216/; classtype:trojan-activity;sid:84504316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641215/; classtype:trojan-activity;sid:84504315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641214/; classtype:trojan-activity;sid:84504314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-05/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641212/; classtype:trojan-activity;sid:84504312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641213/; classtype:trojan-activity;sid:84504313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17092019100749/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641211/; classtype:trojan-activity;sid:84504311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641210/; classtype:trojan-activity;sid:84504310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20012020090347/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641209/; classtype:trojan-activity;sid:84504309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01062020143051/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641208/; classtype:trojan-activity;sid:84504308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641207/; classtype:trojan-activity;sid:84504307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-09-28/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641206/; classtype:trojan-activity;sid:84504306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641205/; classtype:trojan-activity;sid:84504305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641204/; classtype:trojan-activity;sid:84504304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10122019082613/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641203/; classtype:trojan-activity;sid:84504303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020074750/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641201/; classtype:trojan-activity;sid:84504301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22062020065913/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641200/; classtype:trojan-activity;sid:84504300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17122019074553/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641198/; classtype:trojan-activity;sid:84504298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641197)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641197/; classtype:trojan-activity;sid:84504297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17122019103312/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641196/; classtype:trojan-activity;sid:84504296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641194/; classtype:trojan-activity;sid:84504294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11012020064251/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641189/; classtype:trojan-activity;sid:84504289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641184/; classtype:trojan-activity;sid:84504284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641181)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_22/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641181/; classtype:trojan-activity;sid:84504281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641176)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_9/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641176/; classtype:trojan-activity;sid:84504276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641171)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_2/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641171/; classtype:trojan-activity;sid:84504271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.141.98.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641151/; classtype:trojan-activity;sid:84504251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641104)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_277/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641104/; classtype:trojan-activity;sid:84504204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23012020075108/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641103/; classtype:trojan-activity;sid:84504203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30122019110621/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641102/; classtype:trojan-activity;sid:84504202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17102019084754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641101/; classtype:trojan-activity;sid:84504201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28012020083943/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641100/; classtype:trojan-activity;sid:84504200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06032020084029/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641099/; classtype:trojan-activity;sid:84504199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28082020083739/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641098/; classtype:trojan-activity;sid:84504198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04102019085348/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641097/; classtype:trojan-activity;sid:84504197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641096/; classtype:trojan-activity;sid:84504196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641095)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_122/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641095/; classtype:trojan-activity;sid:84504195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19032020072054/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641094/; classtype:trojan-activity;sid:84504194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641093/; classtype:trojan-activity;sid:84504193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641092/; classtype:trojan-activity;sid:84504192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30092019112857/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641091/; classtype:trojan-activity;sid:84504191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28082019084303/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641090/; classtype:trojan-activity;sid:84504190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28042020090051/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641089/; classtype:trojan-activity;sid:84504189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641088/; classtype:trojan-activity;sid:84504188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23032020073531/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641087/; classtype:trojan-activity;sid:84504187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18032020074832/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641086/; classtype:trojan-activity;sid:84504186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19052020093708/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641085/; classtype:trojan-activity;sid:84504185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-11-18/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641084/; classtype:trojan-activity;sid:84504184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641083/; classtype:trojan-activity;sid:84504183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641082/; classtype:trojan-activity;sid:84504182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/09102020084808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641080/; classtype:trojan-activity;sid:84504180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641081/; classtype:trojan-activity;sid:84504181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-18/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641079/; classtype:trojan-activity;sid:84504179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07112019081511/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641078/; classtype:trojan-activity;sid:84504178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641076/; classtype:trojan-activity;sid:84504176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641077/; classtype:trojan-activity;sid:84504177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641075/; classtype:trojan-activity;sid:84504175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641074)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_232/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641074/; classtype:trojan-activity;sid:84504174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26122019084135/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641072/; classtype:trojan-activity;sid:84504172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641071/; classtype:trojan-activity;sid:84504171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641070/; classtype:trojan-activity;sid:84504170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020074750/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641069/; classtype:trojan-activity;sid:84504169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12112019085204/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641068/; classtype:trojan-activity;sid:84504168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04052020135409/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641067/; classtype:trojan-activity;sid:84504167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641065/; classtype:trojan-activity;sid:84504165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641066/; classtype:trojan-activity;sid:84504166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-21/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641064/; classtype:trojan-activity;sid:84504164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641063/; classtype:trojan-activity;sid:84504163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13012020084740/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641061/; classtype:trojan-activity;sid:84504161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641060/; classtype:trojan-activity;sid:84504160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641059/; classtype:trojan-activity;sid:84504159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641057)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_90/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641057/; classtype:trojan-activity;sid:84504157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641050)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_352/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641050/; classtype:trojan-activity;sid:84504150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03072020090848/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641046/; classtype:trojan-activity;sid:84504146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05022020083618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641045/; classtype:trojan-activity;sid:84504145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641044/; classtype:trojan-activity;sid:84504144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23062020070239/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641043/; classtype:trojan-activity;sid:84504143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09122019095448/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641042/; classtype:trojan-activity;sid:84504142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-07-27/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641041/; classtype:trojan-activity;sid:84504141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641040/; classtype:trojan-activity;sid:84504140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641039/; classtype:trojan-activity;sid:84504139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641038/; classtype:trojan-activity;sid:84504138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641037/; classtype:trojan-activity;sid:84504137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641036/; classtype:trojan-activity;sid:84504136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641035/; classtype:trojan-activity;sid:84504135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29072020113918/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641034/; classtype:trojan-activity;sid:84504134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641033/; classtype:trojan-activity;sid:84504133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641032/; classtype:trojan-activity;sid:84504132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019084356/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641031/; classtype:trojan-activity;sid:84504131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641030/; classtype:trojan-activity;sid:84504130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641029)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/access.pt-br/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641029/; classtype:trojan-activity;sid:84504129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-01-06/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641028/; classtype:trojan-activity;sid:84504128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641027/; classtype:trojan-activity;sid:84504127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641026/; classtype:trojan-activity;sid:84504126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641025/; classtype:trojan-activity;sid:84504125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641024/; classtype:trojan-activity;sid:84504124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641022/; classtype:trojan-activity;sid:84504122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641023/; classtype:trojan-activity;sid:84504123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641021/; classtype:trojan-activity;sid:84504121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641020/; classtype:trojan-activity;sid:84504120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641019/; classtype:trojan-activity;sid:84504119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641018/; classtype:trojan-activity;sid:84504118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641017/; classtype:trojan-activity;sid:84504117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020140950/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641016/; classtype:trojan-activity;sid:84504116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-17/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641015/; classtype:trojan-activity;sid:84504115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641014/; classtype:trojan-activity;sid:84504114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18022020084223/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641013/; classtype:trojan-activity;sid:84504113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13112019082710/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641012/; classtype:trojan-activity;sid:84504112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641011/; classtype:trojan-activity;sid:84504111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12122019081809/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641010/; classtype:trojan-activity;sid:84504110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641009/; classtype:trojan-activity;sid:84504109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641008/; classtype:trojan-activity;sid:84504108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641007/; classtype:trojan-activity;sid:84504107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14032020082323/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641006/; classtype:trojan-activity;sid:84504106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641005/; classtype:trojan-activity;sid:84504105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10102019084447/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641004/; classtype:trojan-activity;sid:84504104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641003/; classtype:trojan-activity;sid:84504103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019103329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641002/; classtype:trojan-activity;sid:84504102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020080803/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641001/; classtype:trojan-activity;sid:84504101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641000/; classtype:trojan-activity;sid:84504100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640999/; classtype:trojan-activity;sid:84504099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112019095135/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640998/; classtype:trojan-activity;sid:84504098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640997)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_291/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640997/; classtype:trojan-activity;sid:84504097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020083147/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640996/; classtype:trojan-activity;sid:84504096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15062020064910/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640995/; classtype:trojan-activity;sid:84504095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640994/; classtype:trojan-activity;sid:84504094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640993/; classtype:trojan-activity;sid:84504093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640992/; classtype:trojan-activity;sid:84504092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24042020083338/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640991/; classtype:trojan-activity;sid:84504091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25052020083123/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640990/; classtype:trojan-activity;sid:84504090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640989/; classtype:trojan-activity;sid:84504089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640987/; classtype:trojan-activity;sid:84504087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640988/; classtype:trojan-activity;sid:84504088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11022020084204/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640986/; classtype:trojan-activity;sid:84504086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640985/; classtype:trojan-activity;sid:84504085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640984/; classtype:trojan-activity;sid:84504084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17072020085917/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640983/; classtype:trojan-activity;sid:84504083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640982/; classtype:trojan-activity;sid:84504082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04112020083133/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640981/; classtype:trojan-activity;sid:84504081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640980/; classtype:trojan-activity;sid:84504080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20122019084834/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640979/; classtype:trojan-activity;sid:84504079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640978/; classtype:trojan-activity;sid:84504078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19012020070904/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640977/; classtype:trojan-activity;sid:84504077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640976/; classtype:trojan-activity;sid:84504076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11122019084756/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640975/; classtype:trojan-activity;sid:84504075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640974/; classtype:trojan-activity;sid:84504074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640972/; classtype:trojan-activity;sid:84504072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640973/; classtype:trojan-activity;sid:84504073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-09/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640971/; classtype:trojan-activity;sid:84504071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640970/; classtype:trojan-activity;sid:84504070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640969/; classtype:trojan-activity;sid:84504069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640968/; classtype:trojan-activity;sid:84504068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640967/; classtype:trojan-activity;sid:84504067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640966/; classtype:trojan-activity;sid:84504066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-03/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640963/; classtype:trojan-activity;sid:84504063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02092019101733/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640964/; classtype:trojan-activity;sid:84504064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640965/; classtype:trojan-activity;sid:84504065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640962/; classtype:trojan-activity;sid:84504062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18122019073940/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640961/; classtype:trojan-activity;sid:84504061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07022020094430/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640960/; classtype:trojan-activity;sid:84504060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18062020070541/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640959/; classtype:trojan-activity;sid:84504059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640958/; classtype:trojan-activity;sid:84504058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020133306/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640956/; classtype:trojan-activity;sid:84504056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/21082020084357/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640955/; classtype:trojan-activity;sid:84504055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640953/; classtype:trojan-activity;sid:84504053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640954/; classtype:trojan-activity;sid:84504054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640952/; classtype:trojan-activity;sid:84504052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26092019112650/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640951/; classtype:trojan-activity;sid:84504051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12112019085613/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640950/; classtype:trojan-activity;sid:84504050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640949/; classtype:trojan-activity;sid:84504049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640948/; classtype:trojan-activity;sid:84504048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640947/; classtype:trojan-activity;sid:84504047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640946/; classtype:trojan-activity;sid:84504046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-08-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640945/; classtype:trojan-activity;sid:84504045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640944/; classtype:trojan-activity;sid:84504044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640943/; classtype:trojan-activity;sid:84504043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640942/; classtype:trojan-activity;sid:84504042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640941)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proofing.pt-br/proof.en/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640941/; classtype:trojan-activity;sid:84504041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25032020083745/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640940/; classtype:trojan-activity;sid:84504040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640938)"; flow:established,from_client; content:"GET"; http_method; content:"/gipexrelease/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640938/; classtype:trojan-activity;sid:84504038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17022020100642/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640937/; classtype:trojan-activity;sid:84504037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/27072020084403/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640935/; classtype:trojan-activity;sid:84504035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640936/; classtype:trojan-activity;sid:84504036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640934/; classtype:trojan-activity;sid:84504034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640933/; classtype:trojan-activity;sid:84504033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640932/; classtype:trojan-activity;sid:84504032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640931/; classtype:trojan-activity;sid:84504031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640930/; classtype:trojan-activity;sid:84504030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24012020134137/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640929/; classtype:trojan-activity;sid:84504029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640928/; classtype:trojan-activity;sid:84504028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640927/; classtype:trojan-activity;sid:84504027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640926)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_21/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640926/; classtype:trojan-activity;sid:84504026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640925)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/groove.pt-br/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640925/; classtype:trojan-activity;sid:84504025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640924)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_5/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640924/; classtype:trojan-activity;sid:84504024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640923/; classtype:trojan-activity;sid:84504023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640922/; classtype:trojan-activity;sid:84504022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24012020073045/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640921/; classtype:trojan-activity;sid:84504021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01112019085456/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640920/; classtype:trojan-activity;sid:84504020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640918/; classtype:trojan-activity;sid:84504018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/04305539000100/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640919/; classtype:trojan-activity;sid:84504019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020075445/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640917/; classtype:trojan-activity;sid:84504017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640916/; classtype:trojan-activity;sid:84504016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640915/; classtype:trojan-activity;sid:84504015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640914/; classtype:trojan-activity;sid:84504014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640913/; classtype:trojan-activity;sid:84504013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640912/; classtype:trojan-activity;sid:84504012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640911)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640911/; classtype:trojan-activity;sid:84504011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/16102020084306/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640910/; classtype:trojan-activity;sid:84504010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640909/; classtype:trojan-activity;sid:84504009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640908)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640908/; classtype:trojan-activity;sid:84504008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23032020113135/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640907/; classtype:trojan-activity;sid:84504007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640906/; classtype:trojan-activity;sid:84504006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10102019130442/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640905/; classtype:trojan-activity;sid:84504005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/07082020084256/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640904/; classtype:trojan-activity;sid:84504004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-26/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640903/; classtype:trojan-activity;sid:84504003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13122019135841/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640902/; classtype:trojan-activity;sid:84504002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/24082020084635/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640901/; classtype:trojan-activity;sid:84504001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640900/; classtype:trojan-activity;sid:84504000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640899/; classtype:trojan-activity;sid:84503999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07072020085014/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640898/; classtype:trojan-activity;sid:84503998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03082020084058/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640897/; classtype:trojan-activity;sid:84503997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640896/; classtype:trojan-activity;sid:84503996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12082019113527/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640895/; classtype:trojan-activity;sid:84503995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020081034/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640894/; classtype:trojan-activity;sid:84503994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640893/; classtype:trojan-activity;sid:84503993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-27/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640892/; classtype:trojan-activity;sid:84503992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04012020075546/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640891/; classtype:trojan-activity;sid:84503991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06102020130008/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640887/; classtype:trojan-activity;sid:84503987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13122019084859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640888/; classtype:trojan-activity;sid:84503988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640889)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/appdata/settings/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640889/; classtype:trojan-activity;sid:84503989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/26112020085922/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640890/; classtype:trojan-activity;sid:84503990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640885/; classtype:trojan-activity;sid:84503985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640886/; classtype:trojan-activity;sid:84503986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640884/; classtype:trojan-activity;sid:84503984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640883/; classtype:trojan-activity;sid:84503983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09012020081123/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640882/; classtype:trojan-activity;sid:84503982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640881/; classtype:trojan-activity;sid:84503981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31102019085119/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640880/; classtype:trojan-activity;sid:84503980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640879/; classtype:trojan-activity;sid:84503979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640878/; classtype:trojan-activity;sid:84503978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640877/; classtype:trojan-activity;sid:84503977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640876/; classtype:trojan-activity;sid:84503976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-28/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640875/; classtype:trojan-activity;sid:84503975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28022020132906/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640874/; classtype:trojan-activity;sid:84503974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640873/; classtype:trojan-activity;sid:84503973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/23092020092747/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640872/; classtype:trojan-activity;sid:84503972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640871/; classtype:trojan-activity;sid:84503971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640870/; classtype:trojan-activity;sid:84503970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640869)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/appdata/settings/usr/usr_1/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640869/; classtype:trojan-activity;sid:84503969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23102020082933/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640868/; classtype:trojan-activity;sid:84503968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640867/; classtype:trojan-activity;sid:84503967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640866/; classtype:trojan-activity;sid:84503966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020085635/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640865/; classtype:trojan-activity;sid:84503965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640864/; classtype:trojan-activity;sid:84503964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640863/; classtype:trojan-activity;sid:84503963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640862/; classtype:trojan-activity;sid:84503962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640861)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/proofing.pt-br/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640861/; classtype:trojan-activity;sid:84503961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640860/; classtype:trojan-activity;sid:84503960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640859/; classtype:trojan-activity;sid:84503959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-03-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640858/; classtype:trojan-activity;sid:84503958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04082019110735/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640857/; classtype:trojan-activity;sid:84503957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17022020085751/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640856/; classtype:trojan-activity;sid:84503956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13022020101421/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640855/; classtype:trojan-activity;sid:84503955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640854/; classtype:trojan-activity;sid:84503954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640853)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_349/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640853/; classtype:trojan-activity;sid:84503953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-09-02/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640852/; classtype:trojan-activity;sid:84503952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640851/; classtype:trojan-activity;sid:84503951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640850/; classtype:trojan-activity;sid:84503950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03112020080207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640849/; classtype:trojan-activity;sid:84503949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640848/; classtype:trojan-activity;sid:84503948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20082020102716/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640847/; classtype:trojan-activity;sid:84503947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640846/; classtype:trojan-activity;sid:84503946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-15/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640845/; classtype:trojan-activity;sid:84503945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640844/; classtype:trojan-activity;sid:84503944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05122019085417/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640843/; classtype:trojan-activity;sid:84503943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640842/; classtype:trojan-activity;sid:84503942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640841/; classtype:trojan-activity;sid:84503941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/20072020090228/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640840/; classtype:trojan-activity;sid:84503940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640839/; classtype:trojan-activity;sid:84503939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640838/; classtype:trojan-activity;sid:84503938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19092019085117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640837/; classtype:trojan-activity;sid:84503937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640836/; classtype:trojan-activity;sid:84503936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640834/; classtype:trojan-activity;sid:84503934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06012020102056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640835/; classtype:trojan-activity;sid:84503935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-16/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640833/; classtype:trojan-activity;sid:84503933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640832)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_15/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640832/; classtype:trojan-activity;sid:84503932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-06-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640831/; classtype:trojan-activity;sid:84503931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25092019111750/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640830/; classtype:trojan-activity;sid:84503930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640829)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_71/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640829/; classtype:trojan-activity;sid:84503929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13112019081923/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640828/; classtype:trojan-activity;sid:84503928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640827/; classtype:trojan-activity;sid:84503927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640826/; classtype:trojan-activity;sid:84503926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17032020084717/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640825/; classtype:trojan-activity;sid:84503925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640824/; classtype:trojan-activity;sid:84503924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640823/; classtype:trojan-activity;sid:84503923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640822/; classtype:trojan-activity;sid:84503922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640821/; classtype:trojan-activity;sid:84503921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30122019103413/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640820/; classtype:trojan-activity;sid:84503920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-12-12/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640818/; classtype:trojan-activity;sid:84503918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18032020084148/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640819/; classtype:trojan-activity;sid:84503919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-08/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640817/; classtype:trojan-activity;sid:84503917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20012020082126/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640816/; classtype:trojan-activity;sid:84503916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640815/; classtype:trojan-activity;sid:84503915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640814)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_341/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640814/; classtype:trojan-activity;sid:84503914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-22/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640813/; classtype:trojan-activity;sid:84503913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640812/; classtype:trojan-activity;sid:84503912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640810/; classtype:trojan-activity;sid:84503910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640811)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_1/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640811/; classtype:trojan-activity;sid:84503911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640809)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/07102020094539/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640809/; classtype:trojan-activity;sid:84503909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640808/; classtype:trojan-activity;sid:84503908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640807/; classtype:trojan-activity;sid:84503907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640806/; classtype:trojan-activity;sid:84503906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16032020084334/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640805/; classtype:trojan-activity;sid:84503905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09102019082036/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640804/; classtype:trojan-activity;sid:84503904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01112019085008/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640803/; classtype:trojan-activity;sid:84503903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640802/; classtype:trojan-activity;sid:84503902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640801)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_68/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640801/; classtype:trojan-activity;sid:84503901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640800)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640800/; classtype:trojan-activity;sid:84503900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640799)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_38/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640799/; classtype:trojan-activity;sid:84503899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640798/; classtype:trojan-activity;sid:84503898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640797/; classtype:trojan-activity;sid:84503897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-06-08/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640796/; classtype:trojan-activity;sid:84503896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020102806/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640794/; classtype:trojan-activity;sid:84503894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640795)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640795/; classtype:trojan-activity;sid:84503895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640793)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-02-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640793/; classtype:trojan-activity;sid:84503893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07042020090207/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640792/; classtype:trojan-activity;sid:84503892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/06102020082321/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640791/; classtype:trojan-activity;sid:84503891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640790/; classtype:trojan-activity;sid:84503890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-12-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640789/; classtype:trojan-activity;sid:84503889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/12032020085353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640788/; classtype:trojan-activity;sid:84503888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640787/; classtype:trojan-activity;sid:84503887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640786/; classtype:trojan-activity;sid:84503886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640785/; classtype:trojan-activity;sid:84503885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640783/; classtype:trojan-activity;sid:84503883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640784/; classtype:trojan-activity;sid:84503884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640782/; classtype:trojan-activity;sid:84503882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-10-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640781/; classtype:trojan-activity;sid:84503881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640780/; classtype:trojan-activity;sid:84503880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/02102020083443/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640779/; classtype:trojan-activity;sid:84503879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020083044/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640777/; classtype:trojan-activity;sid:84503877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640778/; classtype:trojan-activity;sid:84503878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640774/; classtype:trojan-activity;sid:84503874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640775/; classtype:trojan-activity;sid:84503875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640776)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_112/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640776/; classtype:trojan-activity;sid:84503876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13122019115656/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640773/; classtype:trojan-activity;sid:84503873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640772/; classtype:trojan-activity;sid:84503872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15082019085855/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640771/; classtype:trojan-activity;sid:84503871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16102019112159/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640770/; classtype:trojan-activity;sid:84503870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640769/; classtype:trojan-activity;sid:84503869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640768/; classtype:trojan-activity;sid:84503868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640767/; classtype:trojan-activity;sid:84503867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640766/; classtype:trojan-activity;sid:84503866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-25/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640765/; classtype:trojan-activity;sid:84503865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640764/; classtype:trojan-activity;sid:84503864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640763/; classtype:trojan-activity;sid:84503863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640761/; classtype:trojan-activity;sid:84503861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/13102020085631/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640762/; classtype:trojan-activity;sid:84503862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07012020084041/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640760/; classtype:trojan-activity;sid:84503860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20012020080646/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640759/; classtype:trojan-activity;sid:84503859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640758/; classtype:trojan-activity;sid:84503858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-12-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640757/; classtype:trojan-activity;sid:84503857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640756/; classtype:trojan-activity;sid:84503856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24012020092005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640755/; classtype:trojan-activity;sid:84503855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640754)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_41/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640754/; classtype:trojan-activity;sid:84503854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640751/; classtype:trojan-activity;sid:84503851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640752/; classtype:trojan-activity;sid:84503852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29092019093353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640753/; classtype:trojan-activity;sid:84503853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640750/; classtype:trojan-activity;sid:84503850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/11112020084104/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640749/; classtype:trojan-activity;sid:84503849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640748/; classtype:trojan-activity;sid:84503848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640747)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/catalog/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640747/; classtype:trojan-activity;sid:84503847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-04-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640746/; classtype:trojan-activity;sid:84503846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640745/; classtype:trojan-activity;sid:84503845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640743/; classtype:trojan-activity;sid:84503843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640744/; classtype:trojan-activity;sid:84503844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08052020090605/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640742/; classtype:trojan-activity;sid:84503842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640739)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_348/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640739/; classtype:trojan-activity;sid:84503839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640740/; classtype:trojan-activity;sid:84503840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640741/; classtype:trojan-activity;sid:84503841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17092019111156/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640738/; classtype:trojan-activity;sid:84503838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16092019113647/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640737/; classtype:trojan-activity;sid:84503837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/21092020083905/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640736/; classtype:trojan-activity;sid:84503836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04032020084326/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640734/; classtype:trojan-activity;sid:84503834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640735/; classtype:trojan-activity;sid:84503835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640732/; classtype:trojan-activity;sid:84503832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-06-01/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640733/; classtype:trojan-activity;sid:84503833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/18112020084730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640730/; classtype:trojan-activity;sid:84503830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-09-14/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640729/; classtype:trojan-activity;sid:84503829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640728/; classtype:trojan-activity;sid:84503828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640727/; classtype:trojan-activity;sid:84503827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640726/; classtype:trojan-activity;sid:84503826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640725/; classtype:trojan-activity;sid:84503825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12012020104033/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640724/; classtype:trojan-activity;sid:84503824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640723/; classtype:trojan-activity;sid:84503823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640722/; classtype:trojan-activity;sid:84503822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640720/; classtype:trojan-activity;sid:84503820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-11-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640721/; classtype:trojan-activity;sid:84503821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640719/; classtype:trojan-activity;sid:84503819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020134937/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640718/; classtype:trojan-activity;sid:84503818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31102019073038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640717/; classtype:trojan-activity;sid:84503817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-09-30/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640716/; classtype:trojan-activity;sid:84503816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-08-10/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640715/; classtype:trojan-activity;sid:84503815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-27/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640714/; classtype:trojan-activity;sid:84503814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640713/; classtype:trojan-activity;sid:84503813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640712)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_31/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640712/; classtype:trojan-activity;sid:84503812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640710/; classtype:trojan-activity;sid:84503810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21082019110853/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640711/; classtype:trojan-activity;sid:84503811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640689/; classtype:trojan-activity;sid:84503789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640690/; classtype:trojan-activity;sid:84503790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640691/; classtype:trojan-activity;sid:84503791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24102019085345/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640692/; classtype:trojan-activity;sid:84503792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04022020094504/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640693/; classtype:trojan-activity;sid:84503793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640694/; classtype:trojan-activity;sid:84503794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-12/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640695/; classtype:trojan-activity;sid:84503795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640696/; classtype:trojan-activity;sid:84503796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16012020081311/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640697/; classtype:trojan-activity;sid:84503797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640698/; classtype:trojan-activity;sid:84503798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640699/; classtype:trojan-activity;sid:84503799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-12-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640700/; classtype:trojan-activity;sid:84503800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640701/; classtype:trojan-activity;sid:84503801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640702/; classtype:trojan-activity;sid:84503802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21052020085354/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640703/; classtype:trojan-activity;sid:84503803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20122019085325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640704/; classtype:trojan-activity;sid:84503804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-09/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640705/; classtype:trojan-activity;sid:84503805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04122019075856/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640706/; classtype:trojan-activity;sid:84503806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640707/; classtype:trojan-activity;sid:84503807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640708/; classtype:trojan-activity;sid:84503808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21102019090225/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640709/; classtype:trojan-activity;sid:84503809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640688/; classtype:trojan-activity;sid:84503788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640687/; classtype:trojan-activity;sid:84503787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640686/; classtype:trojan-activity;sid:84503786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640685/; classtype:trojan-activity;sid:84503785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640684/; classtype:trojan-activity;sid:84503784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640683/; classtype:trojan-activity;sid:84503783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640682/; classtype:trojan-activity;sid:84503782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-07/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640681/; classtype:trojan-activity;sid:84503781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640680/; classtype:trojan-activity;sid:84503780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640677)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_100/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640677/; classtype:trojan-activity;sid:84503777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17012020083211/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640678/; classtype:trojan-activity;sid:84503778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640679/; classtype:trojan-activity;sid:84503779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09122019084625/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640676/; classtype:trojan-activity;sid:84503776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640675/; classtype:trojan-activity;sid:84503775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640674/; classtype:trojan-activity;sid:84503774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640673)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/appdata/settings/usr/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640673/; classtype:trojan-activity;sid:84503773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640672/; classtype:trojan-activity;sid:84503772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640671/; classtype:trojan-activity;sid:84503771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640670/; classtype:trojan-activity;sid:84503770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640668/; classtype:trojan-activity;sid:84503768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640669/; classtype:trojan-activity;sid:84503769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640667/; classtype:trojan-activity;sid:84503767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640666/; classtype:trojan-activity;sid:84503766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640665/; classtype:trojan-activity;sid:84503765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-21/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640664/; classtype:trojan-activity;sid:84503764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31122019083252/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640663/; classtype:trojan-activity;sid:84503763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22012020141348/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640662/; classtype:trojan-activity;sid:84503762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-23/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640661/; classtype:trojan-activity;sid:84503761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640660/; classtype:trojan-activity;sid:84503760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640659/; classtype:trojan-activity;sid:84503759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18032020075106/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640658/; classtype:trojan-activity;sid:84503758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640657)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/download/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640657/; classtype:trojan-activity;sid:84503757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-31/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640656/; classtype:trojan-activity;sid:84503756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640655)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_139/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640655/; classtype:trojan-activity;sid:84503755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640654/; classtype:trojan-activity;sid:84503754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640651/; classtype:trojan-activity;sid:84503751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03122019084638/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640652/; classtype:trojan-activity;sid:84503752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640653/; classtype:trojan-activity;sid:84503753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640650/; classtype:trojan-activity;sid:84503750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640649/; classtype:trojan-activity;sid:84503749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640648/; classtype:trojan-activity;sid:84503748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640647/; classtype:trojan-activity;sid:84503747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640645/; classtype:trojan-activity;sid:84503745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640646/; classtype:trojan-activity;sid:84503746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640644/; classtype:trojan-activity;sid:84503744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640642)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/resources/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640642/; classtype:trojan-activity;sid:84503742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640643/; classtype:trojan-activity;sid:84503743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-11-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640641/; classtype:trojan-activity;sid:84503741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21012020110856/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640638/; classtype:trojan-activity;sid:84503738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640639/; classtype:trojan-activity;sid:84503739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640640/; classtype:trojan-activity;sid:84503740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640637/; classtype:trojan-activity;sid:84503737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-12/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640636/; classtype:trojan-activity;sid:84503736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640635/; classtype:trojan-activity;sid:84503735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-19/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640634/; classtype:trojan-activity;sid:84503734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17112019112055/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640633/; classtype:trojan-activity;sid:84503733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640631/; classtype:trojan-activity;sid:84503731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-11-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640630/; classtype:trojan-activity;sid:84503730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640629/; classtype:trojan-activity;sid:84503729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10022020071733/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640627/; classtype:trojan-activity;sid:84503727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640628/; classtype:trojan-activity;sid:84503728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-05-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640625/; classtype:trojan-activity;sid:84503725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-23/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640626/; classtype:trojan-activity;sid:84503726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30012020103259/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640624/; classtype:trojan-activity;sid:84503724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30122019111133/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640623/; classtype:trojan-activity;sid:84503723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29112019085537/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640622/; classtype:trojan-activity;sid:84503722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-02-13/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640621/; classtype:trojan-activity;sid:84503721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-29/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640620/; classtype:trojan-activity;sid:84503720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14102019142359/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640619/; classtype:trojan-activity;sid:84503719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31012020084850/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640618/; classtype:trojan-activity;sid:84503718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-10-07/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640616/; classtype:trojan-activity;sid:84503716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640617/; classtype:trojan-activity;sid:84503717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640615/; classtype:trojan-activity;sid:84503715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640614)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_384/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640614/; classtype:trojan-activity;sid:84503714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2019-08-22/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640613/; classtype:trojan-activity;sid:84503713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-03-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640612/; classtype:trojan-activity;sid:84503712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020100618/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640611/; classtype:trojan-activity;sid:84503711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640609/; classtype:trojan-activity;sid:84503709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640610/; classtype:trojan-activity;sid:84503710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/19102020081728/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640606/; classtype:trojan-activity;sid:84503706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06112019074030/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640607/; classtype:trojan-activity;sid:84503707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640604/; classtype:trojan-activity;sid:84503704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640603/; classtype:trojan-activity;sid:84503703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640602/; classtype:trojan-activity;sid:84503702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-09-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640601/; classtype:trojan-activity;sid:84503701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08112019073519/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640600/; classtype:trojan-activity;sid:84503700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29112019084741/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640599/; classtype:trojan-activity;sid:84503699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19022020083644/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640597/; classtype:trojan-activity;sid:84503697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640598/; classtype:trojan-activity;sid:84503698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-09-21/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640595/; classtype:trojan-activity;sid:84503695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19122019080549/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640596/; classtype:trojan-activity;sid:84503696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020135427/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640594/; classtype:trojan-activity;sid:84503694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640593/; classtype:trojan-activity;sid:84503693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/21102020082752/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640592/; classtype:trojan-activity;sid:84503692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640591/; classtype:trojan-activity;sid:84503691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640589/; classtype:trojan-activity;sid:84503689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640590/; classtype:trojan-activity;sid:84503690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18112019113321/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640588/; classtype:trojan-activity;sid:84503688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640587)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-01-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640587/; classtype:trojan-activity;sid:84503687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30102019081202/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640585/; classtype:trojan-activity;sid:84503685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20112019085835/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640586/; classtype:trojan-activity;sid:84503686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640584/; classtype:trojan-activity;sid:84503684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-11-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640583/; classtype:trojan-activity;sid:84503683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-18/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640582/; classtype:trojan-activity;sid:84503682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14102019094817/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640579/; classtype:trojan-activity;sid:84503679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-10-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640580/; classtype:trojan-activity;sid:84503680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640581/; classtype:trojan-activity;sid:84503681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27012020083914/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640578/; classtype:trojan-activity;sid:84503678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640577/; classtype:trojan-activity;sid:84503677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640576/; classtype:trojan-activity;sid:84503676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640575/; classtype:trojan-activity;sid:84503675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30012020074905/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640573/; classtype:trojan-activity;sid:84503673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-08-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640574/; classtype:trojan-activity;sid:84503674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28022020081928/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640571/; classtype:trojan-activity;sid:84503671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/rj/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640572/; classtype:trojan-activity;sid:84503672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640570)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_366/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640570/; classtype:trojan-activity;sid:84503670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640568/; classtype:trojan-activity;sid:84503668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640569/; classtype:trojan-activity;sid:84503669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640567/; classtype:trojan-activity;sid:84503667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020073719/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640566/; classtype:trojan-activity;sid:84503666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-08-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640565/; classtype:trojan-activity;sid:84503665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640564/; classtype:trojan-activity;sid:84503664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640563/; classtype:trojan-activity;sid:84503663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/07102020083600/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640562/; classtype:trojan-activity;sid:84503662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11032020083845/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640561/; classtype:trojan-activity;sid:84503661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640560/; classtype:trojan-activity;sid:84503660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020111203/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640558/; classtype:trojan-activity;sid:84503658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640559/; classtype:trojan-activity;sid:84503659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/04112020082542/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640557/; classtype:trojan-activity;sid:84503657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/11082020091100/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640556/; classtype:trojan-activity;sid:84503656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640555)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_13/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640555/; classtype:trojan-activity;sid:84503655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640554)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/microsoft%20office%202010%20professional%20plus%20x86/infopath.pt-br/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640554/; classtype:trojan-activity;sid:84503654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640553/; classtype:trojan-activity;sid:84503653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28022020133711/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640552/; classtype:trojan-activity;sid:84503652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640549/; classtype:trojan-activity;sid:84503649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-02/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640550/; classtype:trojan-activity;sid:84503650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20012020084812/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640548/; classtype:trojan-activity;sid:84503648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-10-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640547/; classtype:trojan-activity;sid:84503647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640543)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30012020083334/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640543/; classtype:trojan-activity;sid:84503643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26032020073728/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640544/; classtype:trojan-activity;sid:84503644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640545/; classtype:trojan-activity;sid:84503645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640546/; classtype:trojan-activity;sid:84503646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-12-26/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640539/; classtype:trojan-activity;sid:84503639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640540)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07012020084802/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640540/; classtype:trojan-activity;sid:84503640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14112019082811/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640541/; classtype:trojan-activity;sid:84503641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-04-06/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640542/; classtype:trojan-activity;sid:84503642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640538)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2019-09-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640538/; classtype:trojan-activity;sid:84503638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640537/; classtype:trojan-activity;sid:84503637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06122019085350/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640536/; classtype:trojan-activity;sid:84503636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06112019111957/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640535/; classtype:trojan-activity;sid:84503635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640534/; classtype:trojan-activity;sid:84503634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640533/; classtype:trojan-activity;sid:84503633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03122019085229/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640532/; classtype:trojan-activity;sid:84503632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27012020084316/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640531/; classtype:trojan-activity;sid:84503631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/19102020080708/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640530/; classtype:trojan-activity;sid:84503630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020103250/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640529/; classtype:trojan-activity;sid:84503629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-11-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640528/; classtype:trojan-activity;sid:84503628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-04/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640527/; classtype:trojan-activity;sid:84503627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020074145/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640526/; classtype:trojan-activity;sid:84503626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640523/; classtype:trojan-activity;sid:84503623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640524/; classtype:trojan-activity;sid:84503624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-03-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640525/; classtype:trojan-activity;sid:84503625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16022020092624/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640522/; classtype:trojan-activity;sid:84503622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-11-03/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640521/; classtype:trojan-activity;sid:84503621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/09112020083759/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640520/; classtype:trojan-activity;sid:84503620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-07-16/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640519/; classtype:trojan-activity;sid:84503619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-02-17/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640518/; classtype:trojan-activity;sid:84503618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-09-24/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640517/; classtype:trojan-activity;sid:84503617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640514/; classtype:trojan-activity;sid:84503614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640513/; classtype:trojan-activity;sid:84503613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13012020102318/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640512/; classtype:trojan-activity;sid:84503612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640511/; classtype:trojan-activity;sid:84503611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07012020081209/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640510/; classtype:trojan-activity;sid:84503610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26012020082038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640509/; classtype:trojan-activity;sid:84503609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/recep%c3%a7%c3%a3o/2020-03-30/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640508/; classtype:trojan-activity;sid:84503608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640507/; classtype:trojan-activity;sid:84503607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640506/; classtype:trojan-activity;sid:84503606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06082019124552/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640505/; classtype:trojan-activity;sid:84503605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10062020065859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640503/; classtype:trojan-activity;sid:84503603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640502/; classtype:trojan-activity;sid:84503602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640501)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30012020112213/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640501/; classtype:trojan-activity;sid:84503601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29102019085350/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640500/; classtype:trojan-activity;sid:84503600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-06-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640499/; classtype:trojan-activity;sid:84503599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-06-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640498/; classtype:trojan-activity;sid:84503598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06012020085209/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640497/; classtype:trojan-activity;sid:84503597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640496/; classtype:trojan-activity;sid:84503596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-03-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640495/; classtype:trojan-activity;sid:84503595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/08102020083853/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640494/; classtype:trojan-activity;sid:84503594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/mg/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640493/; classtype:trojan-activity;sid:84503593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640492/; classtype:trojan-activity;sid:84503592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640491/; classtype:trojan-activity;sid:84503591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01112019135307/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640490/; classtype:trojan-activity;sid:84503590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06092019084346/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640489/; classtype:trojan-activity;sid:84503589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640488)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/usr/usr_320/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640488/; classtype:trojan-activity;sid:84503588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-09-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640486/; classtype:trojan-activity;sid:84503586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10092020082957/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640487/; classtype:trojan-activity;sid:84503587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640485/; classtype:trojan-activity;sid:84503585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640484/; classtype:trojan-activity;sid:84503584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640483)"; flow:established,from_client; content:"GET"; http_method; content:"/gipex_201806161031/themes/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640483/; classtype:trojan-activity;sid:84503583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640482/; classtype:trojan-activity;sid:84503582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640481/; classtype:trojan-activity;sid:84503581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640480/; classtype:trojan-activity;sid:84503580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640479/; classtype:trojan-activity;sid:84503579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-08-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640478/; classtype:trojan-activity;sid:84503578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640477)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08102019084644/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640477/; classtype:trojan-activity;sid:84503577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08102019112741/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640476/; classtype:trojan-activity;sid:84503576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640474/; classtype:trojan-activity;sid:84503574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640475)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640475/; classtype:trojan-activity;sid:84503575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640472/; classtype:trojan-activity;sid:84503572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19112020085201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640473/; classtype:trojan-activity;sid:84503573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01112019111107/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640471/; classtype:trojan-activity;sid:84503571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640470/; classtype:trojan-activity;sid:84503570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-02-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640466/; classtype:trojan-activity;sid:84503566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22022020090140/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640467/; classtype:trojan-activity;sid:84503567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22022020073838/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640468/; classtype:trojan-activity;sid:84503568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640469/; classtype:trojan-activity;sid:84503569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640464/; classtype:trojan-activity;sid:84503564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640465/; classtype:trojan-activity;sid:84503565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22102019090506/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640460/; classtype:trojan-activity;sid:84503560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640461/; classtype:trojan-activity;sid:84503561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06012020071435/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640462/; classtype:trojan-activity;sid:84503562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640463/; classtype:trojan-activity;sid:84503563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08102019090524/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640457/; classtype:trojan-activity;sid:84503557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640458/; classtype:trojan-activity;sid:84503558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640459/; classtype:trojan-activity;sid:84503559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02102020083438/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640456/; classtype:trojan-activity;sid:84503556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16092020083653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640454/; classtype:trojan-activity;sid:84503554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640455/; classtype:trojan-activity;sid:84503555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08092020084719/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640453/; classtype:trojan-activity;sid:84503553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/27072020085706/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640452/; classtype:trojan-activity;sid:84503552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14072020091038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640451/; classtype:trojan-activity;sid:84503551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640450/; classtype:trojan-activity;sid:84503550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08122019111842/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640449/; classtype:trojan-activity;sid:84503549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020091656/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640447/; classtype:trojan-activity;sid:84503547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13012020075758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640448/; classtype:trojan-activity;sid:84503548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640446/; classtype:trojan-activity;sid:84503546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640443/; classtype:trojan-activity;sid:84503543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640444/; classtype:trojan-activity;sid:84503544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11032020120109/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640445/; classtype:trojan-activity;sid:84503545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/25092020085038/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640442/; classtype:trojan-activity;sid:84503542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15072020092311/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640441/; classtype:trojan-activity;sid:84503541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020103108/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640437/; classtype:trojan-activity;sid:84503537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13102019111251/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640438/; classtype:trojan-activity;sid:84503538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16032020100530/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640439/; classtype:trojan-activity;sid:84503539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21022020070041/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640440/; classtype:trojan-activity;sid:84503540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/03-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640436/; classtype:trojan-activity;sid:84503536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640435/; classtype:trojan-activity;sid:84503535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020124342/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640429/; classtype:trojan-activity;sid:84503529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020103733/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640430/; classtype:trojan-activity;sid:84503530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05032020111347/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640431/; classtype:trojan-activity;sid:84503531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-11-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640432/; classtype:trojan-activity;sid:84503532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640433/; classtype:trojan-activity;sid:84503533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/01-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640434/; classtype:trojan-activity;sid:84503534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02072020084743/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640428/; classtype:trojan-activity;sid:84503528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640427/; classtype:trojan-activity;sid:84503527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640426/; classtype:trojan-activity;sid:84503526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640425/; classtype:trojan-activity;sid:84503525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640423/; classtype:trojan-activity;sid:84503523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640424/; classtype:trojan-activity;sid:84503524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640420/; classtype:trojan-activity;sid:84503520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640421/; classtype:trojan-activity;sid:84503521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020125811/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640422/; classtype:trojan-activity;sid:84503522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/12082020092146/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640418/; classtype:trojan-activity;sid:84503518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18092020083038/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640419/; classtype:trojan-activity;sid:84503519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16092020083634/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640417/; classtype:trojan-activity;sid:84503517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640415/; classtype:trojan-activity;sid:84503515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640416/; classtype:trojan-activity;sid:84503516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020130444/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640414/; classtype:trojan-activity;sid:84503514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23022020101449/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640413/; classtype:trojan-activity;sid:84503513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18022020084251/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640412/; classtype:trojan-activity;sid:84503512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640410)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640410/; classtype:trojan-activity;sid:84503510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13082020083027/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640411/; classtype:trojan-activity;sid:84503511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640409)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640409/; classtype:trojan-activity;sid:84503509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640405)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640405/; classtype:trojan-activity;sid:84503505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-09-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640406/; classtype:trojan-activity;sid:84503506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03082020091411/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640407/; classtype:trojan-activity;sid:84503507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26062020084710/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640408/; classtype:trojan-activity;sid:84503508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640403/; classtype:trojan-activity;sid:84503503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640404/; classtype:trojan-activity;sid:84503504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06082019093725/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640402/; classtype:trojan-activity;sid:84503502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08102020100004/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640399/; classtype:trojan-activity;sid:84503499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29112019110822/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640400/; classtype:trojan-activity;sid:84503500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640401/; classtype:trojan-activity;sid:84503501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15072020085743/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640398/; classtype:trojan-activity;sid:84503498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640397/; classtype:trojan-activity;sid:84503497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640394/; classtype:trojan-activity;sid:84503494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01092019100303/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640395/; classtype:trojan-activity;sid:84503495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03012020110844/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640396/; classtype:trojan-activity;sid:84503496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640392/; classtype:trojan-activity;sid:84503492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640393/; classtype:trojan-activity;sid:84503493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20082019110313/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640391/; classtype:trojan-activity;sid:84503491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640389/; classtype:trojan-activity;sid:84503489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27082020084130/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640390/; classtype:trojan-activity;sid:84503490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640388/; classtype:trojan-activity;sid:84503488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640380/; classtype:trojan-activity;sid:84503480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640381/; classtype:trojan-activity;sid:84503481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640382/; classtype:trojan-activity;sid:84503482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019114118/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640383/; classtype:trojan-activity;sid:84503483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019103658/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640384/; classtype:trojan-activity;sid:84503484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640385/; classtype:trojan-activity;sid:84503485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640386/; classtype:trojan-activity;sid:84503486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640387/; classtype:trojan-activity;sid:84503487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24112020081606/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640379/; classtype:trojan-activity;sid:84503479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640378/; classtype:trojan-activity;sid:84503478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16102020084300/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640377/; classtype:trojan-activity;sid:84503477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12092019110151/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640375/; classtype:trojan-activity;sid:84503475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640376/; classtype:trojan-activity;sid:84503476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26062020092258/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640372/; classtype:trojan-activity;sid:84503472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640373/; classtype:trojan-activity;sid:84503473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640374/; classtype:trojan-activity;sid:84503474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/26082020084159/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640371/; classtype:trojan-activity;sid:84503471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13102020085628/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640370/; classtype:trojan-activity;sid:84503470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640369/; classtype:trojan-activity;sid:84503469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640367/; classtype:trojan-activity;sid:84503467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640368/; classtype:trojan-activity;sid:84503468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640366/; classtype:trojan-activity;sid:84503466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08032020111641/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640364/; classtype:trojan-activity;sid:84503464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640365/; classtype:trojan-activity;sid:84503465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640363/; classtype:trojan-activity;sid:84503463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640361)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640361/; classtype:trojan-activity;sid:84503461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-06-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640360/; classtype:trojan-activity;sid:84503460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04092020084333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640359/; classtype:trojan-activity;sid:84503459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640358/; classtype:trojan-activity;sid:84503458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09092019111855/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640357/; classtype:trojan-activity;sid:84503457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18092019111304/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640356/; classtype:trojan-activity;sid:84503456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640355/; classtype:trojan-activity;sid:84503455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14012020070225/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640353/; classtype:trojan-activity;sid:84503453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640354/; classtype:trojan-activity;sid:84503454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31122019074448/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640351/; classtype:trojan-activity;sid:84503451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02102019084911/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640352/; classtype:trojan-activity;sid:84503452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020120325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640348/; classtype:trojan-activity;sid:84503448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20082020082044/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640349/; classtype:trojan-activity;sid:84503449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640350)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640350/; classtype:trojan-activity;sid:84503450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-07-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640347/; classtype:trojan-activity;sid:84503447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640343/; classtype:trojan-activity;sid:84503443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020103458/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640344/; classtype:trojan-activity;sid:84503444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14012020072211/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640345/; classtype:trojan-activity;sid:84503445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640346/; classtype:trojan-activity;sid:84503446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640342/; classtype:trojan-activity;sid:84503442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2020-07-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640340/; classtype:trojan-activity;sid:84503440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30062020142635/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640341/; classtype:trojan-activity;sid:84503441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640339)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0011/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640339/; classtype:trojan-activity;sid:84503439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640338/; classtype:trojan-activity;sid:84503438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-09-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640335/; classtype:trojan-activity;sid:84503435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640336/; classtype:trojan-activity;sid:84503436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640337/; classtype:trojan-activity;sid:84503437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640334)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04122019111019/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640334/; classtype:trojan-activity;sid:84503434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020084358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640333/; classtype:trojan-activity;sid:84503433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020102745/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640327/; classtype:trojan-activity;sid:84503427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640328)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640328/; classtype:trojan-activity;sid:84503428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03082020091151/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640329/; classtype:trojan-activity;sid:84503429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12012020111432/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640330/; classtype:trojan-activity;sid:84503430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640331/; classtype:trojan-activity;sid:84503431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020132655/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640332/; classtype:trojan-activity;sid:84503432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07012020091755/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640326/; classtype:trojan-activity;sid:84503426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/07022020083958/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640325/; classtype:trojan-activity;sid:84503425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640322)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-09-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640322/; classtype:trojan-activity;sid:84503422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17092020084342/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640323/; classtype:trojan-activity;sid:84503423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640324)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22012020111310/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640324/; classtype:trojan-activity;sid:84503424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640320)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24112020081150/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640320/; classtype:trojan-activity;sid:84503420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020102724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640321/; classtype:trojan-activity;sid:84503421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-04-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640316/; classtype:trojan-activity;sid:84503416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640317/; classtype:trojan-activity;sid:84503417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22082019111715/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640318/; classtype:trojan-activity;sid:84503418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640319/; classtype:trojan-activity;sid:84503419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640315)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17112019111453/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640315/; classtype:trojan-activity;sid:84503415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640309/; classtype:trojan-activity;sid:84503409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640310/; classtype:trojan-activity;sid:84503410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12022020111505/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640311/; classtype:trojan-activity;sid:84503411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29062020085243/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640312/; classtype:trojan-activity;sid:84503412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12112019112424/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640313/; classtype:trojan-activity;sid:84503413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640314/; classtype:trojan-activity;sid:84503414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20032020080920/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640305/; classtype:trojan-activity;sid:84503405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06102019101754/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640306/; classtype:trojan-activity;sid:84503406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640307/; classtype:trojan-activity;sid:84503407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640308/; classtype:trojan-activity;sid:84503408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640303/; classtype:trojan-activity;sid:84503403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/28102020084220/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640304/; classtype:trojan-activity;sid:84503404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23102019104915/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640301/; classtype:trojan-activity;sid:84503401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/27102020083249/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640302/; classtype:trojan-activity;sid:84503402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26122019090653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640299/; classtype:trojan-activity;sid:84503399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06092019073333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640300/; classtype:trojan-activity;sid:84503400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640298/; classtype:trojan-activity;sid:84503398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640293/; classtype:trojan-activity;sid:84503393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23082019103826/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640294/; classtype:trojan-activity;sid:84503394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06112020090234/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640295/; classtype:trojan-activity;sid:84503395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640296/; classtype:trojan-activity;sid:84503396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640297)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640297/; classtype:trojan-activity;sid:84503397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640291/; classtype:trojan-activity;sid:84503391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-10-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640292/; classtype:trojan-activity;sid:84503392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640289/; classtype:trojan-activity;sid:84503389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11032020111138/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640290/; classtype:trojan-activity;sid:84503390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25012020103550/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640288/; classtype:trojan-activity;sid:84503388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20012020073720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640286/; classtype:trojan-activity;sid:84503386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640287/; classtype:trojan-activity;sid:84503387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640285/; classtype:trojan-activity;sid:84503385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640282/; classtype:trojan-activity;sid:84503382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640283/; classtype:trojan-activity;sid:84503383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05102019081014/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640284/; classtype:trojan-activity;sid:84503384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020083434/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640279/; classtype:trojan-activity;sid:84503379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640280/; classtype:trojan-activity;sid:84503380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05082020084122/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640281/; classtype:trojan-activity;sid:84503381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/01072020083316/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640278/; classtype:trojan-activity;sid:84503378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640275/; classtype:trojan-activity;sid:84503375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16062020082017/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640276/; classtype:trojan-activity;sid:84503376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640277/; classtype:trojan-activity;sid:84503377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640271/; classtype:trojan-activity;sid:84503371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640272/; classtype:trojan-activity;sid:84503372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640273/; classtype:trojan-activity;sid:84503373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26022020144542/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640268/; classtype:trojan-activity;sid:84503368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31012020141401/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640269/; classtype:trojan-activity;sid:84503369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09022020103704/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640270/; classtype:trojan-activity;sid:84503370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17082020084110/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640267/; classtype:trojan-activity;sid:84503367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640264/; classtype:trojan-activity;sid:84503364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640265/; classtype:trojan-activity;sid:84503365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02032020110905/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640266/; classtype:trojan-activity;sid:84503366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640263/; classtype:trojan-activity;sid:84503363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640262/; classtype:trojan-activity;sid:84503362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640260/; classtype:trojan-activity;sid:84503360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17092020090851/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640261/; classtype:trojan-activity;sid:84503361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640259/; classtype:trojan-activity;sid:84503359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640256/; classtype:trojan-activity;sid:84503356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/18082020081833/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640257/; classtype:trojan-activity;sid:84503357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640258/; classtype:trojan-activity;sid:84503358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/26102020075119/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640253/; classtype:trojan-activity;sid:84503353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05112019110750/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640254/; classtype:trojan-activity;sid:84503354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020073308/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640255/; classtype:trojan-activity;sid:84503355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640252/; classtype:trojan-activity;sid:84503352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-11-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640251/; classtype:trojan-activity;sid:84503351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16022020093353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640250/; classtype:trojan-activity;sid:84503350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640246/; classtype:trojan-activity;sid:84503346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640247/; classtype:trojan-activity;sid:84503347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26012020082229/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640248/; classtype:trojan-activity;sid:84503348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640249/; classtype:trojan-activity;sid:84503349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05082019111601/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640244/; classtype:trojan-activity;sid:84503344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01092019095658/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640245/; classtype:trojan-activity;sid:84503345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640238/; classtype:trojan-activity;sid:84503338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640239/; classtype:trojan-activity;sid:84503339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07102020082820/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640240/; classtype:trojan-activity;sid:84503340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640241/; classtype:trojan-activity;sid:84503341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640242/; classtype:trojan-activity;sid:84503342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640243/; classtype:trojan-activity;sid:84503343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640237/; classtype:trojan-activity;sid:84503337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07082020085003/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640236/; classtype:trojan-activity;sid:84503336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15102019111749/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640235/; classtype:trojan-activity;sid:84503335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640230/; classtype:trojan-activity;sid:84503330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640231/; classtype:trojan-activity;sid:84503331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640232/; classtype:trojan-activity;sid:84503332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20122019111426/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640233/; classtype:trojan-activity;sid:84503333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20092019112129/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640234/; classtype:trojan-activity;sid:84503334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/29092020084347/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640229/; classtype:trojan-activity;sid:84503329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640225/; classtype:trojan-activity;sid:84503325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640226)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22122019102757/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640226/; classtype:trojan-activity;sid:84503326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640227)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640227/; classtype:trojan-activity;sid:84503327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06122019110806/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640228/; classtype:trojan-activity;sid:84503328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640224/; classtype:trojan-activity;sid:84503324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25082020144831/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640218/; classtype:trojan-activity;sid:84503318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09072020085136/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640219/; classtype:trojan-activity;sid:84503319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/29072020093546/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640220/; classtype:trojan-activity;sid:84503320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640221/; classtype:trojan-activity;sid:84503321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/31102019111212/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640222/; classtype:trojan-activity;sid:84503322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28042020092036/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640223/; classtype:trojan-activity;sid:84503323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640212/; classtype:trojan-activity;sid:84503312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640213/; classtype:trojan-activity;sid:84503313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21082020084614/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640214/; classtype:trojan-activity;sid:84503314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640215/; classtype:trojan-activity;sid:84503315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25082019113128/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640216/; classtype:trojan-activity;sid:84503316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15122019105601/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640217/; classtype:trojan-activity;sid:84503317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01102020083314/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640210/; classtype:trojan-activity;sid:84503310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21082020084351/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640211/; classtype:trojan-activity;sid:84503311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640209/; classtype:trojan-activity;sid:84503309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640208/; classtype:trojan-activity;sid:84503308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020111257/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640206/; classtype:trojan-activity;sid:84503306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-07-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640207/; classtype:trojan-activity;sid:84503307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02102019111838/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640204/; classtype:trojan-activity;sid:84503304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28092020081646/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640205/; classtype:trojan-activity;sid:84503305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640202)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13012020110907/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640202/; classtype:trojan-activity;sid:84503302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17082020083343/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640203/; classtype:trojan-activity;sid:84503303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04062020095615/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640201/; classtype:trojan-activity;sid:84503301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640200/; classtype:trojan-activity;sid:84503300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-03-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640197/; classtype:trojan-activity;sid:84503297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640198/; classtype:trojan-activity;sid:84503298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640199)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640199/; classtype:trojan-activity;sid:84503299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17082020135014/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640193/; classtype:trojan-activity;sid:84503293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07112019082001/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640194/; classtype:trojan-activity;sid:84503294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/19082019110724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640195/; classtype:trojan-activity;sid:84503295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03112019070238/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640196/; classtype:trojan-activity;sid:84503296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06012020073817/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640192/; classtype:trojan-activity;sid:84503292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640191/; classtype:trojan-activity;sid:84503291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640190/; classtype:trojan-activity;sid:84503290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640189/; classtype:trojan-activity;sid:84503289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30072020083454/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640186/; classtype:trojan-activity;sid:84503286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640187/; classtype:trojan-activity;sid:84503287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020122636/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640188/; classtype:trojan-activity;sid:84503288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11122019111648/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640184/; classtype:trojan-activity;sid:84503284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640185/; classtype:trojan-activity;sid:84503285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/17112020082856/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640181/; classtype:trojan-activity;sid:84503281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640182/; classtype:trojan-activity;sid:84503282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03092020083607/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640183/; classtype:trojan-activity;sid:84503283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640180/; classtype:trojan-activity;sid:84503280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31072020090603/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640179/; classtype:trojan-activity;sid:84503279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17112020082850/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640175/; classtype:trojan-activity;sid:84503275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07012020110938/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640176/; classtype:trojan-activity;sid:84503276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06022020111317/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640177/; classtype:trojan-activity;sid:84503277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05122019102622/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640178/; classtype:trojan-activity;sid:84503278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11092019101353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640170/; classtype:trojan-activity;sid:84503270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020134415/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640171/; classtype:trojan-activity;sid:84503271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24112019092705/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640172/; classtype:trojan-activity;sid:84503272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020100109/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640173/; classtype:trojan-activity;sid:84503273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08012020085654/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640174/; classtype:trojan-activity;sid:84503274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12092019105311/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640168/; classtype:trojan-activity;sid:84503268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19022020101950/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640169/; classtype:trojan-activity;sid:84503269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/01-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640167/; classtype:trojan-activity;sid:84503267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640166/; classtype:trojan-activity;sid:84503266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24092019114025/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640165/; classtype:trojan-activity;sid:84503265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16112019074835/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640164/; classtype:trojan-activity;sid:84503264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640163/; classtype:trojan-activity;sid:84503263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02072020090433/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640162/; classtype:trojan-activity;sid:84503262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/27082020090623/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640161/; classtype:trojan-activity;sid:84503261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640160/; classtype:trojan-activity;sid:84503260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640159/; classtype:trojan-activity;sid:84503259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640157/; classtype:trojan-activity;sid:84503257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640158/; classtype:trojan-activity;sid:84503258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13022020135302/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640154/; classtype:trojan-activity;sid:84503254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15112019075337/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640155/; classtype:trojan-activity;sid:84503255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19112019083249/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640156/; classtype:trojan-activity;sid:84503256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20082020102611/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640152/; classtype:trojan-activity;sid:84503252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03022020111935/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640153/; classtype:trojan-activity;sid:84503253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13032020083802/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640150/; classtype:trojan-activity;sid:84503250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/25102019112149/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640151/; classtype:trojan-activity;sid:84503251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04032020111247/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640149/; classtype:trojan-activity;sid:84503249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640146/; classtype:trojan-activity;sid:84503246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020101521/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640147/; classtype:trojan-activity;sid:84503247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640148/; classtype:trojan-activity;sid:84503248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640142/; classtype:trojan-activity;sid:84503242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16122019075948/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640143/; classtype:trojan-activity;sid:84503243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10112020091947/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640144/; classtype:trojan-activity;sid:84503244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/27102020083245/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640145/; classtype:trojan-activity;sid:84503245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06102019101439/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640140/; classtype:trojan-activity;sid:84503240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05022020111116/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640141/; classtype:trojan-activity;sid:84503241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020104021/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640139/; classtype:trojan-activity;sid:84503239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31102019092133/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640138/; classtype:trojan-activity;sid:84503238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640134/; classtype:trojan-activity;sid:84503234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640135/; classtype:trojan-activity;sid:84503235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640136/; classtype:trojan-activity;sid:84503236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/02062020092842/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640137/; classtype:trojan-activity;sid:84503237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24122019105333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640131/; classtype:trojan-activity;sid:84503231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/18112020084723/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640132/; classtype:trojan-activity;sid:84503232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640133/; classtype:trojan-activity;sid:84503233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640130/; classtype:trojan-activity;sid:84503230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640128/; classtype:trojan-activity;sid:84503228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640129/; classtype:trojan-activity;sid:84503229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/15102019084028/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640127/; classtype:trojan-activity;sid:84503227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640126/; classtype:trojan-activity;sid:84503226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640125/; classtype:trojan-activity;sid:84503225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08112019111614/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640122/; classtype:trojan-activity;sid:84503222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020133526/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640123/; classtype:trojan-activity;sid:84503223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05082020084619/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640124/; classtype:trojan-activity;sid:84503224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640121/; classtype:trojan-activity;sid:84503221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640119/; classtype:trojan-activity;sid:84503219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/12-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640120/; classtype:trojan-activity;sid:84503220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640118/; classtype:trojan-activity;sid:84503218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020102734/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640117/; classtype:trojan-activity;sid:84503217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16112020083847/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640116/; classtype:trojan-activity;sid:84503216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18122019104132/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640115/; classtype:trojan-activity;sid:84503215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13112019072053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640114/; classtype:trojan-activity;sid:84503214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23092020084739/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640112/; classtype:trojan-activity;sid:84503212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26022020083229/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640113/; classtype:trojan-activity;sid:84503213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/27072020085711/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640111/; classtype:trojan-activity;sid:84503211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640110/; classtype:trojan-activity;sid:84503210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-10-08/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640109/; classtype:trojan-activity;sid:84503209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13072020090141/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640107/; classtype:trojan-activity;sid:84503207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17022020110254/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640108/; classtype:trojan-activity;sid:84503208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27022020081136/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640105/; classtype:trojan-activity;sid:84503205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26102020083316/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640103/; classtype:trojan-activity;sid:84503203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/31082020082957/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640104/; classtype:trojan-activity;sid:84503204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10012020110859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640101/; classtype:trojan-activity;sid:84503201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01012020081740/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640102/; classtype:trojan-activity;sid:84503202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14022020071442/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640100/; classtype:trojan-activity;sid:84503200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640098/; classtype:trojan-activity;sid:84503198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640099/; classtype:trojan-activity;sid:84503199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12022020073613/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640097/; classtype:trojan-activity;sid:84503197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640096/; classtype:trojan-activity;sid:84503196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020095020/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640095/; classtype:trojan-activity;sid:84503195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640093/; classtype:trojan-activity;sid:84503193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03072020085353/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640094/; classtype:trojan-activity;sid:84503194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05092019112011/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640092/; classtype:trojan-activity;sid:84503192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26092019111629/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640085/; classtype:trojan-activity;sid:84503185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640086/; classtype:trojan-activity;sid:84503186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03112019104921/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640087/; classtype:trojan-activity;sid:84503187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01032020080703/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640088/; classtype:trojan-activity;sid:84503188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/28102020082833/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640089/; classtype:trojan-activity;sid:84503189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640090/; classtype:trojan-activity;sid:84503190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640091/; classtype:trojan-activity;sid:84503191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640084/; classtype:trojan-activity;sid:84503184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640080/; classtype:trojan-activity;sid:84503180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640081/; classtype:trojan-activity;sid:84503181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11082019085643/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640082/; classtype:trojan-activity;sid:84503182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02122019084813/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640083/; classtype:trojan-activity;sid:84503183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640078/; classtype:trojan-activity;sid:84503178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640079/; classtype:trojan-activity;sid:84503179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22092020082850/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640077/; classtype:trojan-activity;sid:84503177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/11-2019/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640076/; classtype:trojan-activity;sid:84503176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640075/; classtype:trojan-activity;sid:84503175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/30092020084745/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640073/; classtype:trojan-activity;sid:84503173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19022020075912/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640074/; classtype:trojan-activity;sid:84503174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03032020110952/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640070/; classtype:trojan-activity;sid:84503170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27122019111157/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640071/; classtype:trojan-activity;sid:84503171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03102019083900/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640072/; classtype:trojan-activity;sid:84503172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09082019111333/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640068/; classtype:trojan-activity;sid:84503168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01112019083809/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640069/; classtype:trojan-activity;sid:84503169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26012020083237/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640065/; classtype:trojan-activity;sid:84503165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640066/; classtype:trojan-activity;sid:84503166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14012020110758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640067/; classtype:trojan-activity;sid:84503167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04102019112220/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640063/; classtype:trojan-activity;sid:84503163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03022020111124/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640064/; classtype:trojan-activity;sid:84503164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15082019130601/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640062/; classtype:trojan-activity;sid:84503162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22122019073226/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640061/; classtype:trojan-activity;sid:84503161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21102020082747/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640060/; classtype:trojan-activity;sid:84503160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640058/; classtype:trojan-activity;sid:84503158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02092019094723/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640059/; classtype:trojan-activity;sid:84503159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08012020111051/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640056/; classtype:trojan-activity;sid:84503156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30062020101303/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640057/; classtype:trojan-activity;sid:84503157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25092020083633/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640055/; classtype:trojan-activity;sid:84503155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640054/; classtype:trojan-activity;sid:84503154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10082020111342/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640053/; classtype:trojan-activity;sid:84503153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640050/; classtype:trojan-activity;sid:84503150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640051/; classtype:trojan-activity;sid:84503151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640052/; classtype:trojan-activity;sid:84503152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640049/; classtype:trojan-activity;sid:84503149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08032020111951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640046/; classtype:trojan-activity;sid:84503146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/18092020084619/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640047/; classtype:trojan-activity;sid:84503147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640042/; classtype:trojan-activity;sid:84503142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24012020073245/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640043/; classtype:trojan-activity;sid:84503143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/26102020075621/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640044/; classtype:trojan-activity;sid:84503144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11092020083630/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640045/; classtype:trojan-activity;sid:84503145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/05012020072056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640041/; classtype:trojan-activity;sid:84503141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020074543/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640040/; classtype:trojan-activity;sid:84503140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640038/; classtype:trojan-activity;sid:84503138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020084258/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640039/; classtype:trojan-activity;sid:84503139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26022020101729/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640034/; classtype:trojan-activity;sid:84503134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020081814/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640035/; classtype:trojan-activity;sid:84503135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640036/; classtype:trojan-activity;sid:84503136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10092019111201/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640037/; classtype:trojan-activity;sid:84503137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020083552/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640030/; classtype:trojan-activity;sid:84503130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640031/; classtype:trojan-activity;sid:84503131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640032/; classtype:trojan-activity;sid:84503132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2020-10-08/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640033/; classtype:trojan-activity;sid:84503133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29122019114423/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640029/; classtype:trojan-activity;sid:84503129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640026/; classtype:trojan-activity;sid:84503126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640027/; classtype:trojan-activity;sid:84503127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09082019072718/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640028/; classtype:trojan-activity;sid:84503128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640025/; classtype:trojan-activity;sid:84503125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17022020102857/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640024/; classtype:trojan-activity;sid:84503124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640022/; classtype:trojan-activity;sid:84503122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640023/; classtype:trojan-activity;sid:84503123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640021/; classtype:trojan-activity;sid:84503121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640019/; classtype:trojan-activity;sid:84503119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15082019144543/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640020/; classtype:trojan-activity;sid:84503120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/12-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640018/; classtype:trojan-activity;sid:84503118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640014/; classtype:trojan-activity;sid:84503114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13112020084009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640015/; classtype:trojan-activity;sid:84503115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20022020075703/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640016/; classtype:trojan-activity;sid:84503116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640017/; classtype:trojan-activity;sid:84503117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/27102020082932/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640008/; classtype:trojan-activity;sid:84503108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640009/; classtype:trojan-activity;sid:84503109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03062020090829/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640010/; classtype:trojan-activity;sid:84503110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30062020094507/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640011/; classtype:trojan-activity;sid:84503111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21102020082929/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640012/; classtype:trojan-activity;sid:84503112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-07-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640013/; classtype:trojan-activity;sid:84503113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640007/; classtype:trojan-activity;sid:84503107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020100427/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640005/; classtype:trojan-activity;sid:84503105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23012020091928/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640006/; classtype:trojan-activity;sid:84503106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/inutiliza%c3%a7%c3%a3o/2020-04-03/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640002/; classtype:trojan-activity;sid:84503102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08092020083536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640003/; classtype:trojan-activity;sid:84503103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640004/; classtype:trojan-activity;sid:84503104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640000/; classtype:trojan-activity;sid:84503100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3640001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3640001/; classtype:trojan-activity;sid:84503101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-10-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639997/; classtype:trojan-activity;sid:84503097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20032020081552/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639998/; classtype:trojan-activity;sid:84503098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639999/; classtype:trojan-activity;sid:84503099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03092019105225/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639994/; classtype:trojan-activity;sid:84503094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020133808/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639995/; classtype:trojan-activity;sid:84503095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17012020084051/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639996/; classtype:trojan-activity;sid:84503096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639989/; classtype:trojan-activity;sid:84503089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/01102020083600/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639990/; classtype:trojan-activity;sid:84503090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13032020104927/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639991/; classtype:trojan-activity;sid:84503091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09112020083752/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639992/; classtype:trojan-activity;sid:84503092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09062020093848/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639993/; classtype:trojan-activity;sid:84503093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24082020090248/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639978/; classtype:trojan-activity;sid:84503078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16112020080638/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639979/; classtype:trojan-activity;sid:84503079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08022020072445/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639980/; classtype:trojan-activity;sid:84503080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07102020083555/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639981/; classtype:trojan-activity;sid:84503081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05032020083908/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639982/; classtype:trojan-activity;sid:84503082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639983/; classtype:trojan-activity;sid:84503083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639984)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19062020090232/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639984/; classtype:trojan-activity;sid:84503084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26012020111351/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639985/; classtype:trojan-activity;sid:84503085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639986/; classtype:trojan-activity;sid:84503086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639987/; classtype:trojan-activity;sid:84503087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639988/; classtype:trojan-activity;sid:84503088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639977/; classtype:trojan-activity;sid:84503077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-08-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639972/; classtype:trojan-activity;sid:84503072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19092019074714/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639973/; classtype:trojan-activity;sid:84503073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21072020093617/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639974/; classtype:trojan-activity;sid:84503074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14082020081409/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639975/; classtype:trojan-activity;sid:84503075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10062020091936/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639976/; classtype:trojan-activity;sid:84503076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02082019112443/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639970/; classtype:trojan-activity;sid:84503070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/08082019111219/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639971/; classtype:trojan-activity;sid:84503071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639967/; classtype:trojan-activity;sid:84503067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020081931/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639968/; classtype:trojan-activity;sid:84503068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23122019110916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639969/; classtype:trojan-activity;sid:84503069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-11-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639966/; classtype:trojan-activity;sid:84503066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17112019083053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639963/; classtype:trojan-activity;sid:84503063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/27082020090628/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639964/; classtype:trojan-activity;sid:84503064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639965/; classtype:trojan-activity;sid:84503065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13032020103807/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639958/; classtype:trojan-activity;sid:84503058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25112020082318/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639959/; classtype:trojan-activity;sid:84503059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21012020074114/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639960/; classtype:trojan-activity;sid:84503060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-09-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639961/; classtype:trojan-activity;sid:84503061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020123215/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639962/; classtype:trojan-activity;sid:84503062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639956/; classtype:trojan-activity;sid:84503056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-02-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639957/; classtype:trojan-activity;sid:84503057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020104048/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639955/; classtype:trojan-activity;sid:84503055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639950/; classtype:trojan-activity;sid:84503050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639951/; classtype:trojan-activity;sid:84503051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639952/; classtype:trojan-activity;sid:84503052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/22102019090025/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639953/; classtype:trojan-activity;sid:84503053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639954/; classtype:trojan-activity;sid:84503054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/13072020085649/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639949/; classtype:trojan-activity;sid:84503049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20112019075837/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639948/; classtype:trojan-activity;sid:84503048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/03112020074647/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639944/; classtype:trojan-activity;sid:84503044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639945/; classtype:trojan-activity;sid:84503045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639946/; classtype:trojan-activity;sid:84503046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-11-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639947/; classtype:trojan-activity;sid:84503047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04082019131545/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639934/; classtype:trojan-activity;sid:84503034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639935/; classtype:trojan-activity;sid:84503035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24122019093903/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639936/; classtype:trojan-activity;sid:84503036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20112020075653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639937/; classtype:trojan-activity;sid:84503037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639938/; classtype:trojan-activity;sid:84503038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639939/; classtype:trojan-activity;sid:84503039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639940/; classtype:trojan-activity;sid:84503040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020132949/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639941/; classtype:trojan-activity;sid:84503041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09032020100758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639942/; classtype:trojan-activity;sid:84503042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10082020090216/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639943/; classtype:trojan-activity;sid:84503043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08092020083658/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639933/; classtype:trojan-activity;sid:84503033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639932/; classtype:trojan-activity;sid:84503032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639930/; classtype:trojan-activity;sid:84503030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30012020110551/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639931/; classtype:trojan-activity;sid:84503031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01072020094419/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639929/; classtype:trojan-activity;sid:84503029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17082020090142/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639927/; classtype:trojan-activity;sid:84503027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19032020083840/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639928/; classtype:trojan-activity;sid:84503028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639925/; classtype:trojan-activity;sid:84503025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639926/; classtype:trojan-activity;sid:84503026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639924/; classtype:trojan-activity;sid:84503024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07022020111253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639923/; classtype:trojan-activity;sid:84503023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-07-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639922/; classtype:trojan-activity;sid:84503022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639918/; classtype:trojan-activity;sid:84503018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22112019100951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639919/; classtype:trojan-activity;sid:84503019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13122019111206/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639920/; classtype:trojan-activity;sid:84503020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06012020074513/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639921/; classtype:trojan-activity;sid:84503021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639917/; classtype:trojan-activity;sid:84503017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23012020092636/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639915/; classtype:trojan-activity;sid:84503015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639916/; classtype:trojan-activity;sid:84503016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/29102020082309/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639914/; classtype:trojan-activity;sid:84503014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639911)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06082020090718/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639911/; classtype:trojan-activity;sid:84503011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639912/; classtype:trojan-activity;sid:84503012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639913/; classtype:trojan-activity;sid:84503013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639910/; classtype:trojan-activity;sid:84503010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639909/; classtype:trojan-activity;sid:84503009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639905/; classtype:trojan-activity;sid:84503005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/16102020083226/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639906/; classtype:trojan-activity;sid:84503006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639907/; classtype:trojan-activity;sid:84503007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/01-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639904/; classtype:trojan-activity;sid:84503004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18082019122449/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639903/; classtype:trojan-activity;sid:84503003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020103538/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639902/; classtype:trojan-activity;sid:84503002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639901/; classtype:trojan-activity;sid:84503001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639895/; classtype:trojan-activity;sid:84502995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-10-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639896/; classtype:trojan-activity;sid:84502996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13122019135646/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639897/; classtype:trojan-activity;sid:84502997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05012020143813/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639898/; classtype:trojan-activity;sid:84502998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15102020085329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639899/; classtype:trojan-activity;sid:84502999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/27112019111246/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639900/; classtype:trojan-activity;sid:84503000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020083422/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639887/; classtype:trojan-activity;sid:84502987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09012020110944/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639888/; classtype:trojan-activity;sid:84502988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18092019085852/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639889/; classtype:trojan-activity;sid:84502989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639890/; classtype:trojan-activity;sid:84502990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639891/; classtype:trojan-activity;sid:84502991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020084523/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639892/; classtype:trojan-activity;sid:84502992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02012020110551/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639893/; classtype:trojan-activity;sid:84502993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09072020081548/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639894/; classtype:trojan-activity;sid:84502994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08112019085005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639883/; classtype:trojan-activity;sid:84502983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04112019081526/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639884/; classtype:trojan-activity;sid:84502984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639885/; classtype:trojan-activity;sid:84502985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25082020144130/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639886/; classtype:trojan-activity;sid:84502986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-10-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639882/; classtype:trojan-activity;sid:84502982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04092019110951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639879/; classtype:trojan-activity;sid:84502979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/30092019083849/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639880/; classtype:trojan-activity;sid:84502980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639881/; classtype:trojan-activity;sid:84502981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/erro%20processo/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639877/; classtype:trojan-activity;sid:84502977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639878/; classtype:trojan-activity;sid:84502978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11112020082600/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639874/; classtype:trojan-activity;sid:84502974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/24012020111241/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639875/; classtype:trojan-activity;sid:84502975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-08-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639876/; classtype:trojan-activity;sid:84502976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639872/; classtype:trojan-activity;sid:84502972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-10-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639873/; classtype:trojan-activity;sid:84502973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14092020083253/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639869/; classtype:trojan-activity;sid:84502969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/09-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639870/; classtype:trojan-activity;sid:84502970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/05012020110642/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639871/; classtype:trojan-activity;sid:84502971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639868/; classtype:trojan-activity;sid:84502968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639866/; classtype:trojan-activity;sid:84502966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03032020102418/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639867/; classtype:trojan-activity;sid:84502967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639863/; classtype:trojan-activity;sid:84502963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639864/; classtype:trojan-activity;sid:84502964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20072020091121/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639865/; classtype:trojan-activity;sid:84502965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28012020073720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639861/; classtype:trojan-activity;sid:84502961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26082019084827/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639862/; classtype:trojan-activity;sid:84502962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16022020114143/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639857/; classtype:trojan-activity;sid:84502957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639858/; classtype:trojan-activity;sid:84502958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639859/; classtype:trojan-activity;sid:84502959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639860/; classtype:trojan-activity;sid:84502960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23112020082717/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639855/; classtype:trojan-activity;sid:84502955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/31072020085242/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639856/; classtype:trojan-activity;sid:84502956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04022020110839/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639854/; classtype:trojan-activity;sid:84502954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15122019082345/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639853/; classtype:trojan-activity;sid:84502953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639852/; classtype:trojan-activity;sid:84502952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639851/; classtype:trojan-activity;sid:84502951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639850/; classtype:trojan-activity;sid:84502950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639847/; classtype:trojan-activity;sid:84502947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020085536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639848/; classtype:trojan-activity;sid:84502948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/23112020080128/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639849/; classtype:trojan-activity;sid:84502949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639845/; classtype:trojan-activity;sid:84502945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/30082019111821/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639846/; classtype:trojan-activity;sid:84502946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-10-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639843/; classtype:trojan-activity;sid:84502943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23102020113619/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639844/; classtype:trojan-activity;sid:84502944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19012020071358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639842/; classtype:trojan-activity;sid:84502942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23012020092152/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639840/; classtype:trojan-activity;sid:84502940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09112020084306/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639841/; classtype:trojan-activity;sid:84502941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/05102020083904/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639833/; classtype:trojan-activity;sid:84502933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639834/; classtype:trojan-activity;sid:84502934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639835/; classtype:trojan-activity;sid:84502935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639836/; classtype:trojan-activity;sid:84502936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05102020081614/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639837/; classtype:trojan-activity;sid:84502937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639838/; classtype:trojan-activity;sid:84502938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21112019085916/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639839/; classtype:trojan-activity;sid:84502939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639829/; classtype:trojan-activity;sid:84502929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18012020075446/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639830/; classtype:trojan-activity;sid:84502930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639831/; classtype:trojan-activity;sid:84502931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/07102020082825/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639832/; classtype:trojan-activity;sid:84502932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17062020084859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639827/; classtype:trojan-activity;sid:84502927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639828/; classtype:trojan-activity;sid:84502928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07082020084250/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639819/; classtype:trojan-activity;sid:84502919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18082019110944/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639821/; classtype:trojan-activity;sid:84502921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639822/; classtype:trojan-activity;sid:84502922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639823/; classtype:trojan-activity;sid:84502923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639824/; classtype:trojan-activity;sid:84502924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639825/; classtype:trojan-activity;sid:84502925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639826/; classtype:trojan-activity;sid:84502926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639814/; classtype:trojan-activity;sid:84502914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23102019105245/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639815/; classtype:trojan-activity;sid:84502915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639816/; classtype:trojan-activity;sid:84502916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20102019110029/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639817/; classtype:trojan-activity;sid:84502917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08012020073801/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639818/; classtype:trojan-activity;sid:84502918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-09-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639813/; classtype:trojan-activity;sid:84502913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639812/; classtype:trojan-activity;sid:84502912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-07-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639811/; classtype:trojan-activity;sid:84502911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639809)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/01-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639809/; classtype:trojan-activity;sid:84502909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639810/; classtype:trojan-activity;sid:84502910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01022020102637/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639806/; classtype:trojan-activity;sid:84502906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19082020084933/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639807/; classtype:trojan-activity;sid:84502907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639808/; classtype:trojan-activity;sid:84502908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639804/; classtype:trojan-activity;sid:84502904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11032020103137/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639805/; classtype:trojan-activity;sid:84502905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639801/; classtype:trojan-activity;sid:84502901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/29022020081541/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639802/; classtype:trojan-activity;sid:84502902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29082019114231/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639803/; classtype:trojan-activity;sid:84502903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639798/; classtype:trojan-activity;sid:84502898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639799/; classtype:trojan-activity;sid:84502899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639800)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31012020085848/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639800/; classtype:trojan-activity;sid:84502900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020130026/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639796/; classtype:trojan-activity;sid:84502896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06082019113125/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639797/; classtype:trojan-activity;sid:84502897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639795)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03082020090205/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639795/; classtype:trojan-activity;sid:84502895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639794/; classtype:trojan-activity;sid:84502894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639788/; classtype:trojan-activity;sid:84502888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09062020095056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639789/; classtype:trojan-activity;sid:84502889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639790/; classtype:trojan-activity;sid:84502890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-05-28/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639791/; classtype:trojan-activity;sid:84502891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23102020082312/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639792/; classtype:trojan-activity;sid:84502892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639793)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639793/; classtype:trojan-activity;sid:84502893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639787/; classtype:trojan-activity;sid:84502887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/21092020083859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639785/; classtype:trojan-activity;sid:84502885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/03-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639786/; classtype:trojan-activity;sid:84502886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020084709/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639781/; classtype:trojan-activity;sid:84502881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16082019111904/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639782/; classtype:trojan-activity;sid:84502882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020115230/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639783/; classtype:trojan-activity;sid:84502883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10122019102551/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639784/; classtype:trojan-activity;sid:84502884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020083631/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639779/; classtype:trojan-activity;sid:84502879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10032020110052/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639780/; classtype:trojan-activity;sid:84502880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05102020084757/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639771/; classtype:trojan-activity;sid:84502871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639772/; classtype:trojan-activity;sid:84502872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/03-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639773/; classtype:trojan-activity;sid:84502873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/24082020085902/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639774/; classtype:trojan-activity;sid:84502874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639775/; classtype:trojan-activity;sid:84502875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639776/; classtype:trojan-activity;sid:84502876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/29102020082350/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639777/; classtype:trojan-activity;sid:84502877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03022020090831/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639778/; classtype:trojan-activity;sid:84502878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-08-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639770/; classtype:trojan-activity;sid:84502870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20082019082941/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639767/; classtype:trojan-activity;sid:84502867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-10-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639768/; classtype:trojan-activity;sid:84502868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15032020103319/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639769/; classtype:trojan-activity;sid:84502869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020131117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639765/; classtype:trojan-activity;sid:84502865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06012020082718/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639766/; classtype:trojan-activity;sid:84502866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639760/; classtype:trojan-activity;sid:84502860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03082020122030/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639761/; classtype:trojan-activity;sid:84502861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639762/; classtype:trojan-activity;sid:84502862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639763/; classtype:trojan-activity;sid:84502863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14102019084705/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639764/; classtype:trojan-activity;sid:84502864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639756/; classtype:trojan-activity;sid:84502856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639757/; classtype:trojan-activity;sid:84502857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639758/; classtype:trojan-activity;sid:84502858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639759/; classtype:trojan-activity;sid:84502859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639754/; classtype:trojan-activity;sid:84502854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30062020090329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639755/; classtype:trojan-activity;sid:84502855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639750/; classtype:trojan-activity;sid:84502850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-03-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639751/; classtype:trojan-activity;sid:84502851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15092019102909/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639752/; classtype:trojan-activity;sid:84502852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20022020082342/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639753/; classtype:trojan-activity;sid:84502853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11092019111609/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639746/; classtype:trojan-activity;sid:84502846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04032020110636/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639747/; classtype:trojan-activity;sid:84502847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639748/; classtype:trojan-activity;sid:84502848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09092020083221/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639749/; classtype:trojan-activity;sid:84502849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639744/; classtype:trojan-activity;sid:84502844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/15032020114400/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639745/; classtype:trojan-activity;sid:84502845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639742/; classtype:trojan-activity;sid:84502842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03082020084053/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639743/; classtype:trojan-activity;sid:84502843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639740/; classtype:trojan-activity;sid:84502840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639741/; classtype:trojan-activity;sid:84502841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08082019090911/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639737/; classtype:trojan-activity;sid:84502837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/11082020084800/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639738/; classtype:trojan-activity;sid:84502838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639739/; classtype:trojan-activity;sid:84502839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/28092020085509/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639735/; classtype:trojan-activity;sid:84502835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06072020085729/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639736/; classtype:trojan-activity;sid:84502836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639731/; classtype:trojan-activity;sid:84502831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020072536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639732/; classtype:trojan-activity;sid:84502832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12032020083503/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639733/; classtype:trojan-activity;sid:84502833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18082019125623/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639734/; classtype:trojan-activity;sid:84502834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639729/; classtype:trojan-activity;sid:84502829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/18082020084703/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639730/; classtype:trojan-activity;sid:84502830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11022020082315/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639728/; classtype:trojan-activity;sid:84502828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2019-08-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639725/; classtype:trojan-activity;sid:84502825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10092019085048/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639726/; classtype:trojan-activity;sid:84502826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639727/; classtype:trojan-activity;sid:84502827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03122019110948/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639719/; classtype:trojan-activity;sid:84502819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020120854/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639720/; classtype:trojan-activity;sid:84502820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639721/; classtype:trojan-activity;sid:84502821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639722/; classtype:trojan-activity;sid:84502822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639723/; classtype:trojan-activity;sid:84502823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18012020075736/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639724/; classtype:trojan-activity;sid:84502824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06112019135902/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639718/; classtype:trojan-activity;sid:84502818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/10082020090221/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639716/; classtype:trojan-activity;sid:84502816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020083700/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639717/; classtype:trojan-activity;sid:84502817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020083928/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639712/; classtype:trojan-activity;sid:84502812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/06-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639713/; classtype:trojan-activity;sid:84502813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639714/; classtype:trojan-activity;sid:84502814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639715/; classtype:trojan-activity;sid:84502815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639709/; classtype:trojan-activity;sid:84502809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02092019111329/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639710/; classtype:trojan-activity;sid:84502810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/01062020092311/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639711/; classtype:trojan-activity;sid:84502811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639708/; classtype:trojan-activity;sid:84502808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24092020090102/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639699/; classtype:trojan-activity;sid:84502799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639700/; classtype:trojan-activity;sid:84502800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16022020101952/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639701/; classtype:trojan-activity;sid:84502801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15092019133613/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639702/; classtype:trojan-activity;sid:84502802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639703/; classtype:trojan-activity;sid:84502803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/11092020084854/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639704/; classtype:trojan-activity;sid:84502804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12012020111716/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639705/; classtype:trojan-activity;sid:84502805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639706/; classtype:trojan-activity;sid:84502806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639707/; classtype:trojan-activity;sid:84502807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/18062020084013/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639695/; classtype:trojan-activity;sid:84502795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020120603/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639696/; classtype:trojan-activity;sid:84502796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639697/; classtype:trojan-activity;sid:84502797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/28072020084122/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639698/; classtype:trojan-activity;sid:84502798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020120024/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639694/; classtype:trojan-activity;sid:84502794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639692/; classtype:trojan-activity;sid:84502792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15092019081708/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639693/; classtype:trojan-activity;sid:84502793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639689/; classtype:trojan-activity;sid:84502789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639690/; classtype:trojan-activity;sid:84502790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/02-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639691/; classtype:trojan-activity;sid:84502791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/22062020084643/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639688/; classtype:trojan-activity;sid:84502788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08102020083849/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639687/; classtype:trojan-activity;sid:84502787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639682/; classtype:trojan-activity;sid:84502782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16082019085315/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639683/; classtype:trojan-activity;sid:84502783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21022020080853/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639684/; classtype:trojan-activity;sid:84502784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13022020102228/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639679/; classtype:trojan-activity;sid:84502779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14102019112118/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639680/; classtype:trojan-activity;sid:84502780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03102019112720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639681/; classtype:trojan-activity;sid:84502781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/10-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639678/; classtype:trojan-activity;sid:84502778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639676/; classtype:trojan-activity;sid:84502776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639677/; classtype:trojan-activity;sid:84502777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639674/; classtype:trojan-activity;sid:84502774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639675/; classtype:trojan-activity;sid:84502775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639669/; classtype:trojan-activity;sid:84502769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03112019070036/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639670/; classtype:trojan-activity;sid:84502770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03022020080535/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639671/; classtype:trojan-activity;sid:84502771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01072020095640/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639672/; classtype:trojan-activity;sid:84502772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639673)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639673/; classtype:trojan-activity;sid:84502773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020092254/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639667/; classtype:trojan-activity;sid:84502767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/03112020083749/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639668/; classtype:trojan-activity;sid:84502768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/12082020092141/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639663/; classtype:trojan-activity;sid:84502763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/25082020083852/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639664/; classtype:trojan-activity;sid:84502764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13022020084119/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639665/; classtype:trojan-activity;sid:84502765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11102019111952/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639666/; classtype:trojan-activity;sid:84502766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639662/; classtype:trojan-activity;sid:84502762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/01/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639661/; classtype:trojan-activity;sid:84502761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14092020084203/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639660/; classtype:trojan-activity;sid:84502760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639654/; classtype:trojan-activity;sid:84502754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/10112020084012/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639655/; classtype:trojan-activity;sid:84502755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28122019084412/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639656/; classtype:trojan-activity;sid:84502756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/18082019110715/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639657/; classtype:trojan-activity;sid:84502757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-08-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639658/; classtype:trojan-activity;sid:84502758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04112020082536/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639659/; classtype:trojan-activity;sid:84502759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639649/; classtype:trojan-activity;sid:84502749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639650/; classtype:trojan-activity;sid:84502750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14092019094403/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639651/; classtype:trojan-activity;sid:84502751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09092020085507/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639652/; classtype:trojan-activity;sid:84502752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639653/; classtype:trojan-activity;sid:84502753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-05-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639646/; classtype:trojan-activity;sid:84502746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639647/; classtype:trojan-activity;sid:84502747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26022020102752/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639648/; classtype:trojan-activity;sid:84502748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/26082020084204/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639641/; classtype:trojan-activity;sid:84502741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639642)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04052020134759/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639642/; classtype:trojan-activity;sid:84502742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10022020115748/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639643/; classtype:trojan-activity;sid:84502743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24102019081656/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639644/; classtype:trojan-activity;sid:84502744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639645/; classtype:trojan-activity;sid:84502745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639638/; classtype:trojan-activity;sid:84502738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639639/; classtype:trojan-activity;sid:84502739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639640/; classtype:trojan-activity;sid:84502740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/08-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639632/; classtype:trojan-activity;sid:84502732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639633/; classtype:trojan-activity;sid:84502733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639634/; classtype:trojan-activity;sid:84502734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020113111/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639635/; classtype:trojan-activity;sid:84502735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04082020085059/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639636/; classtype:trojan-activity;sid:84502736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639637/; classtype:trojan-activity;sid:84502737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/16112020081236/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639631/; classtype:trojan-activity;sid:84502731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11022020082009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639629/; classtype:trojan-activity;sid:84502729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020075923/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639630/; classtype:trojan-activity;sid:84502730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/cancelamento/2020-10-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639616/; classtype:trojan-activity;sid:84502716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01072020094018/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639617/; classtype:trojan-activity;sid:84502717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639618)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/2_0_50727/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639618/; classtype:trojan-activity;sid:84502718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/08092020084724/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639619/; classtype:trojan-activity;sid:84502719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-06-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639620/; classtype:trojan-activity;sid:84502720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639621/; classtype:trojan-activity;sid:84502721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08012020074226/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639622/; classtype:trojan-activity;sid:84502722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639623/; classtype:trojan-activity;sid:84502723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/12112019075105/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639624/; classtype:trojan-activity;sid:84502724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639625/; classtype:trojan-activity;sid:84502725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020105757/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639626/; classtype:trojan-activity;sid:84502726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/recep%c3%a7%c3%a3o/2020-10-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639627/; classtype:trojan-activity;sid:84502727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639628/; classtype:trojan-activity;sid:84502728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639613/; classtype:trojan-activity;sid:84502713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-08-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639614/; classtype:trojan-activity;sid:84502714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639615/; classtype:trojan-activity;sid:84502715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639611/; classtype:trojan-activity;sid:84502711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20102019112719/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639612/; classtype:trojan-activity;sid:84502712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639609/; classtype:trojan-activity;sid:84502709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/30072020090333/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639610/; classtype:trojan-activity;sid:84502710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17122019110717/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639608/; classtype:trojan-activity;sid:84502708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09092019111637/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639606/; classtype:trojan-activity;sid:84502706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/27/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639607/; classtype:trojan-activity;sid:84502707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639605/; classtype:trojan-activity;sid:84502705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639603/; classtype:trojan-activity;sid:84502703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/29092019110355/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639604/; classtype:trojan-activity;sid:84502704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15022020102448/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639602/; classtype:trojan-activity;sid:84502702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20012020114823/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639601/; classtype:trojan-activity;sid:84502701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/02122019110838/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639598/; classtype:trojan-activity;sid:84502698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639599/; classtype:trojan-activity;sid:84502699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17112020082540/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639600/; classtype:trojan-activity;sid:84502700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639597/; classtype:trojan-activity;sid:84502697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/12-2019/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639589/; classtype:trojan-activity;sid:84502689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03032020074449/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639590/; classtype:trojan-activity;sid:84502690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-02-21/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639591/; classtype:trojan-activity;sid:84502691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05112020085426/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639592/; classtype:trojan-activity;sid:84502692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639593/; classtype:trojan-activity;sid:84502693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/21082019085347/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639594/; classtype:trojan-activity;sid:84502694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639595/; classtype:trojan-activity;sid:84502695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-05-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639596/; classtype:trojan-activity;sid:84502696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639587)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2019-10-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639587/; classtype:trojan-activity;sid:84502687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639588/; classtype:trojan-activity;sid:84502688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20032020081408/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639583/; classtype:trojan-activity;sid:84502683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639584/; classtype:trojan-activity;sid:84502684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04082019084655/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639585/; classtype:trojan-activity;sid:84502685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639586/; classtype:trojan-activity;sid:84502686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/31102019072830/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639581/; classtype:trojan-activity;sid:84502681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639582/; classtype:trojan-activity;sid:84502682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639577/; classtype:trojan-activity;sid:84502677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639578/; classtype:trojan-activity;sid:84502678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/03-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639579/; classtype:trojan-activity;sid:84502679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/31082020083341/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639580/; classtype:trojan-activity;sid:84502680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/12-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639575/; classtype:trojan-activity;sid:84502675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22082019075937/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639576/; classtype:trojan-activity;sid:84502676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09022020111331/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639571/; classtype:trojan-activity;sid:84502671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/22092019110841/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639572/; classtype:trojan-activity;sid:84502672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639573/; classtype:trojan-activity;sid:84502673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639574/; classtype:trojan-activity;sid:84502674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639568/; classtype:trojan-activity;sid:84502668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639569/; classtype:trojan-activity;sid:84502669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639570/; classtype:trojan-activity;sid:84502670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639566/; classtype:trojan-activity;sid:84502666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/26092019080641/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639567/; classtype:trojan-activity;sid:84502667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639565/; classtype:trojan-activity;sid:84502665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639563/; classtype:trojan-activity;sid:84502663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04022020073214/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639564/; classtype:trojan-activity;sid:84502664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639562/; classtype:trojan-activity;sid:84502662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10082020111337/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639556/; classtype:trojan-activity;sid:84502656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639557/; classtype:trojan-activity;sid:84502657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639558/; classtype:trojan-activity;sid:84502658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/19012020102742/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639559/; classtype:trojan-activity;sid:84502659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/12-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639560/; classtype:trojan-activity;sid:84502660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/28082020083744/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639561/; classtype:trojan-activity;sid:84502661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020113717/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639555/; classtype:trojan-activity;sid:84502655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/02/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639554/; classtype:trojan-activity;sid:84502654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/09102020082318/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639546/; classtype:trojan-activity;sid:84502646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13012020072707/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639547/; classtype:trojan-activity;sid:84502647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/01092020082442/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639548/; classtype:trojan-activity;sid:84502648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/2020-08-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639549/; classtype:trojan-activity;sid:84502649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/03-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639550/; classtype:trojan-activity;sid:84502650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/02-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639551/; classtype:trojan-activity;sid:84502651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06102020130002/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639552/; classtype:trojan-activity;sid:84502652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/16112020081243/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639553/; classtype:trojan-activity;sid:84502653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639543)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2020/28/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639543/; classtype:trojan-activity;sid:84502643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-02-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639544/; classtype:trojan-activity;sid:84502644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/01092019071953/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639545/; classtype:trojan-activity;sid:84502645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639542/; classtype:trojan-activity;sid:84502642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/04/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639541/; classtype:trojan-activity;sid:84502641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639539/; classtype:trojan-activity;sid:84502639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639540)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/05102020083859/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639540/; classtype:trojan-activity;sid:84502640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020111707/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639534/; classtype:trojan-activity;sid:84502634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639535/; classtype:trojan-activity;sid:84502635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/20112019100256/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639536/; classtype:trojan-activity;sid:84502636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22092019074945/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639537/; classtype:trojan-activity;sid:84502637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639538)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/12112020084702/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639538/; classtype:trojan-activity;sid:84502638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020092440/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639528/; classtype:trojan-activity;sid:84502628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19102020080704/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639529/; classtype:trojan-activity;sid:84502629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639530/; classtype:trojan-activity;sid:84502630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639531/; classtype:trojan-activity;sid:84502631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-10-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639532/; classtype:trojan-activity;sid:84502632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04082020083144/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639533/; classtype:trojan-activity;sid:84502633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/12-2019/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639527/; classtype:trojan-activity;sid:84502627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639526/; classtype:trojan-activity;sid:84502626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/11082020091056/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639525/; classtype:trojan-activity;sid:84502625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/28072020084117/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639524/; classtype:trojan-activity;sid:84502624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/21092020082654/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639519/; classtype:trojan-activity;sid:84502619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639520/; classtype:trojan-activity;sid:84502620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/14102020092025/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639521/; classtype:trojan-activity;sid:84502621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17112019081221/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639522/; classtype:trojan-activity;sid:84502622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/10/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639523/; classtype:trojan-activity;sid:84502623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639517/; classtype:trojan-activity;sid:84502617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/14/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639518/; classtype:trojan-activity;sid:84502618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/26112020083005/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639512/; classtype:trojan-activity;sid:84502612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/02092020090350/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639513/; classtype:trojan-activity;sid:84502613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639514/; classtype:trojan-activity;sid:84502614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/23112020082726/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639515/; classtype:trojan-activity;sid:84502615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020125802/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639516/; classtype:trojan-activity;sid:84502616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/23102019132849/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639511/; classtype:trojan-activity;sid:84502611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06092019110358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639508/; classtype:trojan-activity;sid:84502608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/16032020100222/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639509/; classtype:trojan-activity;sid:84502609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639510/; classtype:trojan-activity;sid:84502610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639506/; classtype:trojan-activity;sid:84502606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/27012020075725/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639507/; classtype:trojan-activity;sid:84502607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12032020111238/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639503/; classtype:trojan-activity;sid:84502603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639504/; classtype:trojan-activity;sid:84502604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/24092019102653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639505/; classtype:trojan-activity;sid:84502605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639501)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09022020144937/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639501/; classtype:trojan-activity;sid:84502601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09062020113808/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639502/; classtype:trojan-activity;sid:84502602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/17022020073339/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639500/; classtype:trojan-activity;sid:84502600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/03/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639498/; classtype:trojan-activity;sid:84502598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/18012020073616/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639499/; classtype:trojan-activity;sid:84502599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26112019110601/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639497/; classtype:trojan-activity;sid:84502597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/02-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639495/; classtype:trojan-activity;sid:84502595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639496/; classtype:trojan-activity;sid:84502596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/28092020084805/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639492/; classtype:trojan-activity;sid:84502592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06112020083335/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639493/; classtype:trojan-activity;sid:84502593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639494/; classtype:trojan-activity;sid:84502594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/0011/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639483/; classtype:trojan-activity;sid:84502583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09012020103652/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639484/; classtype:trojan-activity;sid:84502584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/03022020112951/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639485/; classtype:trojan-activity;sid:84502585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639486/; classtype:trojan-activity;sid:84502586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/07102019113952/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639487/; classtype:trojan-activity;sid:84502587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/19112020084628/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639488/; classtype:trojan-activity;sid:84502588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639489/; classtype:trojan-activity;sid:84502589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06102020120909/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639490/; classtype:trojan-activity;sid:84502590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639491/; classtype:trojan-activity;sid:84502591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/10-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639482/; classtype:trojan-activity;sid:84502582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/02032020083839/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639481/; classtype:trojan-activity;sid:84502581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/08032020103000/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639479/; classtype:trojan-activity;sid:84502579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639480/; classtype:trojan-activity;sid:84502580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15092020083724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639474/; classtype:trojan-activity;sid:84502574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639475)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/02022020110300/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639475/; classtype:trojan-activity;sid:84502575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10092020082952/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639476/; classtype:trojan-activity;sid:84502576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639477)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/09022020080642/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639477/; classtype:trojan-activity;sid:84502577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-11-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639478/; classtype:trojan-activity;sid:84502578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/09/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639471/; classtype:trojan-activity;sid:84502571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639472/; classtype:trojan-activity;sid:84502572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04012020083204/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639473/; classtype:trojan-activity;sid:84502573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639467/; classtype:trojan-activity;sid:84502567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22012020081724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639468/; classtype:trojan-activity;sid:84502568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/03112020074640/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639469/; classtype:trojan-activity;sid:84502569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/07-2020/15/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639470/; classtype:trojan-activity;sid:84502570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/20072020090223/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639466/; classtype:trojan-activity;sid:84502566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/08/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639464/; classtype:trojan-activity;sid:84502564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/10-2019/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639465/; classtype:trojan-activity;sid:84502565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020122058/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639463/; classtype:trojan-activity;sid:84502563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-06-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639460/; classtype:trojan-activity;sid:84502560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-05-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639461/; classtype:trojan-activity;sid:84502561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/01-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639462/; classtype:trojan-activity;sid:84502562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/12-2019/06/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639458/; classtype:trojan-activity;sid:84502558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/06102020083538/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639459/; classtype:trojan-activity;sid:84502559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/25112020083803/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639457/; classtype:trojan-activity;sid:84502557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020105330/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639449/; classtype:trojan-activity;sid:84502549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/04062020092328/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639450/; classtype:trojan-activity;sid:84502550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/11-2019/12/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639451/; classtype:trojan-activity;sid:84502551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/11-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639452/; classtype:trojan-activity;sid:84502552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/17032020085116/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639453/; classtype:trojan-activity;sid:84502553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/22122019073549/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639454/; classtype:trojan-activity;sid:84502554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06112019135438/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639455/; classtype:trojan-activity;sid:84502555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/06-2020/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639456/; classtype:trojan-activity;sid:84502556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639445/; classtype:trojan-activity;sid:84502545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639446/; classtype:trojan-activity;sid:84502546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/25/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639447/; classtype:trojan-activity;sid:84502547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/11032020091921/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639448/; classtype:trojan-activity;sid:84502548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/03092019103102/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639444/; classtype:trojan-activity;sid:84502544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/11112020084111/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639442/; classtype:trojan-activity;sid:84502542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-07-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639443/; classtype:trojan-activity;sid:84502543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23122019073604/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639439/; classtype:trojan-activity;sid:84502539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/09-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639440/; classtype:trojan-activity;sid:84502540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/14102020092022/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639441/; classtype:trojan-activity;sid:84502541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2019-08-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639436/; classtype:trojan-activity;sid:84502536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2019/31/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639437/; classtype:trojan-activity;sid:84502537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/14102020102401/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639438/; classtype:trojan-activity;sid:84502538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/14082019090706/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639433/; classtype:trojan-activity;sid:84502533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20102020075126/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639434/; classtype:trojan-activity;sid:84502534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/29/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639435/; classtype:trojan-activity;sid:84502535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639431)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/4_0_30319/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639431/; classtype:trojan-activity;sid:84502531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/01-2020/05/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639432/; classtype:trojan-activity;sid:84502532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-08-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639428/; classtype:trojan-activity;sid:84502528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/13012020080237/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639429/; classtype:trojan-activity;sid:84502529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/06092019111336/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639430/; classtype:trojan-activity;sid:84502530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-07-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639423/; classtype:trojan-activity;sid:84502523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10072020093358/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639424/; classtype:trojan-activity;sid:84502524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/17072020085911/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639425/; classtype:trojan-activity;sid:84502525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30062020102002/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639426/; classtype:trojan-activity;sid:84502526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/05-2020/16/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639427/; classtype:trojan-activity;sid:84502527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/09102019112058/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639421/; classtype:trojan-activity;sid:84502521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639422/; classtype:trojan-activity;sid:84502522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/23022020072403/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639418/; classtype:trojan-activity;sid:84502518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/14022020072009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639419/; classtype:trojan-activity;sid:84502519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10022020130325/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639420/; classtype:trojan-activity;sid:84502520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/2020-11-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639416/; classtype:trojan-activity;sid:84502516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16022020064123/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639417/; classtype:trojan-activity;sid:84502517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/04-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639415/; classtype:trojan-activity;sid:84502515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/13072020085518/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639412/; classtype:trojan-activity;sid:84502512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/20112020083816/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639413/; classtype:trojan-activity;sid:84502513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11022020111009/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639414/; classtype:trojan-activity;sid:84502514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-02-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639411/; classtype:trojan-activity;sid:84502511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639409)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/20122019073158/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639409/; classtype:trojan-activity;sid:84502509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639410)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/11/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639410/; classtype:trojan-activity;sid:84502510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19082020090548/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639402/; classtype:trojan-activity;sid:84502502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/06-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639403/; classtype:trojan-activity;sid:84502503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/15062020134851/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639404/; classtype:trojan-activity;sid:84502504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639405)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/10082020090720/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639405/; classtype:trojan-activity;sid:84502505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/24/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639406/; classtype:trojan-activity;sid:84502506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-07-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639407/; classtype:trojan-activity;sid:84502507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/04082019113653/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639408/; classtype:trojan-activity;sid:84502508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/07-2020/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639398/; classtype:trojan-activity;sid:84502498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/09-2019/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639399/; classtype:trojan-activity;sid:84502499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/11112019111724/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639400/; classtype:trojan-activity;sid:84502500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/06102020082316/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639401/; classtype:trojan-activity;sid:84502501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/carta%20de%20corre%c3%a7%c3%a3o/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639394/; classtype:trojan-activity;sid:84502494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/11-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639395/; classtype:trojan-activity;sid:84502495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/19102020081725/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639396/; classtype:trojan-activity;sid:84502496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/25082020083625/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639397/; classtype:trojan-activity;sid:84502497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/05112020082645/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639391/; classtype:trojan-activity;sid:84502491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08072020083929/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639392/; classtype:trojan-activity;sid:84502492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639393)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/08102020081012/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639393/; classtype:trojan-activity;sid:84502493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/03-2020/13/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639389/; classtype:trojan-activity;sid:84502489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/09102020084804/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639390/; classtype:trojan-activity;sid:84502490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/30102020083436/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639388/; classtype:trojan-activity;sid:84502488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/02-2020/21/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639386/; classtype:trojan-activity;sid:84502486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/16012020080702/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639387/; classtype:trojan-activity;sid:84502487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/02-2020/26/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639385/; classtype:trojan-activity;sid:84502485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/28012020074027/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639382/; classtype:trojan-activity;sid:84502482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/07102020094534/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639383/; classtype:trojan-activity;sid:84502483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/24082020084629/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639384/; classtype:trojan-activity;sid:84502484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/15092020083729/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639378/; classtype:trojan-activity;sid:84502478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/10012020103245/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639379/; classtype:trojan-activity;sid:84502479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/21102019084027/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639380/; classtype:trojan-activity;sid:84502480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/04112019084708/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639381/; classtype:trojan-activity;sid:84502481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/01-2020/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639376/; classtype:trojan-activity;sid:84502476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-05-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639377/; classtype:trojan-activity;sid:84502477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/08-2020/23/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639375/; classtype:trojan-activity;sid:84502475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/17022020102208/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639373/; classtype:trojan-activity;sid:84502473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/26082019085422/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639374/; classtype:trojan-activity;sid:84502474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/28112019111235/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639370/; classtype:trojan-activity;sid:84502470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/07072020090050/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639371/; classtype:trojan-activity;sid:84502471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639372)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/teste/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639372/; classtype:trojan-activity;sid:84502472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/12112020084708/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639364/; classtype:trojan-activity;sid:84502464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/08-2019/19/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639365/; classtype:trojan-activity;sid:84502465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/08062020123608/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639366/; classtype:trojan-activity;sid:84502466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/30092020104616/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639367/; classtype:trojan-activity;sid:84502467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10032020110725/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639368/; classtype:trojan-activity;sid:84502468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639369/; classtype:trojan-activity;sid:84502469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/15012020080122/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639363/; classtype:trojan-activity;sid:84502463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639361)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/10022020110654/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639361/; classtype:trojan-activity;sid:84502461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/13112019094121/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639362/; classtype:trojan-activity;sid:84502462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0022/001/10-2019/30/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639355/; classtype:trojan-activity;sid:84502455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0021/31082020082335/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639356/; classtype:trojan-activity;sid:84502456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/01092019100736/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639357/; classtype:trojan-activity;sid:84502457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/0021/24092020090107/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639358/; classtype:trojan-activity;sid:84502458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/cancelamento/2020-01-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639359/; classtype:trojan-activity;sid:84502459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/07/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639360/; classtype:trojan-activity;sid:84502460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020085336/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639354/; classtype:trojan-activity;sid:84502454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639353/; classtype:trojan-activity;sid:84502453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0021/001/03-2020/18/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639352/; classtype:trojan-activity;sid:84502452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0020/001/11-2019/17/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639348/; classtype:trojan-activity;sid:84502448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/08-2019/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639349/; classtype:trojan-activity;sid:84502449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639350)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0011/01092020083825/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639350/; classtype:trojan-activity;sid:84502450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/25022020103040/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639351/; classtype:trojan-activity;sid:84502451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0022/12112019111758/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639346/; classtype:trojan-activity;sid:84502446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/001/09-2019/22/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639347/; classtype:trojan-activity;sid:84502447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/10-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639345/; classtype:trojan-activity;sid:84502445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/06022020085018/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639344/; classtype:trojan-activity;sid:84502444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/02/encerramento/2020-05-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639343/; classtype:trojan-activity;sid:84502443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/0020/04032020080357/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639341/; classtype:trojan-activity;sid:84502441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/log_ajustefos/0011/002/09-2019/20/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639342/; classtype:trojan-activity;sid:84502442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639311)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=15_5vja6ls72gnqbjqkrme1i7bmit0fe4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639311/; classtype:trojan-activity;sid:84502411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639250)"; flow:established,from_client; content:"GET"; http_method; content:"/zrrf0ise1epm2m0.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639250/; classtype:trojan-activity;sid:84502350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639248)"; flow:established,from_client; content:"GET"; http_method; content:"/pcfxfbjllyual81.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639248/; classtype:trojan-activity;sid:84502348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639226)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639226/; classtype:trojan-activity;sid:84502326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639235)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639235/; classtype:trojan-activity;sid:84502335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639218)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639218/; classtype:trojan-activity;sid:84502318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639207)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639207/; classtype:trojan-activity;sid:84502307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639208)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639208/; classtype:trojan-activity;sid:84502308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639183)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639183/; classtype:trojan-activity;sid:84502283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639194)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639194/; classtype:trojan-activity;sid:84502294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639197/; classtype:trojan-activity;sid:84502297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639204)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639204/; classtype:trojan-activity;sid:84502304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639179)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639179/; classtype:trojan-activity;sid:84502279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639163)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639163/; classtype:trojan-activity;sid:84502263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639127)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639127/; classtype:trojan-activity;sid:84502227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639129)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639129/; classtype:trojan-activity;sid:84502229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639131)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639131/; classtype:trojan-activity;sid:84502231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639135)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639135/; classtype:trojan-activity;sid:84502235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639138)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639138/; classtype:trojan-activity;sid:84502238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639152)"; flow:established,from_client; content:"GET"; http_method; content:"/unhanaaw.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639152/; classtype:trojan-activity;sid:84502252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639107)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639107/; classtype:trojan-activity;sid:84502207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639097)"; flow:established,from_client; content:"GET"; http_method; content:"/qudette/2wcwjxtg2340akf/releases/download/notmainrepo/setup.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639097/; classtype:trojan-activity;sid:84502197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639005/; classtype:trojan-activity;sid:84502105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637224)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip.100021.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637224/; classtype:trojan-activity;sid:84500324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637222)"; flow:established,from_client; content:"GET"; http_method; content:"/files/data/vcruntime140.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"51.178.30.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637222/; classtype:trojan-activity;sid:84500322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637210)"; flow:established,from_client; content:"GET"; http_method; content:"/images/bot.jpg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"atasapka.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637210/; classtype:trojan-activity;sid:84500310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23082024105108/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637189/; classtype:trojan-activity;sid:84500289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26072024113244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637188/; classtype:trojan-activity;sid:84500288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19092024115007/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637186/; classtype:trojan-activity;sid:84500286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024081607/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637187/; classtype:trojan-activity;sid:84500287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12062024095414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637185/; classtype:trojan-activity;sid:84500285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27082024072850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637184/; classtype:trojan-activity;sid:84500284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12082024064105/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637183/; classtype:trojan-activity;sid:84500283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/16082024070308/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637182/; classtype:trojan-activity;sid:84500282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/13092024072525/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637181/; classtype:trojan-activity;sid:84500281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23072024115252/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637180/; classtype:trojan-activity;sid:84500280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21072024112418/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637179/; classtype:trojan-activity;sid:84500279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/16082024104510/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637178/; classtype:trojan-activity;sid:84500278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024110540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637177/; classtype:trojan-activity;sid:84500277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024104005/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637176/; classtype:trojan-activity;sid:84500276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8343/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637175/; classtype:trojan-activity;sid:84500275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15082024173844/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637174/; classtype:trojan-activity;sid:84500274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26072024180426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637173/; classtype:trojan-activity;sid:84500273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03072024101008/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637172/; classtype:trojan-activity;sid:84500272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13082024112350/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637171/; classtype:trojan-activity;sid:84500271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26072024074431/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637170/; classtype:trojan-activity;sid:84500270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024171022/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637168/; classtype:trojan-activity;sid:84500268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/11072024080039/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637169/; classtype:trojan-activity;sid:84500269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12092024113946/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637167/; classtype:trojan-activity;sid:84500267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024115637/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637166/; classtype:trojan-activity;sid:84500266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15092024104931/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637165/; classtype:trojan-activity;sid:84500265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12072024075828/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637164/; classtype:trojan-activity;sid:84500264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11092024115504/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637163/; classtype:trojan-activity;sid:84500263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024115532/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637160/; classtype:trojan-activity;sid:84500260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024114132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637161/; classtype:trojan-activity;sid:84500261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8465/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637162/; classtype:trojan-activity;sid:84500262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25062024073012/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637159/; classtype:trojan-activity;sid:84500259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29072024110431/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637158/; classtype:trojan-activity;sid:84500258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30072024091401/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637157/; classtype:trojan-activity;sid:84500257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024124718/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637153/; classtype:trojan-activity;sid:84500253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024185433/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637154/; classtype:trojan-activity;sid:84500254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09072024110245/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637155/; classtype:trojan-activity;sid:84500255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09092024072321/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637149/; classtype:trojan-activity;sid:84500249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024180909/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637150/; classtype:trojan-activity;sid:84500250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24092024073908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637151/; classtype:trojan-activity;sid:84500251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19062024071831/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637147/; classtype:trojan-activity;sid:84500247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21092024114951/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637148/; classtype:trojan-activity;sid:84500248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30062024113348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637145/; classtype:trojan-activity;sid:84500245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024113047/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637146/; classtype:trojan-activity;sid:84500246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/04092024120154/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637144/; classtype:trojan-activity;sid:84500244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01082024110241/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637143/; classtype:trojan-activity;sid:84500243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14072024110540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637141/; classtype:trojan-activity;sid:84500241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024185045/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637142/; classtype:trojan-activity;sid:84500242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19062024103023/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637138/; classtype:trojan-activity;sid:84500238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/06092024072348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637139/; classtype:trojan-activity;sid:84500239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29072024070625/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637140/; classtype:trojan-activity;sid:84500240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18072024112759/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637137/; classtype:trojan-activity;sid:84500237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024155154/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637136/; classtype:trojan-activity;sid:84500236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18082024113426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637135/; classtype:trojan-activity;sid:84500235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024113602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637133/; classtype:trojan-activity;sid:84500233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024163408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637134/; classtype:trojan-activity;sid:84500234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10082024110351/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637130/; classtype:trojan-activity;sid:84500230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12092024181446/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637131/; classtype:trojan-activity;sid:84500231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26082024115142/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637129/; classtype:trojan-activity;sid:84500229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09092024091444/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637128/; classtype:trojan-activity;sid:84500228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23082024071038/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637127/; classtype:trojan-activity;sid:84500227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024181518/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637122/; classtype:trojan-activity;sid:84500222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05082024120940/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637123/; classtype:trojan-activity;sid:84500223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24072024112235/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637124/; classtype:trojan-activity;sid:84500224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17092024073614/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637125/; classtype:trojan-activity;sid:84500225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024122457/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637120/; classtype:trojan-activity;sid:84500220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09092024112532/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637117/; classtype:trojan-activity;sid:84500217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24062024072602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637118/; classtype:trojan-activity;sid:84500218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12092024070406/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637119/; classtype:trojan-activity;sid:84500219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024143513/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637115/; classtype:trojan-activity;sid:84500215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/21082024081755/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637116/; classtype:trojan-activity;sid:84500216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13082024120234/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637114/; classtype:trojan-activity;sid:84500214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19072024123916/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637113/; classtype:trojan-activity;sid:84500213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29082024122318/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637110/; classtype:trojan-activity;sid:84500210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/15072024080426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637111/; classtype:trojan-activity;sid:84500211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22092024115602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637112/; classtype:trojan-activity;sid:84500212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05082024125302/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637109/; classtype:trojan-activity;sid:84500209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024114842/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637107/; classtype:trojan-activity;sid:84500207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/16092024115114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637108/; classtype:trojan-activity;sid:84500208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/31072024070936/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637105/; classtype:trojan-activity;sid:84500205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17092024104334/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637106/; classtype:trojan-activity;sid:84500206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01082024072447/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637104/; classtype:trojan-activity;sid:84500204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024065930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637103/; classtype:trojan-activity;sid:84500203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01082024133101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637101/; classtype:trojan-activity;sid:84500201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02082024083649/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637099/; classtype:trojan-activity;sid:84500199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29072024182036/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637100/; classtype:trojan-activity;sid:84500200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19072024071620/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637098/; classtype:trojan-activity;sid:84500198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8029/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637096/; classtype:trojan-activity;sid:84500196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25092024150814/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637097/; classtype:trojan-activity;sid:84500197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024102505/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637092/; classtype:trojan-activity;sid:84500192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03092024131015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637093/; classtype:trojan-activity;sid:84500193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/15072024084956/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637094/; classtype:trojan-activity;sid:84500194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25062024105808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637090/; classtype:trojan-activity;sid:84500190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/04092024072725/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637091/; classtype:trojan-activity;sid:84500191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20062024112748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637089/; classtype:trojan-activity;sid:84500189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17072024103622/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637087/; classtype:trojan-activity;sid:84500187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/16082024121016/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637088/; classtype:trojan-activity;sid:84500188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24092024103551/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637085/; classtype:trojan-activity;sid:84500185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/15072024080017/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637086/; classtype:trojan-activity;sid:84500186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024081535/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637082/; classtype:trojan-activity;sid:84500182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26072024111342/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637083/; classtype:trojan-activity;sid:84500183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024125904/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637084/; classtype:trojan-activity;sid:84500184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637081)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/tek/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637081/; classtype:trojan-activity;sid:84500181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/11092024075310/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637080/; classtype:trojan-activity;sid:84500180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/24072024121144/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637076/; classtype:trojan-activity;sid:84500176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637077)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/badmail/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637077/; classtype:trojan-activity;sid:84500177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/06082024080109/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637078/; classtype:trojan-activity;sid:84500178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12072024072413/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637079/; classtype:trojan-activity;sid:84500179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08082024071151/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637073/; classtype:trojan-activity;sid:84500173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03092024073559/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637074/; classtype:trojan-activity;sid:84500174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8336/18072024083258/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637070/; classtype:trojan-activity;sid:84500170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024084736/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637069/; classtype:trojan-activity;sid:84500169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08082024072046/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637067/; classtype:trojan-activity;sid:84500167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08072024110224/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637068/; classtype:trojan-activity;sid:84500168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02092024075924/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637065/; classtype:trojan-activity;sid:84500165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/30082024115734/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637064/; classtype:trojan-activity;sid:84500164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23072024075958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637062/; classtype:trojan-activity;sid:84500162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27082024173545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637063/; classtype:trojan-activity;sid:84500163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/06092024074954/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637060/; classtype:trojan-activity;sid:84500160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24082024112958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637056/; classtype:trojan-activity;sid:84500156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024180827/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637057/; classtype:trojan-activity;sid:84500157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05092024073851/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637058/; classtype:trojan-activity;sid:84500158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05092024175914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637055/; classtype:trojan-activity;sid:84500155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024181015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637054/; classtype:trojan-activity;sid:84500154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09082024151247/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637053/; classtype:trojan-activity;sid:84500153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024135901/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637052/; classtype:trojan-activity;sid:84500152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/04072024073930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637050/; classtype:trojan-activity;sid:84500150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27072024111013/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637051/; classtype:trojan-activity;sid:84500151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28092024110908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637047/; classtype:trojan-activity;sid:84500147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/17062024124213/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637048/; classtype:trojan-activity;sid:84500148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21062024074659/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637049/; classtype:trojan-activity;sid:84500149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06082024071203/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637046/; classtype:trojan-activity;sid:84500146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024163133/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637044/; classtype:trojan-activity;sid:84500144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25092024084516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637045/; classtype:trojan-activity;sid:84500145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01082024134811/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637042/; classtype:trojan-activity;sid:84500142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8336/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637037/; classtype:trojan-activity;sid:84500137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26062024074615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637038/; classtype:trojan-activity;sid:84500138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20072024103050/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637039/; classtype:trojan-activity;sid:84500139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02072024072748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637040/; classtype:trojan-activity;sid:84500140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17092024073317/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637041/; classtype:trojan-activity;sid:84500141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024124018/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637036/; classtype:trojan-activity;sid:84500136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/27092024120719/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637034/; classtype:trojan-activity;sid:84500134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29062024115106/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637032/; classtype:trojan-activity;sid:84500132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02092024121943/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637030/; classtype:trojan-activity;sid:84500130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06092024173040/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637029/; classtype:trojan-activity;sid:84500129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17072024080628/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637026/; classtype:trojan-activity;sid:84500126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13082024144908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637027/; classtype:trojan-activity;sid:84500127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14092024112531/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637028/; classtype:trojan-activity;sid:84500128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29082024110733/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637025/; classtype:trojan-activity;sid:84500125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024161738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637024/; classtype:trojan-activity;sid:84500124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25062024074726/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637021/; classtype:trojan-activity;sid:84500121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02102024124124/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637022/; classtype:trojan-activity;sid:84500122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01082024124212/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637023/; classtype:trojan-activity;sid:84500123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29072024170139/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637020/; classtype:trojan-activity;sid:84500120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024090633/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637015/; classtype:trojan-activity;sid:84500115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12082024111719/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637017/; classtype:trojan-activity;sid:84500117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/13062024073315/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637019/; classtype:trojan-activity;sid:84500119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26092024073319/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637011/; classtype:trojan-activity;sid:84500111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/03072024075801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637012/; classtype:trojan-activity;sid:84500112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13092024065731/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637013/; classtype:trojan-activity;sid:84500113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02092024155414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637014/; classtype:trojan-activity;sid:84500114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29062024131718/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637007/; classtype:trojan-activity;sid:84500107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024163711/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637008/; classtype:trojan-activity;sid:84500108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27062024115812/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637009/; classtype:trojan-activity;sid:84500109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07072024113310/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637010/; classtype:trojan-activity;sid:84500110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26082024175225/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637005/; classtype:trojan-activity;sid:84500105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06092024112226/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637002/; classtype:trojan-activity;sid:84500102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/14062024181140/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637003/; classtype:trojan-activity;sid:84500103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15092024163914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637004/; classtype:trojan-activity;sid:84500104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12082024111034/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636999/; classtype:trojan-activity;sid:84500099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19062024111300/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637000/; classtype:trojan-activity;sid:84500100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/02092024070516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637001/; classtype:trojan-activity;sid:84500101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15062024120757/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636997/; classtype:trojan-activity;sid:84500097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/07082024074934/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636996/; classtype:trojan-activity;sid:84500096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636993)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/drop/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636993/; classtype:trojan-activity;sid:84500093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024172104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636994/; classtype:trojan-activity;sid:84500094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23072024072015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636995/; classtype:trojan-activity;sid:84500095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18082024174028/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636992/; classtype:trojan-activity;sid:84500092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/10072024072615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636991/; classtype:trojan-activity;sid:84500091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03102024140347/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636990/; classtype:trojan-activity;sid:84500090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/29072024094428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636987/; classtype:trojan-activity;sid:84500087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024114220/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636988/; classtype:trojan-activity;sid:84500088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/19072024081323/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636986/; classtype:trojan-activity;sid:84500086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/08082024072411/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636985/; classtype:trojan-activity;sid:84500085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024072722/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636982/; classtype:trojan-activity;sid:84500082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17062024075813/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636978/; classtype:trojan-activity;sid:84500078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024071101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636979/; classtype:trojan-activity;sid:84500079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18092024104929/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636980/; classtype:trojan-activity;sid:84500080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8051/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636975/; classtype:trojan-activity;sid:84500075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024144032/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636976/; classtype:trojan-activity;sid:84500076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26082024121258/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636977/; classtype:trojan-activity;sid:84500077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27082024111920/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636967/; classtype:trojan-activity;sid:84500067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024121015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636968/; classtype:trojan-activity;sid:84500068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024175843/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636969/; classtype:trojan-activity;sid:84500069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/18062024121810/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636970/; classtype:trojan-activity;sid:84500070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12072024130606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636971/; classtype:trojan-activity;sid:84500071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16062024115815/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636972/; classtype:trojan-activity;sid:84500072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024164829/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636973/; classtype:trojan-activity;sid:84500073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02092024071944/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636965/; classtype:trojan-activity;sid:84500065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024103900/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636966/; classtype:trojan-activity;sid:84500066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23072024130857/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636964/; classtype:trojan-activity;sid:84500064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06092024071949/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636963/; classtype:trojan-activity;sid:84500063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17062024111134/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636957/; classtype:trojan-activity;sid:84500057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12082024174415/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636958/; classtype:trojan-activity;sid:84500058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02082024073257/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636959/; classtype:trojan-activity;sid:84500059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03092024120537/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636960/; classtype:trojan-activity;sid:84500060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01072024102122/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636961/; classtype:trojan-activity;sid:84500061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27072024112004/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636962/; classtype:trojan-activity;sid:84500062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09072024071533/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636956/; classtype:trojan-activity;sid:84500056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024070804/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636955/; classtype:trojan-activity;sid:84500055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024115442/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636954/; classtype:trojan-activity;sid:84500054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636953/; classtype:trojan-activity;sid:84500053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17072024080732/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636948/; classtype:trojan-activity;sid:84500048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19082024080051/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636949/; classtype:trojan-activity;sid:84500049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024111159/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636950/; classtype:trojan-activity;sid:84500050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28072024115238/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636951/; classtype:trojan-activity;sid:84500051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/07082024070516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636947/; classtype:trojan-activity;sid:84500047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024175546/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636946/; classtype:trojan-activity;sid:84500046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024103203/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636945/; classtype:trojan-activity;sid:84500045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31082024165207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636942/; classtype:trojan-activity;sid:84500042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11062024093514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636943/; classtype:trojan-activity;sid:84500043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/06092024114755/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636944/; classtype:trojan-activity;sid:84500044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27092024123259/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636940/; classtype:trojan-activity;sid:84500040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23092024073238/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636941/; classtype:trojan-activity;sid:84500041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13072024115545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636937/; classtype:trojan-activity;sid:84500037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29072024104316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636936/; classtype:trojan-activity;sid:84500036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13072024115848/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636935/; classtype:trojan-activity;sid:84500035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024071414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636934/; classtype:trojan-activity;sid:84500034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16092024105926/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636933/; classtype:trojan-activity;sid:84500033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024174605/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636932/; classtype:trojan-activity;sid:84500032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024174233/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636931/; classtype:trojan-activity;sid:84500031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23072024081312/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636927/; classtype:trojan-activity;sid:84500027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02102024072353/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636928/; classtype:trojan-activity;sid:84500028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024174750/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636929/; classtype:trojan-activity;sid:84500029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8325/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636930/; classtype:trojan-activity;sid:84500030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8336/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636925/; classtype:trojan-activity;sid:84500025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/19062024070824/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636926/; classtype:trojan-activity;sid:84500026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/22082024121329/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636920/; classtype:trojan-activity;sid:84500020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26062024155216/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636921/; classtype:trojan-activity;sid:84500021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/24092024120511/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636922/; classtype:trojan-activity;sid:84500022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16062024180613/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636923/; classtype:trojan-activity;sid:84500023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07072024165922/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636919/; classtype:trojan-activity;sid:84500019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024114239/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636918/; classtype:trojan-activity;sid:84500018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024112036/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636917/; classtype:trojan-activity;sid:84500017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8318/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636916/; classtype:trojan-activity;sid:84500016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31082024110606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636913/; classtype:trojan-activity;sid:84500013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024112609/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636914/; classtype:trojan-activity;sid:84500014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02072024115435/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636910/; classtype:trojan-activity;sid:84500010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024122439/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636909/; classtype:trojan-activity;sid:84500009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/14062024123830/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636906/; classtype:trojan-activity;sid:84500006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636908)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17062024180043/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636908/; classtype:trojan-activity;sid:84500008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28072024115112/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636905/; classtype:trojan-activity;sid:84500005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024090731/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636904/; classtype:trojan-activity;sid:84500004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23092024113222/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636902/; classtype:trojan-activity;sid:84500002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/03072024113724/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636900/; classtype:trojan-activity;sid:84500000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024134516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636899/; classtype:trojan-activity;sid:84499999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8334/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636897/; classtype:trojan-activity;sid:84499997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024114317/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636894/; classtype:trojan-activity;sid:84499994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024151745/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636895/; classtype:trojan-activity;sid:84499995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19072024124237/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636893/; classtype:trojan-activity;sid:84499993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29082024170717/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636892/; classtype:trojan-activity;sid:84499992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/08072024075903/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636883/; classtype:trojan-activity;sid:84499983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8325/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636884/; classtype:trojan-activity;sid:84499984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15062024114520/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636885/; classtype:trojan-activity;sid:84499985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024153227/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636886/; classtype:trojan-activity;sid:84499986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/14082024075957/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636887/; classtype:trojan-activity;sid:84499987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26082024070716/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636888/; classtype:trojan-activity;sid:84499988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21062024072959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636890/; classtype:trojan-activity;sid:84499990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/13062024155232/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636882/; classtype:trojan-activity;sid:84499982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024111126/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636881/; classtype:trojan-activity;sid:84499981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/04072024125301/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636880/; classtype:trojan-activity;sid:84499980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024113244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636876/; classtype:trojan-activity;sid:84499976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04092024091820/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636877/; classtype:trojan-activity;sid:84499977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024125032/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636878/; classtype:trojan-activity;sid:84499978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30072024114118/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636872/; classtype:trojan-activity;sid:84499972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024083850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636873/; classtype:trojan-activity;sid:84499973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17062024072104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636874/; classtype:trojan-activity;sid:84499974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024125710/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636875/; classtype:trojan-activity;sid:84499975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03072024103601/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636871/; classtype:trojan-activity;sid:84499971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12082024120632/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636869/; classtype:trojan-activity;sid:84499969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636863/; classtype:trojan-activity;sid:84499963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11072024071932/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636864/; classtype:trojan-activity;sid:84499964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024143228/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636865/; classtype:trojan-activity;sid:84499965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27092024124432/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636866/; classtype:trojan-activity;sid:84499966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024175244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636867/; classtype:trojan-activity;sid:84499967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13062024070655/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636868/; classtype:trojan-activity;sid:84499968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14062024072833/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636862/; classtype:trojan-activity;sid:84499962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25092024120601/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636859/; classtype:trojan-activity;sid:84499959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024115123/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636860/; classtype:trojan-activity;sid:84499960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05072024071033/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636855/; classtype:trojan-activity;sid:84499955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04102024094250/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636856/; classtype:trojan-activity;sid:84499956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/01082024101244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636857/; classtype:trojan-activity;sid:84499957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024091538/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636850/; classtype:trojan-activity;sid:84499950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05082024114357/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636851/; classtype:trojan-activity;sid:84499951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/10092024070313/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636852/; classtype:trojan-activity;sid:84499952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23092024123854/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636853/; classtype:trojan-activity;sid:84499953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22082024112941/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636854/; classtype:trojan-activity;sid:84499954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/08072024113918/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636849/; classtype:trojan-activity;sid:84499949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8326/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636847/; classtype:trojan-activity;sid:84499947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11072024110808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636843/; classtype:trojan-activity;sid:84499943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06072024112721/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636845/; classtype:trojan-activity;sid:84499945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8326/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636846/; classtype:trojan-activity;sid:84499946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024151521/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636839/; classtype:trojan-activity;sid:84499939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024120102/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636840/; classtype:trojan-activity;sid:84499940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024115226/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636842/; classtype:trojan-activity;sid:84499942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08072024070547/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636836/; classtype:trojan-activity;sid:84499936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26092024103307/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636837/; classtype:trojan-activity;sid:84499937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024134639/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636835/; classtype:trojan-activity;sid:84499935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29072024120914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636833/; classtype:trojan-activity;sid:84499933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024104834/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636834/; classtype:trojan-activity;sid:84499934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/01072024095738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636826/; classtype:trojan-activity;sid:84499926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10072024073020/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636827/; classtype:trojan-activity;sid:84499927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13082024065051/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636828/; classtype:trojan-activity;sid:84499928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23092024074730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636829/; classtype:trojan-activity;sid:84499929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05092024071139/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636830/; classtype:trojan-activity;sid:84499930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024143423/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636831/; classtype:trojan-activity;sid:84499931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01072024073548/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636832/; classtype:trojan-activity;sid:84499932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/16092024075132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636825/; classtype:trojan-activity;sid:84499925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28062024112249/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636824/; classtype:trojan-activity;sid:84499924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/18072024080738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636823/; classtype:trojan-activity;sid:84499923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06102024112545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636816/; classtype:trojan-activity;sid:84499916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024181057/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636817/; classtype:trojan-activity;sid:84499917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02072024073145/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636818/; classtype:trojan-activity;sid:84499918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/21062024070935/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636819/; classtype:trojan-activity;sid:84499919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/06082024120113/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636820/; classtype:trojan-activity;sid:84499920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27062024081736/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636821/; classtype:trojan-activity;sid:84499921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29082024071803/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636822/; classtype:trojan-activity;sid:84499922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24062024113513/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636815/; classtype:trojan-activity;sid:84499915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25072024071606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636814/; classtype:trojan-activity;sid:84499914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12062024085922/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636812/; classtype:trojan-activity;sid:84499912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03092024152101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636813/; classtype:trojan-activity;sid:84499913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/08072024113231/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636811/; classtype:trojan-activity;sid:84499911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024130114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636806/; classtype:trojan-activity;sid:84499906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024114959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636807/; classtype:trojan-activity;sid:84499907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636809)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/20082024121600/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636809/; classtype:trojan-activity;sid:84499909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26092024115544/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636810/; classtype:trojan-activity;sid:84499910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/28082024070417/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636803/; classtype:trojan-activity;sid:84499903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024143113/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636804/; classtype:trojan-activity;sid:84499904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636800)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13092024071052/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636800/; classtype:trojan-activity;sid:84499900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10062024180136/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636801/; classtype:trojan-activity;sid:84499901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024175356/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636802/; classtype:trojan-activity;sid:84499902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27082024070328/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636799/; classtype:trojan-activity;sid:84499899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8050/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636798/; classtype:trojan-activity;sid:84499898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636795)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18062024071837/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636795/; classtype:trojan-activity;sid:84499895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/18072024120409/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636796/; classtype:trojan-activity;sid:84499896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30082024111343/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636797/; classtype:trojan-activity;sid:84499897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/21082024112544/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636794/; classtype:trojan-activity;sid:84499894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19072024111357/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636791/; classtype:trojan-activity;sid:84499891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11062024175200/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636784/; classtype:trojan-activity;sid:84499884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/30072024115935/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636785/; classtype:trojan-activity;sid:84499885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02092024114819/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636786/; classtype:trojan-activity;sid:84499886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30072024070959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636788/; classtype:trojan-activity;sid:84499888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05092024120909/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636789/; classtype:trojan-activity;sid:84499889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05072024112530/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636790/; classtype:trojan-activity;sid:84499890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024115132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636783/; classtype:trojan-activity;sid:84499883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10092024114316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636782/; classtype:trojan-activity;sid:84499882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15082024113136/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636781/; classtype:trojan-activity;sid:84499881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04072024170824/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636779/; classtype:trojan-activity;sid:84499879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23072024135746/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636780/; classtype:trojan-activity;sid:84499880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024115515/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636777/; classtype:trojan-activity;sid:84499877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12072024115926/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636778/; classtype:trojan-activity;sid:84499878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024082013/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636775/; classtype:trojan-activity;sid:84499875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10072024110114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636776/; classtype:trojan-activity;sid:84499876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17072024071919/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636773/; classtype:trojan-activity;sid:84499873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19082024070444/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636771/; classtype:trojan-activity;sid:84499871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024104419/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636772/; classtype:trojan-activity;sid:84499872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06082024070754/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636770/; classtype:trojan-activity;sid:84499870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12092024074514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636769/; classtype:trojan-activity;sid:84499869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/23072024073428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636768/; classtype:trojan-activity;sid:84499868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16082024110029/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636767/; classtype:trojan-activity;sid:84499867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/30072024075615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636766/; classtype:trojan-activity;sid:84499866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24082024173603/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636764/; classtype:trojan-activity;sid:84499864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27092024072930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636763/; classtype:trojan-activity;sid:84499863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/14092024070825/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636761/; classtype:trojan-activity;sid:84499861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10082024105405/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636762/; classtype:trojan-activity;sid:84499862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/31072024120304/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636760/; classtype:trojan-activity;sid:84499860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16082024171045/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636759/; classtype:trojan-activity;sid:84499859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19062024083204/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636757/; classtype:trojan-activity;sid:84499857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024175202/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636758/; classtype:trojan-activity;sid:84499858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/6011/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636756/; classtype:trojan-activity;sid:84499856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09082024071028/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636754/; classtype:trojan-activity;sid:84499854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636753)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/bkp/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636753/; classtype:trojan-activity;sid:84499853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11062024074638/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636752/; classtype:trojan-activity;sid:84499852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8318/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636751/; classtype:trojan-activity;sid:84499851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024071328/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636750/; classtype:trojan-activity;sid:84499850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17082024111540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636749/; classtype:trojan-activity;sid:84499849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25072024111710/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636748/; classtype:trojan-activity;sid:84499848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024125639/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636746/; classtype:trojan-activity;sid:84499846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26062024072316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636745/; classtype:trojan-activity;sid:84499845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024152842/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636744/; classtype:trojan-activity;sid:84499844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/03092024065611/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636743/; classtype:trojan-activity;sid:84499843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/20082024074454/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636742/; classtype:trojan-activity;sid:84499842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14062024182506/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636741/; classtype:trojan-activity;sid:84499841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/28062024162227/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636740/; classtype:trojan-activity;sid:84499840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25082024112344/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636739/; classtype:trojan-activity;sid:84499839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05102024112225/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636736/; classtype:trojan-activity;sid:84499836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22072024112228/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636737/; classtype:trojan-activity;sid:84499837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024123948/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636735/; classtype:trojan-activity;sid:84499835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636733/; classtype:trojan-activity;sid:84499833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/21082024065715/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636734/; classtype:trojan-activity;sid:84499834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024163507/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636728/; classtype:trojan-activity;sid:84499828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05092024111850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636729/; classtype:trojan-activity;sid:84499829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24072024112124/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636730/; classtype:trojan-activity;sid:84499830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636731)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/pickup/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636731/; classtype:trojan-activity;sid:84499831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09072024072801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636732/; classtype:trojan-activity;sid:84499832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30082024070843/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636727/; classtype:trojan-activity;sid:84499827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15072024111306/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636723/; classtype:trojan-activity;sid:84499823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24072024072622/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636724/; classtype:trojan-activity;sid:84499824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23082024120742/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636726/; classtype:trojan-activity;sid:84499826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024121001/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636721/; classtype:trojan-activity;sid:84499821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14092024162753/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636722/; classtype:trojan-activity;sid:84499822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024130538/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636719/; classtype:trojan-activity;sid:84499819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01102024075913/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636720/; classtype:trojan-activity;sid:84499820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31072024110649/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636717/; classtype:trojan-activity;sid:84499817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24092024074236/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636718/; classtype:trojan-activity;sid:84499818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26092024073810/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636715/; classtype:trojan-activity;sid:84499815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19062024073721/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636716/; classtype:trojan-activity;sid:84499816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/03102024114713/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636714/; classtype:trojan-activity;sid:84499814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/27062024134606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636708/; classtype:trojan-activity;sid:84499808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25092024074358/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636709/; classtype:trojan-activity;sid:84499809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636710/; classtype:trojan-activity;sid:84499810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12092024065636/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636711/; classtype:trojan-activity;sid:84499811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024113359/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636712/; classtype:trojan-activity;sid:84499812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14082024102908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636713/; classtype:trojan-activity;sid:84499813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27062024074304/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636705/; classtype:trojan-activity;sid:84499805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20092024114457/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636706/; classtype:trojan-activity;sid:84499806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636707)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/idi/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636707/; classtype:trojan-activity;sid:84499807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05072024105131/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636703/; classtype:trojan-activity;sid:84499803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11062024123414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636704/; classtype:trojan-activity;sid:84499804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12062024122748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636698/; classtype:trojan-activity;sid:84499798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636699/; classtype:trojan-activity;sid:84499799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22082024180206/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636693/; classtype:trojan-activity;sid:84499793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024172514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636694/; classtype:trojan-activity;sid:84499794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024070343/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636695/; classtype:trojan-activity;sid:84499795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27092024125844/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636696/; classtype:trojan-activity;sid:84499796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/01082024070127/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636697/; classtype:trojan-activity;sid:84499797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/30092024073115/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636685/; classtype:trojan-activity;sid:84499785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04102024114428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636686/; classtype:trojan-activity;sid:84499786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17072024162506/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636687/; classtype:trojan-activity;sid:84499787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17072024112121/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636688/; classtype:trojan-activity;sid:84499788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13062024123930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636689/; classtype:trojan-activity;sid:84499789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024114833/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636690/; classtype:trojan-activity;sid:84499790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22072024071046/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636691/; classtype:trojan-activity;sid:84499791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/21082024074934/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636692/; classtype:trojan-activity;sid:84499792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12072024073215/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636683/; classtype:trojan-activity;sid:84499783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024113341/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636684/; classtype:trojan-activity;sid:84499784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/09092024080429/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636681/; classtype:trojan-activity;sid:84499781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8342/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636682/; classtype:trojan-activity;sid:84499782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/16092024071437/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636678/; classtype:trojan-activity;sid:84499778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11092024070152/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636679/; classtype:trojan-activity;sid:84499779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19072024082257/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636676/; classtype:trojan-activity;sid:84499776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02092024173539/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636666/; classtype:trojan-activity;sid:84499766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14062024074014/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636667/; classtype:trojan-activity;sid:84499767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636668)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/queue/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636668/; classtype:trojan-activity;sid:84499768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13082024112311/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636669/; classtype:trojan-activity;sid:84499769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23072024112852/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636670/; classtype:trojan-activity;sid:84499770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024094613/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636671/; classtype:trojan-activity;sid:84499771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19082024113816/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636672/; classtype:trojan-activity;sid:84499772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02082024121949/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636674/; classtype:trojan-activity;sid:84499774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10092024185923/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636675/; classtype:trojan-activity;sid:84499775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024130440/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636662/; classtype:trojan-activity;sid:84499762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8336/05072024082450/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636663/; classtype:trojan-activity;sid:84499763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09092024181236/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636664/; classtype:trojan-activity;sid:84499764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024150907/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636665/; classtype:trojan-activity;sid:84499765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22082024114017/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636656/; classtype:trojan-activity;sid:84499756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14082024065337/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636657/; classtype:trojan-activity;sid:84499757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8059/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636658/; classtype:trojan-activity;sid:84499758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024154958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636659/; classtype:trojan-activity;sid:84499759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24062024075130/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636660/; classtype:trojan-activity;sid:84499760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024070807/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636654/; classtype:trojan-activity;sid:84499754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.230.40.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636604/; classtype:trojan-activity;sid:84499704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636585)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.98.68"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636585/; classtype:trojan-activity;sid:84499685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636496/; classtype:trojan-activity;sid:84499596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636474/; classtype:trojan-activity;sid:84499574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.26.210.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636408/; classtype:trojan-activity;sid:84499508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.26.210.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636356/; classtype:trojan-activity;sid:84499456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636195)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-3/m2-100125/main/ud.png"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636195/; classtype:trojan-activity;sid:84499295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636191)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-3/9325-pd/main/ud.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636191/; classtype:trojan-activity;sid:84499291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636185)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-3/9325-m1/main/ud.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636185/; classtype:trojan-activity;sid:84499285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636186)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/94fae7_2c7a859032924ae0aa0e819669ae9f3f.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"94fae730-597f-4442-813c-86263972a8f0.usrfiles.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636186/; classtype:trojan-activity;sid:84499286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636161)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/d/main/pd-92725.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636161/; classtype:trojan-activity;sid:84499261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636159)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/d/raw/main/pd-92725.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636159/; classtype:trojan-activity;sid:84499259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636155)"; flow:established,from_client; content:"GET"; http_method; content:"/mh1-m1/pd/main/mh1-pd-92725.png"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636155/; classtype:trojan-activity;sid:84499255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636156)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-pudam/main/u-p.png"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636156/; classtype:trojan-activity;sid:84499256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636151)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-mrw/f096dbcbef9efb4ac45d4b7171898fbc1a4d5d38/ud.png"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636151/; classtype:trojan-activity;sid:84499251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636152)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/u-mrw-1/feeddc44327a3d7f5328ebad35ebe132d0e18f92/ud.png"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636152/; classtype:trojan-activity;sid:84499252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636153)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-pudam/a4916b0dfc5588abf04daa866fddc42054a11368/ud.png"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636153/; classtype:trojan-activity;sid:84499253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636147)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-pudam/66bcf33bad15036f44df9c2ca7808a5de38435a5/u-p.png"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636147/; classtype:trojan-activity;sid:84499247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636141)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/1/296b891ef5d15bc30620bcccb0660d36d3d0a0f9/ud.png"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636141/; classtype:trojan-activity;sid:84499241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635944/; classtype:trojan-activity;sid:84499044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635869)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2fpesky%20(5).txt|3f|alt=media|7c|26|7c|token=7e30d39e-c339-4bf9-82f6-84ca73f9407b"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635869/; classtype:trojan-activity;sid:84498969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635868)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2fdllsky%20(1).txt|3f|alt=media|7c|26|7c|token=534a43d1-25fa-4b07-9351-33997cb48df4"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635868/; classtype:trojan-activity;sid:84498968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635840)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.197.122.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635840/; classtype:trojan-activity;sid:84498940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635764)"; flow:established,from_client; content:"GET"; http_method; content:"/h5zdznmktsuin1f.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635764/; classtype:trojan-activity;sid:84498864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635763)"; flow:established,from_client; content:"GET"; http_method; content:"/3nxw7k1naozhquf.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635763/; classtype:trojan-activity;sid:84498863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635467)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano/image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ybgctdtbzvgpdxjivafy.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635467/; classtype:trojan-activity;sid:84498567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635397)"; flow:established,from_client; content:"GET"; http_method; content:"/newdef/random.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635397/; classtype:trojan-activity;sid:84498497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635162)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsshell"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635162/; classtype:trojan-activity;sid:84498262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635163)"; flow:established,from_client; content:"GET"; http_method; content:"/mpslshell"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635163/; classtype:trojan-activity;sid:84498263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635161)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635161/; classtype:trojan-activity;sid:84498261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.126.240.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634846/; classtype:trojan-activity;sid:84497946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634693)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.235.116.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634693/; classtype:trojan-activity;sid:84497793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634292)"; flow:established,from_client; content:"GET"; http_method; content:"/ziobigiu84/site/raw/refs/heads/main/launcher.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634292/; classtype:trojan-activity;sid:84497392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634172)"; flow:established,from_client; content:"GET"; http_method; content:"/gmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634172/; classtype:trojan-activity;sid:84497272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634101)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.228.81.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634101/; classtype:trojan-activity;sid:84497201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634099)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634099/; classtype:trojan-activity;sid:84497199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634067)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.164.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634067/; classtype:trojan-activity;sid:84497167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.55.196.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3634053/; classtype:trojan-activity;sid:84497153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633720)"; flow:established,from_client; content:"GET"; http_method; content:"/pryut9ggg7vybdlt_encoded.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633720/; classtype:trojan-activity;sid:84496820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633718)"; flow:established,from_client; content:"GET"; http_method; content:"/client_encoded.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633718/; classtype:trojan-activity;sid:84496818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633712)"; flow:established,from_client; content:"GET"; http_method; content:"/001/items.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"110.40.199.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_28; reference:url, urlhaus.abuse.ch/url/3633712/; classtype:trojan-activity;sid:84496812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.112.126.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633174/; classtype:trojan-activity;sid:84496274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633158)"; flow:established,from_client; content:"GET"; http_method; content:"/powercat.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"117.72.214.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633158/; classtype:trojan-activity;sid:84496258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633151)"; flow:established,from_client; content:"GET"; http_method; content:"/tuzo690lxztymz8w_encoded.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633151/; classtype:trojan-activity;sid:84496251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633150)"; flow:established,from_client; content:"GET"; http_method; content:"/system.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633150/; classtype:trojan-activity;sid:84496250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633149)"; flow:established,from_client; content:"GET"; http_method; content:"/2_encoded.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633149/; classtype:trojan-activity;sid:84496249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633148)"; flow:established,from_client; content:"GET"; http_method; content:"/system.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633148/; classtype:trojan-activity;sid:84496248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633144)"; flow:established,from_client; content:"GET"; http_method; content:"/irs_audit_requirements.bat"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633144/; classtype:trojan-activity;sid:84496244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633145)"; flow:established,from_client; content:"GET"; http_method; content:"/system.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633145/; classtype:trojan-activity;sid:84496245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633146)"; flow:established,from_client; content:"GET"; http_method; content:"/opymoqhl2s5q9dru_encoded.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633146/; classtype:trojan-activity;sid:84496246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633147)"; flow:established,from_client; content:"GET"; http_method; content:"/cyanidation.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.11.64.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633147/; classtype:trojan-activity;sid:84496247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633030)"; flow:established,from_client; content:"GET"; http_method; content:"/config.json"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.204.214.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633030/; classtype:trojan-activity;sid:84496130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632934)"; flow:established,from_client; content:"GET"; http_method; content:"/evonpredictor/evon-excuter/releases/download/v1.0.1/evonexcuter.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632934/; classtype:trojan-activity;sid:84496034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632926)"; flow:established,from_client; content:"GET"; http_method; content:"/lusstepx/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632926/; classtype:trojan-activity;sid:84496026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632903)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/bocavenue.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"versaclean.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632903/; classtype:trojan-activity;sid:84496003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632883)"; flow:established,from_client; content:"GET"; http_method; content:"/minki166/vente-spoofer-and-cheats-base/raw/refs/heads/main/anubing/vente-spoofer-and-cheats-base.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632883/; classtype:trojan-activity;sid:84495983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.149.206.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632821/; classtype:trojan-activity;sid:84495921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.206.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632802/; classtype:trojan-activity;sid:84495902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632299)"; flow:established,from_client; content:"GET"; http_method; content:"/ske1et2/telegrams-best-scrapper/raw/refs/heads/main/slouchy/telegrams-best-scrapper.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632299/; classtype:trojan-activity;sid:84495399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.81.223.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631959/; classtype:trojan-activity;sid:84495059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631856)"; flow:established,from_client; content:"GET"; http_method; content:"/d88nzn5yhehmocs.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631856/; classtype:trojan-activity;sid:84494956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631855)"; flow:established,from_client; content:"GET"; http_method; content:"/xpqeeqububaya8g.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631855/; classtype:trojan-activity;sid:84494955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631854)"; flow:established,from_client; content:"GET"; http_method; content:"/cakq8mkaahzyegl.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631854/; classtype:trojan-activity;sid:84494954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631849)"; flow:established,from_client; content:"GET"; http_method; content:"/ieykxpnuh9r9m17.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631849/; classtype:trojan-activity;sid:84494949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631825)"; flow:established,from_client; content:"GET"; http_method; content:"/renewable.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"86.54.24.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631825/; classtype:trojan-activity;sid:84494925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631737)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"93.152.230.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631737/; classtype:trojan-activity;sid:84494837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631646)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/n0t5lax.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631646/; classtype:trojan-activity;sid:84494746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631593)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/installer.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631593/; classtype:trojan-activity;sid:84494693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631583)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/tlp.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631583/; classtype:trojan-activity;sid:84494683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631573)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol11.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631573/; classtype:trojan-activity;sid:84494673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631574)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/1488.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631574/; classtype:trojan-activity;sid:84494674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631575)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/1210.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631575/; classtype:trojan-activity;sid:84494675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631555)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631555/; classtype:trojan-activity;sid:84494655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631554)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/bsg.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631554/; classtype:trojan-activity;sid:84494654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631545)"; flow:established,from_client; content:"GET"; http_method; content:"/down/run.bat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.94.31.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631545/; classtype:trojan-activity;sid:84494645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.48.13.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631250/; classtype:trojan-activity;sid:84494350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631233)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.95.148.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631233/; classtype:trojan-activity;sid:84494333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630972)"; flow:established,from_client; content:"GET"; http_method; content:"/vidar/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3630972/; classtype:trojan-activity;sid:84494072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630546)"; flow:established,from_client; content:"GET"; http_method; content:"/shaerrlys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630546/; classtype:trojan-activity;sid:84493646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630505)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"170.106.110.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630505/; classtype:trojan-activity;sid:84493605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630503)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"122.51.46.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630503/; classtype:trojan-activity;sid:84493603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.6.141.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630487/; classtype:trojan-activity;sid:84493587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.134.212.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630498/; classtype:trojan-activity;sid:84493598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630427)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rdx/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.35.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630427/; classtype:trojan-activity;sid:84493527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630421)"; flow:established,from_client; content:"GET"; http_method; content:"/vidar/random.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.154.35.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630421/; classtype:trojan-activity;sid:84493521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630420)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fate/random.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.154.35.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630420/; classtype:trojan-activity;sid:84493520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.200.87.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630393/; classtype:trojan-activity;sid:84493493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630368)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.204.214.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630368/; classtype:trojan-activity;sid:84493468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630366)"; flow:established,from_client; content:"GET"; http_method; content:"/server.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.204.214.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630366/; classtype:trojan-activity;sid:84493466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630311)"; flow:established,from_client; content:"GET"; http_method; content:"/gamebeta.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"119.29.162.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630311/; classtype:trojan-activity;sid:84493411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630309)"; flow:established,from_client; content:"GET"; http_method; content:"/dbghelp.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"119.29.162.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630309/; classtype:trojan-activity;sid:84493409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630307)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%96%b0%e5%bb%ba%e6%96%87%e4%bb%b6%e5%a4%b9/buding501/dbghelp.dll"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"103.40.13.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630307/; classtype:trojan-activity;sid:84493407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630263)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/139assicc.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.205.253.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630263/; classtype:trojan-activity;sid:84493363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630235)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630235/; classtype:trojan-activity;sid:84493335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630236)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630236/; classtype:trojan-activity;sid:84493336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630232)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630232/; classtype:trojan-activity;sid:84493332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630233)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630233/; classtype:trojan-activity;sid:84493333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630234)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630234/; classtype:trojan-activity;sid:84493334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630230)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630230/; classtype:trojan-activity;sid:84493330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630231)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630231/; classtype:trojan-activity;sid:84493331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630229)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630229/; classtype:trojan-activity;sid:84493329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630227)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630227/; classtype:trojan-activity;sid:84493327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630228)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630228/; classtype:trojan-activity;sid:84493328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630223)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630223/; classtype:trojan-activity;sid:84493323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630224)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630224/; classtype:trojan-activity;sid:84493324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630225)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630225/; classtype:trojan-activity;sid:84493325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630226)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630226/; classtype:trojan-activity;sid:84493326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630222)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"uraniumc2.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630222/; classtype:trojan-activity;sid:84493322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629863)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629863/; classtype:trojan-activity;sid:84492963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629864)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629864/; classtype:trojan-activity;sid:84492964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629842)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629842/; classtype:trojan-activity;sid:84492942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629843)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629843/; classtype:trojan-activity;sid:84492943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629844)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629844/; classtype:trojan-activity;sid:84492944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629845)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629845/; classtype:trojan-activity;sid:84492945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629846)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629846/; classtype:trojan-activity;sid:84492946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629847)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629847/; classtype:trojan-activity;sid:84492947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629848)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629848/; classtype:trojan-activity;sid:84492948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629849)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629849/; classtype:trojan-activity;sid:84492949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629850)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629850/; classtype:trojan-activity;sid:84492950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629851)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629851/; classtype:trojan-activity;sid:84492951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629852)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629852/; classtype:trojan-activity;sid:84492952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629853)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629853/; classtype:trojan-activity;sid:84492953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629854)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629854/; classtype:trojan-activity;sid:84492954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629855)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629855/; classtype:trojan-activity;sid:84492955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629856)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629856/; classtype:trojan-activity;sid:84492956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629857)"; flow:established,from_client; content:"GET"; http_method; content:"/create.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629857/; classtype:trojan-activity;sid:84492957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629858)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629858/; classtype:trojan-activity;sid:84492958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629859)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629859/; classtype:trojan-activity;sid:84492959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629860)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629860/; classtype:trojan-activity;sid:84492960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629861)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629861/; classtype:trojan-activity;sid:84492961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629862)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629862/; classtype:trojan-activity;sid:84492962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629837)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629837/; classtype:trojan-activity;sid:84492937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629838)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629838/; classtype:trojan-activity;sid:84492938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629839)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629839/; classtype:trojan-activity;sid:84492939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629840)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629840/; classtype:trojan-activity;sid:84492940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629841)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629841/; classtype:trojan-activity;sid:84492941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629833)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629833/; classtype:trojan-activity;sid:84492933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629834)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629834/; classtype:trojan-activity;sid:84492934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629835)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629835/; classtype:trojan-activity;sid:84492935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629836)"; flow:established,from_client; content:"GET"; http_method; content:"/gp"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629836/; classtype:trojan-activity;sid:84492936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629832)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629832/; classtype:trojan-activity;sid:84492932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629831)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629831/; classtype:trojan-activity;sid:84492931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629829)"; flow:established,from_client; content:"GET"; http_method; content:"/rtz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629829/; classtype:trojan-activity;sid:84492929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629830)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3629830/; classtype:trojan-activity;sid:84492930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629170)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629170/; classtype:trojan-activity;sid:84492270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629169)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629169/; classtype:trojan-activity;sid:84492269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629163)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629163/; classtype:trojan-activity;sid:84492263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629164)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629164/; classtype:trojan-activity;sid:84492264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629165)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629165/; classtype:trojan-activity;sid:84492265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629166)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629166/; classtype:trojan-activity;sid:84492266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629167)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629167/; classtype:trojan-activity;sid:84492267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629168)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629168/; classtype:trojan-activity;sid:84492268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629156)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629156/; classtype:trojan-activity;sid:84492256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629157)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629157/; classtype:trojan-activity;sid:84492257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629159)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629159/; classtype:trojan-activity;sid:84492259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629160)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629160/; classtype:trojan-activity;sid:84492260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3629161)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_22; reference:url, urlhaus.abuse.ch/url/3629161/; classtype:trojan-activity;sid:84492261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628626)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/test.jpg|3f|12711313"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628626/; classtype:trojan-activity;sid:84491726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628622)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/wjxpugv.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628622/; classtype:trojan-activity;sid:84491722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628619)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.48.50.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628619/; classtype:trojan-activity;sid:84491719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.154.188.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627935/; classtype:trojan-activity;sid:84491035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.124.94.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627937/; classtype:trojan-activity;sid:84491037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.121.198.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627934/; classtype:trojan-activity;sid:84491034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627848)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627848/; classtype:trojan-activity;sid:84490948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627849)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627849/; classtype:trojan-activity;sid:84490949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627850)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627850/; classtype:trojan-activity;sid:84490950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627851)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627851/; classtype:trojan-activity;sid:84490951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627852)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627852/; classtype:trojan-activity;sid:84490952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627854)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627854/; classtype:trojan-activity;sid:84490954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627855)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627855/; classtype:trojan-activity;sid:84490955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627856)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627856/; classtype:trojan-activity;sid:84490956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627844)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627844/; classtype:trojan-activity;sid:84490944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627845)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627845/; classtype:trojan-activity;sid:84490945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627846)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627846/; classtype:trojan-activity;sid:84490946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627847)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627847/; classtype:trojan-activity;sid:84490947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627674)"; flow:established,from_client; content:"GET"; http_method; content:"/krsu1apiygkyet9.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627674/; classtype:trojan-activity;sid:84490774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627678)"; flow:established,from_client; content:"GET"; http_method; content:"/nlxhm2qlwg0rmot.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627678/; classtype:trojan-activity;sid:84490778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.200.87.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627322/; classtype:trojan-activity;sid:84490422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627217)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.145.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627217/; classtype:trojan-activity;sid:84490317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627210)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.154.188.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627210/; classtype:trojan-activity;sid:84490310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.203.86.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627206/; classtype:trojan-activity;sid:84490306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627133)"; flow:established,from_client; content:"GET"; http_method; content:"/privatecardserver/privateserver.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"202.189.4.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627133/; classtype:trojan-activity;sid:84490233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627132)"; flow:established,from_client; content:"GET"; http_method; content:"/commongatewayserverultimate(3).exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"202.189.4.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627132/; classtype:trojan-activity;sid:84490232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627131)"; flow:established,from_client; content:"GET"; http_method; content:"/cgs_updater.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"202.189.4.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627131/; classtype:trojan-activity;sid:84490231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626883)"; flow:established,from_client; content:"GET"; http_method; content:"/jammx4im1btscsq.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3626883/; classtype:trojan-activity;sid:84489983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626690)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sostexampp.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626690/; classtype:trojan-activity;sid:84489790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626692)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sostexampp.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626692/; classtype:trojan-activity;sid:84489792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626324)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.139.146.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626324/; classtype:trojan-activity;sid:84489424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626314)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.13.137.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626314/; classtype:trojan-activity;sid:84489414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.247.56.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626295/; classtype:trojan-activity;sid:84489395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626300/; classtype:trojan-activity;sid:84489400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.70.152.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626301/; classtype:trojan-activity;sid:84489401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626275)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.62.255.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626275/; classtype:trojan-activity;sid:84489375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626246)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.121.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626246/; classtype:trojan-activity;sid:84489346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626039)"; flow:established,from_client; content:"GET"; http_method; content:"/vq7qnspptll2njm.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626039/; classtype:trojan-activity;sid:84489139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625731)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.118.28.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625731/; classtype:trojan-activity;sid:84488831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.154.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625674/; classtype:trojan-activity;sid:84488774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625633/; classtype:trojan-activity;sid:84488733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625570/; classtype:trojan-activity;sid:84488670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3625503)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.203.86.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_17; reference:url, urlhaus.abuse.ch/url/3625503/; classtype:trojan-activity;sid:84488603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624994)"; flow:established,from_client; content:"GET"; http_method; content:"/gbim8juazfgeaph.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624994/; classtype:trojan-activity;sid:84488094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624967)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624967/; classtype:trojan-activity;sid:84488067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624923)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624923/; classtype:trojan-activity;sid:84488023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624926)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624926/; classtype:trojan-activity;sid:84488026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624927)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624927/; classtype:trojan-activity;sid:84488027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624928)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624928/; classtype:trojan-activity;sid:84488028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624929)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624929/; classtype:trojan-activity;sid:84488029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624930)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624930/; classtype:trojan-activity;sid:84488030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624934)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624934/; classtype:trojan-activity;sid:84488034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624935)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624935/; classtype:trojan-activity;sid:84488035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_16; reference:url, urlhaus.abuse.ch/url/3624846/; classtype:trojan-activity;sid:84487946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624720)"; flow:established,from_client; content:"GET"; http_method; content:"/z/89/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.94.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624720/; classtype:trojan-activity;sid:84487820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624438)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/vegnxqxevr.mp4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"changemyseat.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624438/; classtype:trojan-activity;sid:84487538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624291)"; flow:established,from_client; content:"GET"; http_method; content:"/uppc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624291/; classtype:trojan-activity;sid:84487391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3624280)"; flow:established,from_client; content:"GET"; http_method; content:"/ui686"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_15; reference:url, urlhaus.abuse.ch/url/3624280/; classtype:trojan-activity;sid:84487380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623786)"; flow:established,from_client; content:"GET"; http_method; content:"/mise.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"210.16.163.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623786/; classtype:trojan-activity;sid:84486886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623775)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.41.167.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623775/; classtype:trojan-activity;sid:84486875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623760)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"69.165.68.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623760/; classtype:trojan-activity;sid:84486860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.63.68.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623738/; classtype:trojan-activity;sid:84486838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623701)"; flow:established,from_client; content:"GET"; http_method; content:"/fc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623701/; classtype:trojan-activity;sid:84486801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623700)"; flow:established,from_client; content:"GET"; http_method; content:"/poc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623700/; classtype:trojan-activity;sid:84486800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623698)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623698/; classtype:trojan-activity;sid:84486798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623697)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623697/; classtype:trojan-activity;sid:84486797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623695)"; flow:established,from_client; content:"GET"; http_method; content:"/ftpget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623695/; classtype:trojan-activity;sid:84486795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623686)"; flow:established,from_client; content:"GET"; http_method; content:"/lmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623686/; classtype:trojan-activity;sid:84486786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623687)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623687/; classtype:trojan-activity;sid:84486787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623688)"; flow:established,from_client; content:"GET"; http_method; content:"/umpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623688/; classtype:trojan-activity;sid:84486788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623689)"; flow:established,from_client; content:"GET"; http_method; content:"/lmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623689/; classtype:trojan-activity;sid:84486789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623690)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623690/; classtype:trojan-activity;sid:84486790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623691)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623691/; classtype:trojan-activity;sid:84486791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623692)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623692/; classtype:trojan-activity;sid:84486792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623693)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623693/; classtype:trojan-activity;sid:84486793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623694)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623694/; classtype:trojan-activity;sid:84486794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623683)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623683/; classtype:trojan-activity;sid:84486783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623684)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623684/; classtype:trojan-activity;sid:84486784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623679)"; flow:established,from_client; content:"GET"; http_method; content:"/umips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623679/; classtype:trojan-activity;sid:84486779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623680)"; flow:established,from_client; content:"GET"; http_method; content:"/nmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623680/; classtype:trojan-activity;sid:84486780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623681)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623681/; classtype:trojan-activity;sid:84486781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623682)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623682/; classtype:trojan-activity;sid:84486782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623624)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623624/; classtype:trojan-activity;sid:84486724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623625)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623625/; classtype:trojan-activity;sid:84486725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623411)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/nodustrunm.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623411/; classtype:trojan-activity;sid:84486511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623405)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/snowhiteout.msi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623405/; classtype:trojan-activity;sid:84486505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623406)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/wisemenchat.msi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623406/; classtype:trojan-activity;sid:84486506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623407)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/jingle.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623407/; classtype:trojan-activity;sid:84486507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623408)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol1.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623408/; classtype:trojan-activity;sid:84486508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623409)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/ajewarrior.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623409/; classtype:trojan-activity;sid:84486509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623410)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/yaegerrob4325.msi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623410/; classtype:trojan-activity;sid:84486510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623401)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/sadfewego.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623401/; classtype:trojan-activity;sid:84486501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623400)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/2poasdoc.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623400/; classtype:trojan-activity;sid:84486500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623397)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/whitepower.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623397/; classtype:trojan-activity;sid:84486497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623398)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/intruder3000.msi"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623398/; classtype:trojan-activity;sid:84486498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623399)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/future.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623399/; classtype:trojan-activity;sid:84486499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623395)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/bunkerjoe.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623395/; classtype:trojan-activity;sid:84486495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623396)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/tron67.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623396/; classtype:trojan-activity;sid:84486496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623390)"; flow:established,from_client; content:"GET"; http_method; content:"/123.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"210.16.163.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623390/; classtype:trojan-activity;sid:84486490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623392)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/powergod.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623392/; classtype:trojan-activity;sid:84486492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623387)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/nightking.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623387/; classtype:trojan-activity;sid:84486487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623388)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/cartman.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623388/; classtype:trojan-activity;sid:84486488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623386)"; flow:established,from_client; content:"GET"; http_method; content:"/atera/hardly.msi"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"securedocusharex.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623386/; classtype:trojan-activity;sid:84486486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623131)"; flow:established,from_client; content:"GET"; http_method; content:"/rasadhlp.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"118.25.68.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623131/; classtype:trojan-activity;sid:84486231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623126)"; flow:established,from_client; content:"GET"; http_method; content:"/ziobigiu84/site/refs/heads/main/launcher.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623126/; classtype:trojan-activity;sid:84486226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623123)"; flow:established,from_client; content:"GET"; http_method; content:"/midkourtbbe/network/refs/heads/main/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623123/; classtype:trojan-activity;sid:84486223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623122)"; flow:established,from_client; content:"GET"; http_method; content:"/anno29/web/refs/heads/main/software.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623122/; classtype:trojan-activity;sid:84486222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623121)"; flow:established,from_client; content:"GET"; http_method; content:"/ilpigna03/site/refs/heads/main/launcher.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623121/; classtype:trojan-activity;sid:84486221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623120)"; flow:established,from_client; content:"GET"; http_method; content:"/nullarchive/request/refs/heads/main/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623120/; classtype:trojan-activity;sid:84486220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623011)"; flow:established,from_client; content:"GET"; http_method; content:"/9.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623011/; classtype:trojan-activity;sid:84486111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622798)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.178.47.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622798/; classtype:trojan-activity;sid:84485898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622759)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622759/; classtype:trojan-activity;sid:84485859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622643)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg|3f|12711343p"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622643/; classtype:trojan-activity;sid:84485743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622639)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg|3f|12711343"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622639/; classtype:trojan-activity;sid:84485739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622638)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg|3f|12711343"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622638/; classtype:trojan-activity;sid:84485738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622625)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622625/; classtype:trojan-activity;sid:84485725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622623)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622623/; classtype:trojan-activity;sid:84485723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622624)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622624/; classtype:trojan-activity;sid:84485724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622541)"; flow:established,from_client; content:"GET"; http_method; content:"/125.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622541/; classtype:trojan-activity;sid:84485641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622545)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622545/; classtype:trojan-activity;sid:84485645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622547)"; flow:established,from_client; content:"GET"; http_method; content:"/er/45.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622547/; classtype:trojan-activity;sid:84485647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622548)"; flow:established,from_client; content:"GET"; http_method; content:"/er/326.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622548/; classtype:trojan-activity;sid:84485648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622549)"; flow:established,from_client; content:"GET"; http_method; content:"/er/46.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622549/; classtype:trojan-activity;sid:84485649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622539)"; flow:established,from_client; content:"GET"; http_method; content:"/er/1212.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622539/; classtype:trojan-activity;sid:84485639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622423)"; flow:established,from_client; content:"GET"; http_method; content:"/megago.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.125.50.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622423/; classtype:trojan-activity;sid:84485523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622268)"; flow:established,from_client; content:"GET"; http_method; content:"/mass"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622268/; classtype:trojan-activity;sid:84485368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622172/; classtype:trojan-activity;sid:84485272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621757)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xisuc6psmmj5jzq7jgoffba7avfhzga_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621757/; classtype:trojan-activity;sid:84484857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621753)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1okqdyr_kghanl7h_i1mwmlmzfesw_gx0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621753/; classtype:trojan-activity;sid:84484853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621461)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.40.18.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621461/; classtype:trojan-activity;sid:84484561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.249.142.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621292/; classtype:trojan-activity;sid:84484392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.249.142.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621283/; classtype:trojan-activity;sid:84484383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621087)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/numaneo.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621087/; classtype:trojan-activity;sid:84484187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621086)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/test.jpg"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"62.60.226.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621086/; classtype:trojan-activity;sid:84484186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.70.122.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620984/; classtype:trojan-activity;sid:84484084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.70.122.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3620979/; classtype:trojan-activity;sid:84484079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620835)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.133.102.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620835/; classtype:trojan-activity;sid:84483935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620552)"; flow:established,from_client; content:"GET"; http_method; content:"/n8388.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_09; reference:url, urlhaus.abuse.ch/url/3620552/; classtype:trojan-activity;sid:84483652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620261)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"p1611192-mobac01.tokyo.ocn.ne.jp"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620261/; classtype:trojan-activity;sid:84483361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620145)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.235.177.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620145/; classtype:trojan-activity;sid:84483245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620132/; classtype:trojan-activity;sid:84483232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.221.116.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620124/; classtype:trojan-activity;sid:84483224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.16.177.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620129/; classtype:trojan-activity;sid:84483229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619992)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"rem0925.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619992/; classtype:trojan-activity;sid:84483092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619988)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"rem0925.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619988/; classtype:trojan-activity;sid:84483088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619986)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619986/; classtype:trojan-activity;sid:84483086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619984)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619984/; classtype:trojan-activity;sid:84483084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619985)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619985/; classtype:trojan-activity;sid:84483085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618252)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.urbotnetisass"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618252/; classtype:trojan-activity;sid:84481352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618253)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4.urbotnetisass"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618253/; classtype:trojan-activity;sid:84481353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618254)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618254/; classtype:trojan-activity;sid:84481354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618255)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.urbotnetisass"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618255/; classtype:trojan-activity;sid:84481355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618257)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618257/; classtype:trojan-activity;sid:84481357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618219)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618219/; classtype:trojan-activity;sid:84481319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618220)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618220/; classtype:trojan-activity;sid:84481320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618221)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.urbotnetisass"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618221/; classtype:trojan-activity;sid:84481321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3618222)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.urbotnetisass"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_06; reference:url, urlhaus.abuse.ch/url/3618222/; classtype:trojan-activity;sid:84481322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617921)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.199.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617921/; classtype:trojan-activity;sid:84481021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617904/; classtype:trojan-activity;sid:84481004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617625)"; flow:established,from_client; content:"GET"; http_method; content:"/ccce41b9-e358-4972-b52d-dd1cdbe5f636.msi"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"193.24.123.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617625/; classtype:trojan-activity;sid:84480725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617624)"; flow:established,from_client; content:"GET"; http_method; content:"/installer.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.125.50.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617624/; classtype:trojan-activity;sid:84480724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617613)"; flow:established,from_client; content:"GET"; http_method; content:"/terms.pdf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.125.50.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617613/; classtype:trojan-activity;sid:84480713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617615)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/terms.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"85.192.48.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617615/; classtype:trojan-activity;sid:84480715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617560)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_05; reference:url, urlhaus.abuse.ch/url/3617560/; classtype:trojan-activity;sid:84480660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617437)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"110.40.176.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617437/; classtype:trojan-activity;sid:84480537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617442)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.141.15.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617442/; classtype:trojan-activity;sid:84480542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617444)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.139.169.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617444/; classtype:trojan-activity;sid:84480544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.112.49.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617433/; classtype:trojan-activity;sid:84480533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.100.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617428/; classtype:trojan-activity;sid:84480528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617403)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.200.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617403/; classtype:trojan-activity;sid:84480503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617223/; classtype:trojan-activity;sid:84480323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617201)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617201/; classtype:trojan-activity;sid:84480301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617196)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617196/; classtype:trojan-activity;sid:84480296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617193)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617193/; classtype:trojan-activity;sid:84480293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617189)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617189/; classtype:trojan-activity;sid:84480289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617190)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617190/; classtype:trojan-activity;sid:84480290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616174)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616174/; classtype:trojan-activity;sid:84479274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616153)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"46.100.5.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616153/; classtype:trojan-activity;sid:84479253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616062)"; flow:established,from_client; content:"GET"; http_method; content:"/24/items/realomadrido2025/tragira.jpg"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"ia801003.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616062/; classtype:trojan-activity;sid:84479162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3616000)"; flow:established,from_client; content:"GET"; http_method; content:"/35buding/139assicc.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"58.87.92.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3616000/; classtype:trojan-activity;sid:84479100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615992)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/3dexplor.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.248.118.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615992/; classtype:trojan-activity;sid:84479092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615991)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/3dexplor.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.40.13.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615991/; classtype:trojan-activity;sid:84479091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615933)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rdx/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615933/; classtype:trojan-activity;sid:84479033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615926)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_03; reference:url, urlhaus.abuse.ch/url/3615926/; classtype:trojan-activity;sid:84479026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.97.162.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615703/; classtype:trojan-activity;sid:84478803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.126.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615696/; classtype:trojan-activity;sid:84478796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615611)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xdbcvdei"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615611/; classtype:trojan-activity;sid:84478711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615455)"; flow:established,from_client; content:"GET"; http_method; content:"/v19239.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615455/; classtype:trojan-activity;sid:84478555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615435)"; flow:established,from_client; content:"GET"; http_method; content:"/v3434.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615435/; classtype:trojan-activity;sid:84478535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615306)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.109.44.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615306/; classtype:trojan-activity;sid:84478406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615095/; classtype:trojan-activity;sid:84478195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615073)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615073/; classtype:trojan-activity;sid:84478173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615074)"; flow:established,from_client; content:"GET"; http_method; content:"/8.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615074/; classtype:trojan-activity;sid:84478174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615072)"; flow:established,from_client; content:"GET"; http_method; content:"/zx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615072/; classtype:trojan-activity;sid:84478172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615068)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615068/; classtype:trojan-activity;sid:84478168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614931/; classtype:trojan-activity;sid:84478031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.213.81.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614869/; classtype:trojan-activity;sid:84477969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.2.5.54"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614866/; classtype:trojan-activity;sid:84477966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.143.189.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614863/; classtype:trojan-activity;sid:84477963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614697)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsupdate.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"129.152.20.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614697/; classtype:trojan-activity;sid:84477797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614696)"; flow:established,from_client; content:"GET"; http_method; content:"/windows.x64.silent.cpu.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"129.152.20.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614696/; classtype:trojan-activity;sid:84477796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614685)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc1/plugins/cred64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614685/; classtype:trojan-activity;sid:84477785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614683)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc1/plugins/clip64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614683/; classtype:trojan-activity;sid:84477783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614684)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc1/plugins/cred.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614684/; classtype:trojan-activity;sid:84477784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614681)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc1/plugins/vnc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614681/; classtype:trojan-activity;sid:84477781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614682)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc1/plugins/clip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614682/; classtype:trojan-activity;sid:84477782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614637/; classtype:trojan-activity;sid:84477737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.112.166.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614346/; classtype:trojan-activity;sid:84477446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.7.149.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614347/; classtype:trojan-activity;sid:84477447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614280)"; flow:established,from_client; content:"GET"; http_method; content:"/d/mzjfndu3ndewnzjf/dvgihou177.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"od.lk"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614280/; classtype:trojan-activity;sid:84477380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614199)"; flow:established,from_client; content:"GET"; http_method; content:"/827-mh1-3t/827/main/t1.png"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614199/; classtype:trojan-activity;sid:84477299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614081)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614081/; classtype:trojan-activity;sid:84477181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614077)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614077/; classtype:trojan-activity;sid:84477177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614078)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614078/; classtype:trojan-activity;sid:84477178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614057)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614057/; classtype:trojan-activity;sid:84477157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614058)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614058/; classtype:trojan-activity;sid:84477158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614054)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.55.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614054/; classtype:trojan-activity;sid:84477154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613696)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.71.159.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613696/; classtype:trojan-activity;sid:84476796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.126.1.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613683/; classtype:trojan-activity;sid:84476783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.231.61.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613664/; classtype:trojan-activity;sid:84476764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pinaview.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pinaview.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613629/; classtype:trojan-activity;sid:84476729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613494)"; flow:established,from_client; content:"GET"; http_method; content:"/peterson643eu/projecttop/refs/heads/main/zjqppajn.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613494/; classtype:trojan-activity;sid:84476594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.43.76.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613214/; classtype:trojan-activity;sid:84476314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.4.102.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612605/; classtype:trojan-activity;sid:84475705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.7.149.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612593/; classtype:trojan-activity;sid:84475693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.36.197.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612595/; classtype:trojan-activity;sid:84475695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612531)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.231.61.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612531/; classtype:trojan-activity;sid:84475631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612291/; classtype:trojan-activity;sid:84475391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/usbmmidd_v2.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.amyuni.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611504/; classtype:trojan-activity;sid:84474604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.255.198.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611456/; classtype:trojan-activity;sid:84474556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611119)"; flow:established,from_client; content:"GET"; http_method; content:"/testmine/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611119/; classtype:trojan-activity;sid:84474219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610764)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610764/; classtype:trojan-activity;sid:84473864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.112.150.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610701/; classtype:trojan-activity;sid:84473801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610638)"; flow:established,from_client; content:"GET"; http_method; content:"/soul.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.66.52.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610638/; classtype:trojan-activity;sid:84473738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610613)"; flow:established,from_client; content:"GET"; http_method; content:"/tfsoft/xftd/v2/ctf/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tengfeidn.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610613/; classtype:trojan-activity;sid:84473713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610612)"; flow:established,from_client; content:"GET"; http_method; content:"/tfsoft/xftd/v2/ctf/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pcupd.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610612/; classtype:trojan-activity;sid:84473712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610604)"; flow:established,from_client; content:"GET"; http_method; content:"/api/upgrade/jd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rdm.91yunma.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610604/; classtype:trojan-activity;sid:84473704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610602)"; flow:established,from_client; content:"GET"; http_method; content:"/api/upgrade/qcoin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"rdm.91yunma.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610602/; classtype:trojan-activity;sid:84473702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610601)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.55.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610601/; classtype:trojan-activity;sid:84473701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610401)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/mely.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"areyouready.co.za"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610401/; classtype:trojan-activity;sid:84473501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610381)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/loic/raw/refs/heads/master/loic.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610381/; classtype:trojan-activity;sid:84473481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610380)"; flow:established,from_client; content:"GET"; http_method; content:"/raizydaizy/steamcmd/raw/refs/heads/main/steamcmd.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610380/; classtype:trojan-activity;sid:84473480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610135)"; flow:established,from_client; content:"GET"; http_method; content:"/sealsuite_update"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.174.133.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610135/; classtype:trojan-activity;sid:84473235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610039)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"181.223.9.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610039/; classtype:trojan-activity;sid:84473139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610038)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"181.223.9.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610038/; classtype:trojan-activity;sid:84473138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610037)"; flow:established,from_client; content:"GET"; http_method; content:"/script2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"181.223.9.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610037/; classtype:trojan-activity;sid:84473137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610004)"; flow:established,from_client; content:"GET"; http_method; content:"/backup.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610004/; classtype:trojan-activity;sid:84473104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610003)"; flow:established,from_client; content:"GET"; http_method; content:"/logs.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610003/; classtype:trojan-activity;sid:84473103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609999)"; flow:established,from_client; content:"GET"; http_method; content:"/office.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609999/; classtype:trojan-activity;sid:84473099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610000)"; flow:established,from_client; content:"GET"; http_method; content:"/shortcut.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610000/; classtype:trojan-activity;sid:84473100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610001)"; flow:established,from_client; content:"GET"; http_method; content:"/backup.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610001/; classtype:trojan-activity;sid:84473101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610002)"; flow:established,from_client; content:"GET"; http_method; content:"/results.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3610002/; classtype:trojan-activity;sid:84473102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609978)"; flow:established,from_client; content:"GET"; http_method; content:"/review.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609978/; classtype:trojan-activity;sid:84473078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609979)"; flow:established,from_client; content:"GET"; http_method; content:"/test.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609979/; classtype:trojan-activity;sid:84473079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609980)"; flow:established,from_client; content:"GET"; http_method; content:"/review.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609980/; classtype:trojan-activity;sid:84473080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609981)"; flow:established,from_client; content:"GET"; http_method; content:"/logs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609981/; classtype:trojan-activity;sid:84473081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609982)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudshare.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609982/; classtype:trojan-activity;sid:84473082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609983)"; flow:established,from_client; content:"GET"; http_method; content:"/sample.elf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609983/; classtype:trojan-activity;sid:84473083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609984)"; flow:established,from_client; content:"GET"; http_method; content:"/important.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609984/; classtype:trojan-activity;sid:84473084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609985)"; flow:established,from_client; content:"GET"; http_method; content:"/covidpass.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609985/; classtype:trojan-activity;sid:84473085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609986)"; flow:established,from_client; content:"GET"; http_method; content:"/trial.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609986/; classtype:trojan-activity;sid:84473086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609987)"; flow:established,from_client; content:"GET"; http_method; content:"/splunk.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609987/; classtype:trojan-activity;sid:84473087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609989)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudshare.vbs"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609989/; classtype:trojan-activity;sid:84473089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609990)"; flow:established,from_client; content:"GET"; http_method; content:"/discount.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609990/; classtype:trojan-activity;sid:84473090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609991)"; flow:established,from_client; content:"GET"; http_method; content:"/important.txt.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609991/; classtype:trojan-activity;sid:84473091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609992)"; flow:established,from_client; content:"GET"; http_method; content:"/voucher.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609992/; classtype:trojan-activity;sid:84473092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609993)"; flow:established,from_client; content:"GET"; http_method; content:"/officeaccess.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609993/; classtype:trojan-activity;sid:84473093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609996)"; flow:established,from_client; content:"GET"; http_method; content:"/target.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609996/; classtype:trojan-activity;sid:84473096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609997)"; flow:established,from_client; content:"GET"; http_method; content:"/tripvpn.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609997/; classtype:trojan-activity;sid:84473097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609998)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterloc.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609998/; classtype:trojan-activity;sid:84473098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609973)"; flow:established,from_client; content:"GET"; http_method; content:"/splunk.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609973/; classtype:trojan-activity;sid:84473073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609974)"; flow:established,from_client; content:"GET"; http_method; content:"/officeaccess.vbs"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609974/; classtype:trojan-activity;sid:84473074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609975)"; flow:established,from_client; content:"GET"; http_method; content:"/account.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609975/; classtype:trojan-activity;sid:84473075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609977)"; flow:established,from_client; content:"GET"; http_method; content:"/tripvpn.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609977/; classtype:trojan-activity;sid:84473077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609970)"; flow:established,from_client; content:"GET"; http_method; content:"/importantt.txt.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609970/; classtype:trojan-activity;sid:84473070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609971)"; flow:established,from_client; content:"GET"; http_method; content:"/uac_bypass.vbs"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609971/; classtype:trojan-activity;sid:84473071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609972)"; flow:established,from_client; content:"GET"; http_method; content:"/covidpass.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609972/; classtype:trojan-activity;sid:84473072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609967)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz_bypass.vbs"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609967/; classtype:trojan-activity;sid:84473067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609968)"; flow:established,from_client; content:"GET"; http_method; content:"/training.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609968/; classtype:trojan-activity;sid:84473068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609969)"; flow:established,from_client; content:"GET"; http_method; content:"/windows11.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609969/; classtype:trojan-activity;sid:84473069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609965)"; flow:established,from_client; content:"GET"; http_method; content:"/data.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609965/; classtype:trojan-activity;sid:84473065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609966)"; flow:established,from_client; content:"GET"; http_method; content:"/budgetplan.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609966/; classtype:trojan-activity;sid:84473066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609962)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz.txt.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609962/; classtype:trojan-activity;sid:84473062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609963)"; flow:established,from_client; content:"GET"; http_method; content:"/slack.bat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609963/; classtype:trojan-activity;sid:84473063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609958)"; flow:established,from_client; content:"GET"; http_method; content:"/account.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609958/; classtype:trojan-activity;sid:84473058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609959)"; flow:established,from_client; content:"GET"; http_method; content:"/slack.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609959/; classtype:trojan-activity;sid:84473059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609960)"; flow:established,from_client; content:"GET"; http_method; content:"/discount.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609960/; classtype:trojan-activity;sid:84473060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609961)"; flow:established,from_client; content:"GET"; http_method; content:"/lazagne.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609961/; classtype:trojan-activity;sid:84473061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609954)"; flow:established,from_client; content:"GET"; http_method; content:"/office.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609954/; classtype:trojan-activity;sid:84473054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609955)"; flow:established,from_client; content:"GET"; http_method; content:"/data.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609955/; classtype:trojan-activity;sid:84473055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609956)"; flow:established,from_client; content:"GET"; http_method; content:"/accounts.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609956/; classtype:trojan-activity;sid:84473056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609953)"; flow:established,from_client; content:"GET"; http_method; content:"/target.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.197.168.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609953/; classtype:trojan-activity;sid:84473053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609761)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609761/; classtype:trojan-activity;sid:84472861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609760)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609760/; classtype:trojan-activity;sid:84472860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609758)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609758/; classtype:trojan-activity;sid:84472858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609759)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609759/; classtype:trojan-activity;sid:84472859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609757)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609757/; classtype:trojan-activity;sid:84472857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609752)"; flow:established,from_client; content:"GET"; http_method; content:"/csky"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609752/; classtype:trojan-activity;sid:84472852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609753)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609753/; classtype:trojan-activity;sid:84472853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609754)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609754/; classtype:trojan-activity;sid:84472854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609755)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609755/; classtype:trojan-activity;sid:84472855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609756)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609756/; classtype:trojan-activity;sid:84472856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609750)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609750/; classtype:trojan-activity;sid:84472850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609751)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609751/; classtype:trojan-activity;sid:84472851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609749)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609749/; classtype:trojan-activity;sid:84472849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609748)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xans.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609748/; classtype:trojan-activity;sid:84472848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609741)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.186.28.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609741/; classtype:trojan-activity;sid:84472841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609409)"; flow:established,from_client; content:"GET"; http_method; content:"/2/task.js"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gestionycobranzas.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609409/; classtype:trojan-activity;sid:84472509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609394)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%81%92%e5%a4%a9%e7%91%9e%e8%ae%af3.4.2.52.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"118.244.192.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609394/; classtype:trojan-activity;sid:84472494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609388)"; flow:established,from_client; content:"GET"; http_method; content:"/files/data/cef/client-webengine.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"51.178.30.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609388/; classtype:trojan-activity;sid:84472488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609318)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"160.250.128.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609318/; classtype:trojan-activity;sid:84472418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609204)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.134.189.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609204/; classtype:trojan-activity;sid:84472304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609203)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon_x64.tar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.134.189.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609203/; classtype:trojan-activity;sid:84472303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.197.231.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609150/; classtype:trojan-activity;sid:84472250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609043)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609043/; classtype:trojan-activity;sid:84472143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609042)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609042/; classtype:trojan-activity;sid:84472142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609041)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/cred.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609041/; classtype:trojan-activity;sid:84472141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609040)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/clip64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609040/; classtype:trojan-activity;sid:84472140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609039)"; flow:established,from_client; content:"GET"; http_method; content:"/cvdfnafjbmc0/plugins/vnc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"microsoft-telemetry.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609039/; classtype:trojan-activity;sid:84472139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608802)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.45.105.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608802/; classtype:trojan-activity;sid:84471902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608773)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.45.105.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608773/; classtype:trojan-activity;sid:84471873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/22072024080730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608522/; classtype:trojan-activity;sid:84471622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/17062024123023/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608521/; classtype:trojan-activity;sid:84471621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/14082024082341/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608520/; classtype:trojan-activity;sid:84471620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/09072024080408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608519/; classtype:trojan-activity;sid:84471619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11072024072520/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608518/; classtype:trojan-activity;sid:84471618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608517/; classtype:trojan-activity;sid:84471617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10092024072747/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608511/; classtype:trojan-activity;sid:84471611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/23092024080311/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608513/; classtype:trojan-activity;sid:84471613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/02082024071413/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608506/; classtype:trojan-activity;sid:84471606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23092024103542/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608503/; classtype:trojan-activity;sid:84471603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/15072024075523/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608500/; classtype:trojan-activity;sid:84471600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608501)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/av.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608501/; classtype:trojan-activity;sid:84471601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13082024070204/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608487/; classtype:trojan-activity;sid:84471587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/14062024075221/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608488/; classtype:trojan-activity;sid:84471588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608489)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/photo.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608489/; classtype:trojan-activity;sid:84471589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608490)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/video.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608490/; classtype:trojan-activity;sid:84471590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12082024075637/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608491/; classtype:trojan-activity;sid:84471591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/16082024071234/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608492/; classtype:trojan-activity;sid:84471592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13072024070443/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608493/; classtype:trojan-activity;sid:84471593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608494)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/3c7dd4259d7141c1859d3a845d92c3c8/photo.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608494/; classtype:trojan-activity;sid:84471594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608495)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/3c7dd4259d7141c1859d3a845d92c3c8/av.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608495/; classtype:trojan-activity;sid:84471595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/18062024074945/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608496/; classtype:trojan-activity;sid:84471596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024110801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608497/; classtype:trojan-activity;sid:84471597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12092024121832/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608482/; classtype:trojan-activity;sid:84471582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8461/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608483/; classtype:trojan-activity;sid:84471583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608478)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/2021-11/3c7dd4259d7141c1859d3a845d92c3c8/video.lnk"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608478/; classtype:trojan-activity;sid:84471578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/10092024080037/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608479/; classtype:trojan-activity;sid:84471579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/28082024112055/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608471/; classtype:trojan-activity;sid:84471571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11062024140819/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608474/; classtype:trojan-activity;sid:84471574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25072024071607/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608470/; classtype:trojan-activity;sid:84471570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17082024070657/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608466/; classtype:trojan-activity;sid:84471566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024122345/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608467/; classtype:trojan-activity;sid:84471567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608082)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.82.160"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608082/; classtype:trojan-activity;sid:84471182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608047)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.212.166.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608047/; classtype:trojan-activity;sid:84471147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608001)"; flow:established,from_client; content:"GET"; http_method; content:"/~topmedsolutionco/wp-includes/images/media/resultats-damadeus-benefit-2025.scr"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"topmedsolution.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608001/; classtype:trojan-activity;sid:84471101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607961)"; flow:established,from_client; content:"GET"; http_method; content:"/ntchuy/hack/refs/heads/main/client.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607961/; classtype:trojan-activity;sid:84471061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607915)"; flow:established,from_client; content:"GET"; http_method; content:"/linpeas.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"34.70.102.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607915/; classtype:trojan-activity;sid:84471015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607394)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_20; reference:url, urlhaus.abuse.ch/url/3607394/; classtype:trojan-activity;sid:84470494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606904)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"visualwikicloud.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606904/; classtype:trojan-activity;sid:84470004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.169.228.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606817/; classtype:trojan-activity;sid:84469917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606808)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"221.113.193.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606808/; classtype:trojan-activity;sid:84469908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606770)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/rustmedebyg.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606770/; classtype:trojan-activity;sid:84469870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606767)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/rustme.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606767/; classtype:trojan-activity;sid:84469867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606766)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/debugconfig.bat"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606766/; classtype:trojan-activity;sid:84469866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606680)"; flow:established,from_client; content:"GET"; http_method; content:"/atu.lim"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"electri.billregulator.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606680/; classtype:trojan-activity;sid:84469780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606577)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/9e3363f017c60726bf610a2a472040144t."; http_uri; depth:41; isdataat:!1,relative; nocase; content:"file.uhsea.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606577/; classtype:trojan-activity;sid:84469677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.157.227.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3606146/; classtype:trojan-activity;sid:84469246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605990)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.52.208.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605990/; classtype:trojan-activity;sid:84469090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605992)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.102.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605992/; classtype:trojan-activity;sid:84469092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605993)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.187.25.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605993/; classtype:trojan-activity;sid:84469093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605981)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.69.98.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605981/; classtype:trojan-activity;sid:84469081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605934)"; flow:established,from_client; content:"GET"; http_method; content:"/milkrun/work_approval_pdf3.clientsetup.msi"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"scanwellhaulage.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605934/; classtype:trojan-activity;sid:84469034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605814)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605814/; classtype:trojan-activity;sid:84468914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605813)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605813/; classtype:trojan-activity;sid:84468913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605812)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605812/; classtype:trojan-activity;sid:84468912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605804)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605804/; classtype:trojan-activity;sid:84468904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605807)"; flow:established,from_client; content:"GET"; http_method; content:"/g8jejfc38/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"62.60.227.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605807/; classtype:trojan-activity;sid:84468907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605788)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/clip.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605788/; classtype:trojan-activity;sid:84468888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605787)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/cred.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605787/; classtype:trojan-activity;sid:84468887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605786)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/clip64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605786/; classtype:trojan-activity;sid:84468886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605783)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/cred64.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605783/; classtype:trojan-activity;sid:84468883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605776)"; flow:established,from_client; content:"GET"; http_method; content:"/di9ku38f/plugins/vnc.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.154.35.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605776/; classtype:trojan-activity;sid:84468876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.255.244.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605359/; classtype:trojan-activity;sid:84468459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604878)"; flow:established,from_client; content:"GET"; http_method; content:"/iceland.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uploadtree.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604878/; classtype:trojan-activity;sid:84467978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604591)"; flow:established,from_client; content:"GET"; http_method; content:"/networke.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604591/; classtype:trojan-activity;sid:84467691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604271)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/adobeupdate.msi"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604271/; classtype:trojan-activity;sid:84467371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604270)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/l8825.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604270/; classtype:trojan-activity;sid:84467370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604243)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.196.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604243/; classtype:trojan-activity;sid:84467343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604233)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.150.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604233/; classtype:trojan-activity;sid:84467333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602487)"; flow:established,from_client; content:"GET"; http_method; content:"/scanubs9420625fpdf.7z"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"access.skaparade.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602487/; classtype:trojan-activity;sid:84465587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601445)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.150.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601445/; classtype:trojan-activity;sid:84464545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.244.249.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601446/; classtype:trojan-activity;sid:84464546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600911)"; flow:established,from_client; content:"GET"; http_method; content:"/av.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"blaiz.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600911/; classtype:trojan-activity;sid:84464011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.217.16.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600845/; classtype:trojan-activity;sid:84463945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.197.252.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600842/; classtype:trojan-activity;sid:84463942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600803)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.i486"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600803/; classtype:trojan-activity;sid:84463903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600786)"; flow:established,from_client; content:"GET"; http_method; content:"/js/timer.jquery.js"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"googletagamnager.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_11; reference:url, urlhaus.abuse.ch/url/3600786/; classtype:trojan-activity;sid:84463886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3600259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.91.3.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_10; reference:url, urlhaus.abuse.ch/url/3600259/; classtype:trojan-activity;sid:84463359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599838)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.54.239.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599838/; classtype:trojan-activity;sid:84462938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599810)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.122.193.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599810/; classtype:trojan-activity;sid:84462910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599450)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.29.45.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599450/; classtype:trojan-activity;sid:84462550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599149)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14.103.234.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599149/; classtype:trojan-activity;sid:84462249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.54.221.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599106/; classtype:trojan-activity;sid:84462206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3598806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.73.82.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_07; reference:url, urlhaus.abuse.ch/url/3598806/; classtype:trojan-activity;sid:84461906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597698)"; flow:established,from_client; content:"GET"; http_method; content:"/user_profiles_photo/cptch.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"94.154.35.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597698/; classtype:trojan-activity;sid:84460798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597685)"; flow:established,from_client; content:"GET"; http_method; content:"/wmieventlogs.js"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597685/; classtype:trojan-activity;sid:84460785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597686)"; flow:established,from_client; content:"GET"; http_method; content:"/copilotdrivers.js"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"181.206.158.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597686/; classtype:trojan-activity;sid:84460786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597645/; classtype:trojan-activity;sid:84460745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597379)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"117.72.183.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597379/; classtype:trojan-activity;sid:84460479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597374)"; flow:established,from_client; content:"GET"; http_method; content:"/updserc.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"emprotel.net.bo"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597374/; classtype:trojan-activity;sid:84460474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597183)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597183/; classtype:trojan-activity;sid:84460283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597181)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597181/; classtype:trojan-activity;sid:84460281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597179)"; flow:established,from_client; content:"GET"; http_method; content:"/212925334128/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597179/; classtype:trojan-activity;sid:84460279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597168)"; flow:established,from_client; content:"GET"; http_method; content:"/thumbnails/av.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597168/; classtype:trojan-activity;sid:84460268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597162)"; flow:established,from_client; content:"GET"; http_method; content:"/thumbnails/photo.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597162/; classtype:trojan-activity;sid:84460262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597164)"; flow:established,from_client; content:"GET"; http_method; content:"/thumbnails/video.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597164/; classtype:trojan-activity;sid:84460264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597150)"; flow:established,from_client; content:"GET"; http_method; content:"/zmyjungmin/img001.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597150/; classtype:trojan-activity;sid:84460250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596562)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596562/; classtype:trojan-activity;sid:84459662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596563)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596563/; classtype:trojan-activity;sid:84459663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3596564)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3596564/; classtype:trojan-activity;sid:84459664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.47.103.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_03; reference:url, urlhaus.abuse.ch/url/3595824/; classtype:trojan-activity;sid:84458924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.31.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595225/; classtype:trojan-activity;sid:84458325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595203)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.78.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595203/; classtype:trojan-activity;sid:84458303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594962)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssa/t1.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"isiore.com.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594962/; classtype:trojan-activity;sid:84458062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594942)"; flow:established,from_client; content:"GET"; http_method; content:"/r00tnik8/zianr35524869492586/raw/refs/heads/main/plugin3.plg"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594942/; classtype:trojan-activity;sid:84458042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594359)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/auths0//booking13763.rar"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"fnvimoyvwkbxbmczlqus.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_08_01; reference:url, urlhaus.abuse.ch/url/3594359/; classtype:trojan-activity;sid:84457459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593777)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"65.99.193.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593777/; classtype:trojan-activity;sid:84456877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593287)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.105.165.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_30; reference:url, urlhaus.abuse.ch/url/3593287/; classtype:trojan-activity;sid:84456387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.22.255.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_30; reference:url, urlhaus.abuse.ch/url/3593252/; classtype:trojan-activity;sid:84456352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.205.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592749/; classtype:trojan-activity;sid:84455849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.247.208.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592552/; classtype:trojan-activity;sid:84455652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.208.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592078/; classtype:trojan-activity;sid:84455178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592038)"; flow:established,from_client; content:"GET"; http_method; content:"/image/cache/data/aksesuarlar/patch-yama-arma/skid-row-500x500.jpg"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"xshop.com.tr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592038/; classtype:trojan-activity;sid:84455138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.150.78.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_28; reference:url, urlhaus.abuse.ch/url/3591634/; classtype:trojan-activity;sid:84454734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591244)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.95.247.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3591244/; classtype:trojan-activity;sid:84454344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590852)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590852/; classtype:trojan-activity;sid:84453952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590749)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/d3dx11_45/refs/heads/main/d3dx11_45.dll"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590749/; classtype:trojan-activity;sid:84453849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590748)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/rssdgxgr/refs/heads/main/garo%20x.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590748/; classtype:trojan-activity;sid:84453848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590746)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/edggqdsg/refs/heads/main/garo%20v1.dll"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590746/; classtype:trojan-activity;sid:84453846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590552)"; flow:established,from_client; content:"GET"; http_method; content:"/hafiz12cyber/request/raw/refs/heads/main/launcher.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590552/; classtype:trojan-activity;sid:84453652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590550)"; flow:established,from_client; content:"GET"; http_method; content:"/midkourtbbe/network/raw/refs/heads/main/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590550/; classtype:trojan-activity;sid:84453650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590549)"; flow:established,from_client; content:"GET"; http_method; content:"/anno29/web/raw/refs/heads/main/software.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590549/; classtype:trojan-activity;sid:84453649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590548)"; flow:established,from_client; content:"GET"; http_method; content:"/notcat999/sys/raw/refs/heads/main/software.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590548/; classtype:trojan-activity;sid:84453648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590547)"; flow:established,from_client; content:"GET"; http_method; content:"/gethalal-007/request/raw/refs/heads/main/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590547/; classtype:trojan-activity;sid:84453647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590546)"; flow:established,from_client; content:"GET"; http_method; content:"/nullarchive/request/raw/refs/heads/main/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590546/; classtype:trojan-activity;sid:84453646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590111)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590111/; classtype:trojan-activity;sid:84453211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590104)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590104/; classtype:trojan-activity;sid:84453204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590105)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590105/; classtype:trojan-activity;sid:84453205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590102)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590102/; classtype:trojan-activity;sid:84453202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590103)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.42.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3590103/; classtype:trojan-activity;sid:84453203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589469)"; flow:established,from_client; content:"GET"; http_method; content:"/1.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589469/; classtype:trojan-activity;sid:84452569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.239.108.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589324/; classtype:trojan-activity;sid:84452424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.166.103.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589328/; classtype:trojan-activity;sid:84452428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589312)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.52.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589312/; classtype:trojan-activity;sid:84452412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589307)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.52.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589307/; classtype:trojan-activity;sid:84452407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588880)"; flow:established,from_client; content:"GET"; http_method; content:"/f4112442-c6fd-4d1f-99b7-ec0005ba3e4f/mqhwlv.sys"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ucarecdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_24; reference:url, urlhaus.abuse.ch/url/3588880/; classtype:trojan-activity;sid:84451980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588884)"; flow:established,from_client; content:"GET"; http_method; content:"/c4aa6390-ef31-4b3e-a191-67c1a5d20d7b/j5s1uy.bin"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ucarecdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_24; reference:url, urlhaus.abuse.ch/url/3588884/; classtype:trojan-activity;sid:84451984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.173.138.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588081/; classtype:trojan-activity;sid:84451181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.28.227.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588071/; classtype:trojan-activity;sid:84451171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.141.135.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588061/; classtype:trojan-activity;sid:84451161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587961)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.239.253.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587961/; classtype:trojan-activity;sid:84451061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587866)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587866/; classtype:trojan-activity;sid:84450966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587860)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587860/; classtype:trojan-activity;sid:84450960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587861)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587861/; classtype:trojan-activity;sid:84450961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587862)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587862/; classtype:trojan-activity;sid:84450962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587863)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587863/; classtype:trojan-activity;sid:84450963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587864)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587864/; classtype:trojan-activity;sid:84450964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587852)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587852/; classtype:trojan-activity;sid:84450952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587853)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587853/; classtype:trojan-activity;sid:84450953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587854)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587854/; classtype:trojan-activity;sid:84450954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587855)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587855/; classtype:trojan-activity;sid:84450955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587856)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587856/; classtype:trojan-activity;sid:84450956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587857)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587857/; classtype:trojan-activity;sid:84450957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587858)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587858/; classtype:trojan-activity;sid:84450958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587859)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587859/; classtype:trojan-activity;sid:84450959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587780)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.175.7.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3587780/; classtype:trojan-activity;sid:84450880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587585)"; flow:established,from_client; content:"GET"; http_method; content:"/sid2983/-1aa-valoranta/releases/download/d0wn10ad/valcheat.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587585/; classtype:trojan-activity;sid:84450685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587551)"; flow:established,from_client; content:"GET"; http_method; content:"//2025/07/19/15/683192372.png"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www2.0zz0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587551/; classtype:trojan-activity;sid:84450651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.165.30.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586630/; classtype:trojan-activity;sid:84449730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586631)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.104.97"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3586631/; classtype:trojan-activity;sid:84449731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.114.95.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586153/; classtype:trojan-activity;sid:84449253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.200.208.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586156/; classtype:trojan-activity;sid:84449256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.175.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586157/; classtype:trojan-activity;sid:84449257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.4.141.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586160/; classtype:trojan-activity;sid:84449260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.247.4.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586166/; classtype:trojan-activity;sid:84449266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.83.186.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586167/; classtype:trojan-activity;sid:84449267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.159.198.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586177/; classtype:trojan-activity;sid:84449277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586138)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.104.12"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586138/; classtype:trojan-activity;sid:84449238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586143)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.104.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586143/; classtype:trojan-activity;sid:84449243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.117.7.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586122/; classtype:trojan-activity;sid:84449222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585947)"; flow:established,from_client; content:"GET"; http_method; content:"/kjcy9kgh/02vcj.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"i.ibb.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_07_19; reference:url, urlhaus.abuse.ch/url/3585947/; classtype:trojan-activity;sid:84449047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585184)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.25.85.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585184/; classtype:trojan-activity;sid:84448284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.154.83.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585165/; classtype:trojan-activity;sid:84448265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.50.136.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585170/; classtype:trojan-activity;sid:84448270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.7.131.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585162/; classtype:trojan-activity;sid:84448262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.152.84.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585159/; classtype:trojan-activity;sid:84448259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.152.81.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585158/; classtype:trojan-activity;sid:84448258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585053)"; flow:established,from_client; content:"GET"; http_method; content:"/catalog/model/cummersmg.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"kavacanada.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585053/; classtype:trojan-activity;sid:84448153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.247.2.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584739/; classtype:trojan-activity;sid:84447839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.242.149.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584732/; classtype:trojan-activity;sid:84447832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.101.123.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584733/; classtype:trojan-activity;sid:84447833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584281)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.204.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584281/; classtype:trojan-activity;sid:84447381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584277)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584277/; classtype:trojan-activity;sid:84447377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584174)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php|3f|filepath=/var/www/html/outport/proc|7c|26|7c|filename=proc."; http_uri; depth:76; isdataat:!1,relative; nocase; content:"ndirection.kr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584174/; classtype:trojan-activity;sid:84447274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583571)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_15; reference:url, urlhaus.abuse.ch/url/3583571/; classtype:trojan-activity;sid:84446671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583040)"; flow:established,from_client; content:"GET"; http_method; content:"/laurenxss/42429a19c72b875b93608f8cb0cab933/raw/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583040/; classtype:trojan-activity;sid:84446140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582266)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.132.131.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_13; reference:url, urlhaus.abuse.ch/url/3582266/; classtype:trojan-activity;sid:84445366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582069)"; flow:established,from_client; content:"GET"; http_method; content:"/red.mp4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.frontier.net.pk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582069/; classtype:trojan-activity;sid:84445169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582066)"; flow:established,from_client; content:"GET"; http_method; content:"/green.mp4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.frontier.net.pk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582066/; classtype:trojan-activity;sid:84445166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582035)"; flow:established,from_client; content:"GET"; http_method; content:"/darkcyan-fa1d3_install.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"dansorium.gr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582035/; classtype:trojan-activity;sid:84445135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581711)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.108.63.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3581711/; classtype:trojan-activity;sid:84444811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.47.176.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3581695/; classtype:trojan-activity;sid:84444795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.211.101.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3581699/; classtype:trojan-activity;sid:84444799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3581440)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.5.176"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3581440/; classtype:trojan-activity;sid:84444540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580943)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/scink.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580943/; classtype:trojan-activity;sid:84444043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580925)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.25.148"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580925/; classtype:trojan-activity;sid:84444025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580902/; classtype:trojan-activity;sid:84444002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580896/; classtype:trojan-activity;sid:84443996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.240.70.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580881/; classtype:trojan-activity;sid:84443981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580863)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.96.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580863/; classtype:trojan-activity;sid:84443963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580861)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580861/; classtype:trojan-activity;sid:84443961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3579954)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.232.114.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_10; reference:url, urlhaus.abuse.ch/url/3579954/; classtype:trojan-activity;sid:84443054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3579459)"; flow:established,from_client; content:"GET"; http_method; content:"/test.jpg|3f|137113"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"bafybeidvf6tytrspkd4wnvxzs23m3kjr6bfvgszbfwybmmcosl4rrhvuo4.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2025_07_09; reference:url, urlhaus.abuse.ch/url/3579459/; classtype:trojan-activity;sid:84442559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3578386)"; flow:established,from_client; content:"GET"; http_method; content:"/invisiblebunny/records/main/bunny-mini/mini.shell.php"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_07; reference:url, urlhaus.abuse.ch/url/3578386/; classtype:trojan-activity;sid:84441486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3578385)"; flow:established,from_client; content:"GET"; http_method; content:"/ly4k/pwnkit/main/pwnkit"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_07; reference:url, urlhaus.abuse.ch/url/3578385/; classtype:trojan-activity;sid:84441485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577299)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_06; reference:url, urlhaus.abuse.ch/url/3577299/; classtype:trojan-activity;sid:84440399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"145.255.210.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_06; reference:url, urlhaus.abuse.ch/url/3577298/; classtype:trojan-activity;sid:84440398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.229.218.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_06; reference:url, urlhaus.abuse.ch/url/3577188/; classtype:trojan-activity;sid:84440288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577021)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577021/; classtype:trojan-activity;sid:84440121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577019)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577019/; classtype:trojan-activity;sid:84440119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577020)"; flow:established,from_client; content:"GET"; http_method; content:"/1/av.lnk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577020/; classtype:trojan-activity;sid:84440120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577008)"; flow:established,from_client; content:"GET"; http_method; content:"/1/video.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577008/; classtype:trojan-activity;sid:84440108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577009)"; flow:established,from_client; content:"GET"; http_method; content:"/1/photo.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577009/; classtype:trojan-activity;sid:84440109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576996)"; flow:established,from_client; content:"GET"; http_method; content:"/1/av.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576996/; classtype:trojan-activity;sid:84440096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576990)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576990/; classtype:trojan-activity;sid:84440090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576991)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576991/; classtype:trojan-activity;sid:84440091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576992)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576992/; classtype:trojan-activity;sid:84440092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576993)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576993/; classtype:trojan-activity;sid:84440093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576994)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576994/; classtype:trojan-activity;sid:84440094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576995)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576995/; classtype:trojan-activity;sid:84440095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576988)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576988/; classtype:trojan-activity;sid:84440088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576989)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576989/; classtype:trojan-activity;sid:84440089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576987)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576987/; classtype:trojan-activity;sid:84440087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576981)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576981/; classtype:trojan-activity;sid:84440081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576982)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576982/; classtype:trojan-activity;sid:84440082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576983)"; flow:established,from_client; content:"GET"; http_method; content:"/1/video.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576983/; classtype:trojan-activity;sid:84440083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576984)"; flow:established,from_client; content:"GET"; http_method; content:"/1/photo.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576984/; classtype:trojan-activity;sid:84440084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576985)"; flow:established,from_client; content:"GET"; http_method; content:"/1/info.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576985/; classtype:trojan-activity;sid:84440085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576986)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576986/; classtype:trojan-activity;sid:84440086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576908)"; flow:established,from_client; content:"GET"; http_method; content:"/%e9%9b%aa%e8%8a%b1%e8%bf%9c%e7%a8%8b%e7%89%88%e6%96%b0.apk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"42.51.49.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576908/; classtype:trojan-activity;sid:84440008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576885)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.212.166.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576885/; classtype:trojan-activity;sid:84439985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576851)"; flow:established,from_client; content:"GET"; http_method; content:"/conf.ini"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576851/; classtype:trojan-activity;sid:84439951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576804)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-linux-elf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576804/; classtype:trojan-activity;sid:84439904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576743)"; flow:established,from_client; content:"GET"; http_method; content:"/999.html"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576743/; classtype:trojan-activity;sid:84439843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576728)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-doc.doc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576728/; classtype:trojan-activity;sid:84439828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576670)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-exe.exe.000"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576670/; classtype:trojan-activity;sid:84439770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576676)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-excel.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576676/; classtype:trojan-activity;sid:84439776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576384)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576384/; classtype:trojan-activity;sid:84439484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576359)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.60.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576359/; classtype:trojan-activity;sid:84439459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575978)"; flow:established,from_client; content:"GET"; http_method; content:"/allbnc.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575978/; classtype:trojan-activity;sid:84439078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575979)"; flow:established,from_client; content:"GET"; http_method; content:"/auto.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575979/; classtype:trojan-activity;sid:84439079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575971)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575971/; classtype:trojan-activity;sid:84439071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575961)"; flow:established,from_client; content:"GET"; http_method; content:"/asp.gif"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575961/; classtype:trojan-activity;sid:84439061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575928)"; flow:established,from_client; content:"GET"; http_method; content:"/ekaspx.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575928/; classtype:trojan-activity;sid:84439028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575923)"; flow:established,from_client; content:"GET"; http_method; content:"/mshell.elf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575923/; classtype:trojan-activity;sid:84439023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575924)"; flow:established,from_client; content:"GET"; http_method; content:"/shfrpc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575924/; classtype:trojan-activity;sid:84439024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575907)"; flow:established,from_client; content:"GET"; http_method; content:"/svchos.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575907/; classtype:trojan-activity;sid:84439007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575900)"; flow:established,from_client; content:"GET"; http_method; content:"/xxx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"14.225.238.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575900/; classtype:trojan-activity;sid:84439000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575892)"; flow:established,from_client; content:"GET"; http_method; content:"/cata2.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.253.75.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575892/; classtype:trojan-activity;sid:84438992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575891)"; flow:established,from_client; content:"GET"; http_method; content:"/ek.jspx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575891/; classtype:trojan-activity;sid:84438991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575870)"; flow:established,from_client; content:"GET"; http_method; content:"/ek.jsp"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.165.81.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575870/; classtype:trojan-activity;sid:84438970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575824)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"145.255.210.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575824/; classtype:trojan-activity;sid:84438924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575355)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/main/shaman.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575355/; classtype:trojan-activity;sid:84438455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575354)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/raw/main/update0.bat"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575354/; classtype:trojan-activity;sid:84438454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.80.246.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_03; reference:url, urlhaus.abuse.ch/url/3575022/; classtype:trojan-activity;sid:84438122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.253.237.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_03; reference:url, urlhaus.abuse.ch/url/3575012/; classtype:trojan-activity;sid:84438112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3574027)"; flow:established,from_client; content:"GET"; http_method; content:"/7030.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ecs-124-70-158-53.compute.hwclouds-dns.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3574027/; classtype:trojan-activity;sid:84437127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573965)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573965/; classtype:trojan-activity;sid:84437065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573963)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"110.227.197.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573963/; classtype:trojan-activity;sid:84437063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573362)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.226.212.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573362/; classtype:trojan-activity;sid:84436462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573133)"; flow:established,from_client; content:"GET"; http_method; content:"/dourvsity187.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"iiiconstruction.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573133/; classtype:trojan-activity;sid:84436233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573084)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_134.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lomejordesalamanca.es"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573084/; classtype:trojan-activity;sid:84436184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572729)"; flow:established,from_client; content:"GET"; http_method; content:"/3/2.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hotellacastellana.com.uy"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572729/; classtype:trojan-activity;sid:84435829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572728)"; flow:established,from_client; content:"GET"; http_method; content:"/3/1.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hotellacastellana.com.uy"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572728/; classtype:trojan-activity;sid:84435828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572341)"; flow:established,from_client; content:"GET"; http_method; content:"/ghostgera/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"intelligentopennetworkingawards.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572341/; classtype:trojan-activity;sid:84435441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572294)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.142.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572294/; classtype:trojan-activity;sid:84435394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571969/; classtype:trojan-activity;sid:84435069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.229.218.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571844/; classtype:trojan-activity;sid:84434944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.91.153.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571790/; classtype:trojan-activity;sid:84434890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571573)"; flow:established,from_client; content:"GET"; http_method; content:"/0rknrw2j/jru8j.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"i.ibb.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571573/; classtype:trojan-activity;sid:84434673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571424)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f.dof"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"checkinetverifk.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571424/; classtype:trojan-activity;sid:84434524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571276)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.122.1.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_29; reference:url, urlhaus.abuse.ch/url/3571276/; classtype:trojan-activity;sid:84434376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.19.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_28; reference:url, urlhaus.abuse.ch/url/3571094/; classtype:trojan-activity;sid:84434194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.38.184.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_27; reference:url, urlhaus.abuse.ch/url/3570840/; classtype:trojan-activity;sid:84433940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.102.100.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_27; reference:url, urlhaus.abuse.ch/url/3570832/; classtype:trojan-activity;sid:84433932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.120.203.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_26; reference:url, urlhaus.abuse.ch/url/3570433/; classtype:trojan-activity;sid:84433533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570196)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.93.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570196/; classtype:trojan-activity;sid:84433296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570170)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.73.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570170/; classtype:trojan-activity;sid:84433270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570158)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570158/; classtype:trojan-activity;sid:84433258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569817)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.57.30.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569817/; classtype:trojan-activity;sid:84432917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569802/; classtype:trojan-activity;sid:84432902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569803)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569803/; classtype:trojan-activity;sid:84432903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569657)"; flow:established,from_client; content:"GET"; http_method; content:"/juancamilo1914/youtube-mp3-converter/releases/download/buprestidan/youtube.mp3.converter.v1.0.0.-.buprestidan.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_23; reference:url, urlhaus.abuse.ch/url/3569657/; classtype:trojan-activity;sid:84432757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569549)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.204.103.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_23; reference:url, urlhaus.abuse.ch/url/3569549/; classtype:trojan-activity;sid:84432649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569208)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.222.31.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_22; reference:url, urlhaus.abuse.ch/url/3569208/; classtype:trojan-activity;sid:84432308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569182)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.94.92.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_22; reference:url, urlhaus.abuse.ch/url/3569182/; classtype:trojan-activity;sid:84432282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568977)"; flow:established,from_client; content:"GET"; http_method; content:"/aminer.gz"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568977/; classtype:trojan-activity;sid:84432077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568976)"; flow:established,from_client; content:"GET"; http_method; content:"/install.tgz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568976/; classtype:trojan-activity;sid:84432076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.132.152.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568343/; classtype:trojan-activity;sid:84431443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568238)"; flow:established,from_client; content:"GET"; http_method; content:"/new_image.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568238/; classtype:trojan-activity;sid:84431338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568230)"; flow:established,from_client; content:"GET"; http_method; content:"/js/new_image.jpg"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568230/; classtype:trojan-activity;sid:84431330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568176)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/gv-cu/main/ud.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568176/; classtype:trojan-activity;sid:84431276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568162)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/gv-cu/raw/main/ud.png"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568162/; classtype:trojan-activity;sid:84431262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568006)"; flow:established,from_client; content:"GET"; http_method; content:"/xl.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mundocarnes.cl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3568006/; classtype:trojan-activity;sid:84431106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567771)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567771/; classtype:trojan-activity;sid:84430871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567713)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567713/; classtype:trojan-activity;sid:84430813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567113)"; flow:established,from_client; content:"GET"; http_method; content:"/gdbftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567113/; classtype:trojan-activity;sid:84430213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3567037)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3567037/; classtype:trojan-activity;sid:84430137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566930)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566930/; classtype:trojan-activity;sid:84430030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566706)"; flow:established,from_client; content:"GET"; http_method; content:"/ramon/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566706/; classtype:trojan-activity;sid:84429806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566351)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566351/; classtype:trojan-activity;sid:84429451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566263)"; flow:established,from_client; content:"GET"; http_method; content:"/install/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566263/; classtype:trojan-activity;sid:84429363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3566015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/02/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3566015/; classtype:trojan-activity;sid:84429115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565839/; classtype:trojan-activity;sid:84428939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565410)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/itempicture/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565410/; classtype:trojan-activity;sid:84428510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565409)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/video.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565409/; classtype:trojan-activity;sid:84428509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565407)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/itempicture/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565407/; classtype:trojan-activity;sid:84428507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565408)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/video.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565408/; classtype:trojan-activity;sid:84428508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565402)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/video.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565402/; classtype:trojan-activity;sid:84428502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565403)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565403/; classtype:trojan-activity;sid:84428503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565404)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565404/; classtype:trojan-activity;sid:84428504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565405)"; flow:established,from_client; content:"GET"; http_method; content:"/program/photo.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565405/; classtype:trojan-activity;sid:84428505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565399)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565399/; classtype:trojan-activity;sid:84428499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565400)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/photo.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565400/; classtype:trojan-activity;sid:84428500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565393)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565393/; classtype:trojan-activity;sid:84428493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565394)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/photo.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565394/; classtype:trojan-activity;sid:84428494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565395)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565395/; classtype:trojan-activity;sid:84428495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565390)"; flow:established,from_client; content:"GET"; http_method; content:"/program/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565390/; classtype:trojan-activity;sid:84428490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565364)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565364/; classtype:trojan-activity;sid:84428464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565343)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/itempicture/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565343/; classtype:trojan-activity;sid:84428443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565344)"; flow:established,from_client; content:"GET"; http_method; content:"/program/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565344/; classtype:trojan-activity;sid:84428444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565352)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/av.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565352/; classtype:trojan-activity;sid:84428452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565355)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565355/; classtype:trojan-activity;sid:84428455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565357)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/video.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565357/; classtype:trojan-activity;sid:84428457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565331)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565331/; classtype:trojan-activity;sid:84428431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565333)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565333/; classtype:trojan-activity;sid:84428433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565337)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565337/; classtype:trojan-activity;sid:84428437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565338)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/av.scr"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565338/; classtype:trojan-activity;sid:84428438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565339)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/photo.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565339/; classtype:trojan-activity;sid:84428439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565340)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565340/; classtype:trojan-activity;sid:84428440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565341)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565341/; classtype:trojan-activity;sid:84428441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565329)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/video.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565329/; classtype:trojan-activity;sid:84428429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565319)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/av.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565319/; classtype:trojan-activity;sid:84428419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565311)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565311/; classtype:trojan-activity;sid:84428411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565312)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565312/; classtype:trojan-activity;sid:84428412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565313)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/av.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565313/; classtype:trojan-activity;sid:84428413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565314)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565314/; classtype:trojan-activity;sid:84428414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565315)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565315/; classtype:trojan-activity;sid:84428415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565316)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/av.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565316/; classtype:trojan-activity;sid:84428416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565317)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565317/; classtype:trojan-activity;sid:84428417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565288)"; flow:established,from_client; content:"GET"; http_method; content:"/agent2b_web_6.05.030/instalador%20corevision/disk1/setup.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565288/; classtype:trojan-activity;sid:84428388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565286)"; flow:established,from_client; content:"GET"; http_method; content:"/database/setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565286/; classtype:trojan-activity;sid:84428386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565283)"; flow:established,from_client; content:"GET"; http_method; content:"/images/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565283/; classtype:trojan-activity;sid:84428383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565284)"; flow:established,from_client; content:"GET"; http_method; content:"/svg/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565284/; classtype:trojan-activity;sid:84428384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565285)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565285/; classtype:trojan-activity;sid:84428385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565282)"; flow:established,from_client; content:"GET"; http_method; content:"/agent2b_web_6.05.030/instalador%20completo/disk1/setup.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565282/; classtype:trojan-activity;sid:84428382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565281)"; flow:established,from_client; content:"GET"; http_method; content:"/client/setup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"201.16.194.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565281/; classtype:trojan-activity;sid:84428381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565262)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/dao/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565262/; classtype:trojan-activity;sid:84428362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565260)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/badmail/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565260/; classtype:trojan-activity;sid:84428360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565261/; classtype:trojan-activity;sid:84428361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565259/; classtype:trojan-activity;sid:84428359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565258)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565258/; classtype:trojan-activity;sid:84428358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565257/; classtype:trojan-activity;sid:84428357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565256)"; flow:established,from_client; content:"GET"; http_method; content:"/bkp/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565256/; classtype:trojan-activity;sid:84428356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565255)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/queue/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565255/; classtype:trojan-activity;sid:84428355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565254)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565254/; classtype:trojan-activity;sid:84428354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565253)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/drop/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565253/; classtype:trojan-activity;sid:84428353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565252)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565252/; classtype:trojan-activity;sid:84428352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565249)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/pickup/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565249/; classtype:trojan-activity;sid:84428349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565244)"; flow:established,from_client; content:"GET"; http_method; content:"/h4lud3ae/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565244/; classtype:trojan-activity;sid:84428344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565245)"; flow:established,from_client; content:"GET"; http_method; content:"/install/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565245/; classtype:trojan-activity;sid:84428345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565246/; classtype:trojan-activity;sid:84428346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565243)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/pdf/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565243/; classtype:trojan-activity;sid:84428343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565230/; classtype:trojan-activity;sid:84428330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565236)"; flow:established,from_client; content:"GET"; http_method; content:"/idi/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565236/; classtype:trojan-activity;sid:84428336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565239/; classtype:trojan-activity;sid:84428339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565240)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/idi/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565240/; classtype:trojan-activity;sid:84428340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565241)"; flow:established,from_client; content:"GET"; http_method; content:"/gdbftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565241/; classtype:trojan-activity;sid:84428341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565091)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/cksy/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565091/; classtype:trojan-activity;sid:84428191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565090)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/service/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565090/; classtype:trojan-activity;sid:84428190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565089)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/rgsy/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565089/; classtype:trojan-activity;sid:84428189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565088)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565088/; classtype:trojan-activity;sid:84428188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565087)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/entity/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565087/; classtype:trojan-activity;sid:84428187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565085)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565085/; classtype:trojan-activity;sid:84428185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565086)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565086/; classtype:trojan-activity;sid:84428186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565084)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565084/; classtype:trojan-activity;sid:84428184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565083)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/entity/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565083/; classtype:trojan-activity;sid:84428183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565082)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/constrant/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565082/; classtype:trojan-activity;sid:84428182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565081)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565081/; classtype:trojan-activity;sid:84428181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565080)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565080/; classtype:trojan-activity;sid:84428180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565079)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565079/; classtype:trojan-activity;sid:84428179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565078)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/log/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565078/; classtype:trojan-activity;sid:84428178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565077)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565077/; classtype:trojan-activity;sid:84428177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565076)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/chkptwss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565076/; classtype:trojan-activity;sid:84428176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565075)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/new/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565075/; classtype:trojan-activity;sid:84428175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565074)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565074/; classtype:trojan-activity;sid:84428174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565073)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/photoset/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565073/; classtype:trojan-activity;sid:84428173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565072)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/templete/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565072/; classtype:trojan-activity;sid:84428172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565071)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/service/impl/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565071/; classtype:trojan-activity;sid:84428171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565070)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/action/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565070/; classtype:trojan-activity;sid:84428170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565069)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/vehiclereview/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565069/; classtype:trojan-activity;sid:84428169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565068)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565068/; classtype:trojan-activity;sid:84428168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565066)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css1/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565066/; classtype:trojan-activity;sid:84428166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565067)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/base/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565067/; classtype:trojan-activity;sid:84428167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565065)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/zbawss/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565065/; classtype:trojan-activity;sid:84428165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565064)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/entity/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565064/; classtype:trojan-activity;sid:84428164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565062)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565062/; classtype:trojan-activity;sid:84428162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565063)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/dto/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565063/; classtype:trojan-activity;sid:84428163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565061)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/service/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565061/; classtype:trojan-activity;sid:84428161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565060)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/apache/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565060/; classtype:trojan-activity;sid:84428160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565059)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/templete/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565059/; classtype:trojan-activity;sid:84428159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565057)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/photo/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565057/; classtype:trojan-activity;sid:84428157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565058)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565058/; classtype:trojan-activity;sid:84428158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565056)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/entity/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565056/; classtype:trojan-activity;sid:84428156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565054)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565054/; classtype:trojan-activity;sid:84428154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565049)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/service/impl/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565049/; classtype:trojan-activity;sid:84428149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565050)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/localxml.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565050/; classtype:trojan-activity;sid:84428150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565051)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565051/; classtype:trojan-activity;sid:84428151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565048)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565048/; classtype:trojan-activity;sid:84428148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565044)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/action/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565044/; classtype:trojan-activity;sid:84428144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565043)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/entity/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565043/; classtype:trojan-activity;sid:84428143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565040)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/servacpt/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565040/; classtype:trojan-activity;sid:84428140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565035)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/temp/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565035/; classtype:trojan-activity;sid:84428135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565034)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565034/; classtype:trojan-activity;sid:84428134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565030)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/action/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565030/; classtype:trojan-activity;sid:84428130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565029)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565029/; classtype:trojan-activity;sid:84428129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565024)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565024/; classtype:trojan-activity;sid:84428124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565017)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/client/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565017/; classtype:trojan-activity;sid:84428117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565018)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565018/; classtype:trojan-activity;sid:84428118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565016)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565016/; classtype:trojan-activity;sid:84428116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565015)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565015/; classtype:trojan-activity;sid:84428115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565014)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/dao/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565014/; classtype:trojan-activity;sid:84428114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565008)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/interceptor/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565008/; classtype:trojan-activity;sid:84428108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565009)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/plugin/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565009/; classtype:trojan-activity;sid:84428109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565010)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/dto/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565010/; classtype:trojan-activity;sid:84428110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565011)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565011/; classtype:trojan-activity;sid:84428111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565004)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565004/; classtype:trojan-activity;sid:84428104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565001)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565001/; classtype:trojan-activity;sid:84428101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564999)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dto/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564999/; classtype:trojan-activity;sid:84428099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564992)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/service/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564992/; classtype:trojan-activity;sid:84428092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564993)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/mgr/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564993/; classtype:trojan-activity;sid:84428093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564990)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/visitwss/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564990/; classtype:trojan-activity;sid:84428090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564988)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564988/; classtype:trojan-activity;sid:84428088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564986)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/wss/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564986/; classtype:trojan-activity;sid:84428086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564985)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/pdawss/dto/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564985/; classtype:trojan-activity;sid:84428085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564984)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564984/; classtype:trojan-activity;sid:84428084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564983)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564983/; classtype:trojan-activity;sid:84428083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564980)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/exception/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564980/; classtype:trojan-activity;sid:84428080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564979)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564979/; classtype:trojan-activity;sid:84428079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564977)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564977/; classtype:trojan-activity;sid:84428077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564975)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564975/; classtype:trojan-activity;sid:84428075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564976)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564976/; classtype:trojan-activity;sid:84428076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564974)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/service/impl/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564974/; classtype:trojan-activity;sid:84428074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564972)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564972/; classtype:trojan-activity;sid:84428072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564971)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/localxml.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564971/; classtype:trojan-activity;sid:84428071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564969)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564969/; classtype:trojan-activity;sid:84428069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564968)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/service/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564968/; classtype:trojan-activity;sid:84428068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564966)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/rgsy/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564966/; classtype:trojan-activity;sid:84428066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564965)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/dao/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564965/; classtype:trojan-activity;sid:84428065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564964)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564964/; classtype:trojan-activity;sid:84428064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564960)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564960/; classtype:trojan-activity;sid:84428060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564961)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564961/; classtype:trojan-activity;sid:84428061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564958)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dto/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564958/; classtype:trojan-activity;sid:84428058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564957)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/action/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564957/; classtype:trojan-activity;sid:84428057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564956)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/conf/catalina/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564956/; classtype:trojan-activity;sid:84428056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564953)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564953/; classtype:trojan-activity;sid:84428053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564948)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/service/impl/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564948/; classtype:trojan-activity;sid:84428048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564949)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564949/; classtype:trojan-activity;sid:84428049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564944)"; flow:established,from_client; content:"GET"; http_method; content:"/2345downloads/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564944/; classtype:trojan-activity;sid:84428044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564937)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/lib/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564937/; classtype:trojan-activity;sid:84428037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564938)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564938/; classtype:trojan-activity;sid:84428038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564939)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/service/impl/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564939/; classtype:trojan-activity;sid:84428039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564940)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/record/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564940/; classtype:trojan-activity;sid:84428040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564935)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564935/; classtype:trojan-activity;sid:84428035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564936)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564936/; classtype:trojan-activity;sid:84428036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564931)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/mgr/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564931/; classtype:trojan-activity;sid:84428031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564927)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/nvrsetting/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564927/; classtype:trojan-activity;sid:84428027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564925)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css1/_notes/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564925/; classtype:trojan-activity;sid:84428025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564926)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/rgsy/system/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564926/; classtype:trojan-activity;sid:84428026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564924)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564924/; classtype:trojan-activity;sid:84428024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564920)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/base/dto/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564920/; classtype:trojan-activity;sid:84428020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564908)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/web/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564908/; classtype:trojan-activity;sid:84428008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564909)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564909/; classtype:trojan-activity;sid:84428009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564906)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/lib/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564906/; classtype:trojan-activity;sid:84428006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564903)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/base/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564903/; classtype:trojan-activity;sid:84428003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564902)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/unusual/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564902/; classtype:trojan-activity;sid:84428002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564900)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564900/; classtype:trojan-activity;sid:84428000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564899)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/pub/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564899/; classtype:trojan-activity;sid:84427999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564898)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564898/; classtype:trojan-activity;sid:84427998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564895)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/cyzpdytemp/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564895/; classtype:trojan-activity;sid:84427995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564896)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/systemset/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564896/; classtype:trojan-activity;sid:84427996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564893)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/viewwss/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564893/; classtype:trojan-activity;sid:84427993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564894)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/util/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564894/; classtype:trojan-activity;sid:84427994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564892)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/wss/util/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564892/; classtype:trojan-activity;sid:84427992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564888)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564888/; classtype:trojan-activity;sid:84427988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564889)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/util/nvr/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564889/; classtype:trojan-activity;sid:84427989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564882)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564882/; classtype:trojan-activity;sid:84427982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564883)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/cksy/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564883/; classtype:trojan-activity;sid:84427983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564881)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564881/; classtype:trojan-activity;sid:84427981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564878)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/bin/tomcat8.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564878/; classtype:trojan-activity;sid:84427978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564876)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564876/; classtype:trojan-activity;sid:84427976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564874)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564874/; classtype:trojan-activity;sid:84427974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564871)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/dao/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564871/; classtype:trojan-activity;sid:84427971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564866)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564866/; classtype:trojan-activity;sid:84427966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564861)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/action/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564861/; classtype:trojan-activity;sid:84427961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564862)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564862/; classtype:trojan-activity;sid:84427962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564863)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/dto/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564863/; classtype:trojan-activity;sid:84427963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564858)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/vehicleinformation/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564858/; classtype:trojan-activity;sid:84427958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564859)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/logs/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564859/; classtype:trojan-activity;sid:84427959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564855)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/entity/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564855/; classtype:trojan-activity;sid:84427955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564852)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/entity/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564852/; classtype:trojan-activity;sid:84427952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564850)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564850/; classtype:trojan-activity;sid:84427950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564849)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564849/; classtype:trojan-activity;sid:84427949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564847)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/excel/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564847/; classtype:trojan-activity;sid:84427947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564845)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/service/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564845/; classtype:trojan-activity;sid:84427945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564844)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/szclient/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564844/; classtype:trojan-activity;sid:84427944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564838)"; flow:established,from_client; content:"GET"; http_method; content:"/futai/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564838/; classtype:trojan-activity;sid:84427938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564839)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564839/; classtype:trojan-activity;sid:84427939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564832)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/service/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564832/; classtype:trojan-activity;sid:84427932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564819)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564819/; classtype:trojan-activity;sid:84427919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564820)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564820/; classtype:trojan-activity;sid:84427920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564821)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/dto/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564821/; classtype:trojan-activity;sid:84427921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564822)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/service/impl/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564822/; classtype:trojan-activity;sid:84427922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564823)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564823/; classtype:trojan-activity;sid:84427923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564809)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/jurisdict/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564809/; classtype:trojan-activity;sid:84427909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564810)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/service/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564810/; classtype:trojan-activity;sid:84427910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564812)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/exception/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564812/; classtype:trojan-activity;sid:84427912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564807)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/hcnetsdkcom/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564807/; classtype:trojan-activity;sid:84427907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564808)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564808/; classtype:trojan-activity;sid:84427908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564804)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/dao/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564804/; classtype:trojan-activity;sid:84427904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564801)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/mgr/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564801/; classtype:trojan-activity;sid:84427901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564800)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564800/; classtype:trojan-activity;sid:84427900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564799)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/pub/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564799/; classtype:trojan-activity;sid:84427899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564797)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564797/; classtype:trojan-activity;sid:84427897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564796)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564796/; classtype:trojan-activity;sid:84427896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564794)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564794/; classtype:trojan-activity;sid:84427894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564793)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564793/; classtype:trojan-activity;sid:84427893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564791)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/hcnetsdkcom/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564791/; classtype:trojan-activity;sid:84427891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564787)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564787/; classtype:trojan-activity;sid:84427887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564785)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/pub/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564785/; classtype:trojan-activity;sid:84427885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564783)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/service/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564783/; classtype:trojan-activity;sid:84427883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564784)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564784/; classtype:trojan-activity;sid:84427884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564781)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564781/; classtype:trojan-activity;sid:84427881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564782)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/js/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564782/; classtype:trojan-activity;sid:84427882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564780)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564780/; classtype:trojan-activity;sid:84427880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564778)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/web/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564778/; classtype:trojan-activity;sid:84427878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564777)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/base/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564777/; classtype:trojan-activity;sid:84427877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564776)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/dto/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564776/; classtype:trojan-activity;sid:84427876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564769)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564769/; classtype:trojan-activity;sid:84427869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564770)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/meta-inf/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564770/; classtype:trojan-activity;sid:84427870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564771)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/wss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564771/; classtype:trojan-activity;sid:84427871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564766)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/apache/jsp/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564766/; classtype:trojan-activity;sid:84427866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564761)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/nvr/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564761/; classtype:trojan-activity;sid:84427861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564760)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/web/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564760/; classtype:trojan-activity;sid:84427860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564755)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/meta-inf/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564755/; classtype:trojan-activity;sid:84427855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564756)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564756/; classtype:trojan-activity;sid:84427856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564757)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/conf/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564757/; classtype:trojan-activity;sid:84427857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564753)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/mgr/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564753/; classtype:trojan-activity;sid:84427853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564752)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/action/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564752/; classtype:trojan-activity;sid:84427852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564749)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564749/; classtype:trojan-activity;sid:84427849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564748)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564748/; classtype:trojan-activity;sid:84427848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564747)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dto/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564747/; classtype:trojan-activity;sid:84427847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564746)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564746/; classtype:trojan-activity;sid:84427846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564743)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/mgr/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564743/; classtype:trojan-activity;sid:84427843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564739)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/service/impl/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564739/; classtype:trojan-activity;sid:84427839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564740)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/chkptwss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564740/; classtype:trojan-activity;sid:84427840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564737)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/action/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564737/; classtype:trojan-activity;sid:84427837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564734)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/exception/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564734/; classtype:trojan-activity;sid:84427834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564735)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564735/; classtype:trojan-activity;sid:84427835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564736)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564736/; classtype:trojan-activity;sid:84427836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564731)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564731/; classtype:trojan-activity;sid:84427831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564726)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/download/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564726/; classtype:trojan-activity;sid:84427826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564724)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564724/; classtype:trojan-activity;sid:84427824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564725)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564725/; classtype:trojan-activity;sid:84427825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564720)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/controller/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564720/; classtype:trojan-activity;sid:84427820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564717)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564717/; classtype:trojan-activity;sid:84427817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564718)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564718/; classtype:trojan-activity;sid:84427818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564715)"; flow:established,from_client; content:"GET"; http_method; content:"/xinheyuan/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564715/; classtype:trojan-activity;sid:84427815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564713)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dao/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564713/; classtype:trojan-activity;sid:84427813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564711)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/dao/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564711/; classtype:trojan-activity;sid:84427811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564706)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/mgr/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564706/; classtype:trojan-activity;sid:84427806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564703)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564703/; classtype:trojan-activity;sid:84427803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564704)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/service/impl/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564704/; classtype:trojan-activity;sid:84427804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564700)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/mgr/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564700/; classtype:trojan-activity;sid:84427800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564697)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dao/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564697/; classtype:trojan-activity;sid:84427797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564693)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564693/; classtype:trojan-activity;sid:84427793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564694)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/icons/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564694/; classtype:trojan-activity;sid:84427794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564685)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564685/; classtype:trojan-activity;sid:84427785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564686)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564686/; classtype:trojan-activity;sid:84427786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564687)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/service/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564687/; classtype:trojan-activity;sid:84427787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564681)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/mgr/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564681/; classtype:trojan-activity;sid:84427781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564682)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564682/; classtype:trojan-activity;sid:84427782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564675)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/lib/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564675/; classtype:trojan-activity;sid:84427775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564674)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564674/; classtype:trojan-activity;sid:84427774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564673)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/bin/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564673/; classtype:trojan-activity;sid:84427773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564672)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/dao/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564672/; classtype:trojan-activity;sid:84427772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564671)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/entity/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564671/; classtype:trojan-activity;sid:84427771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564669)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564669/; classtype:trojan-activity;sid:84427769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564670)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/service/impl/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564670/; classtype:trojan-activity;sid:84427770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564666)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/utils/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564666/; classtype:trojan-activity;sid:84427766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564667)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/dao/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564667/; classtype:trojan-activity;sid:84427767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564665)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564665/; classtype:trojan-activity;sid:84427765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564659)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/service/impl/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564659/; classtype:trojan-activity;sid:84427759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564660)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/spotckeck/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564660/; classtype:trojan-activity;sid:84427760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564653)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/entity/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564653/; classtype:trojan-activity;sid:84427753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564654)"; flow:established,from_client; content:"GET"; http_method; content:"/hengsheng/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564654/; classtype:trojan-activity;sid:84427754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564655)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564655/; classtype:trojan-activity;sid:84427755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564648)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/service/impl/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564648/; classtype:trojan-activity;sid:84427748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564644)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564644/; classtype:trojan-activity;sid:84427744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564640)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/base/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564640/; classtype:trojan-activity;sid:84427740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564641)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/dao/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564641/; classtype:trojan-activity;sid:84427741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564636)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/dto/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564636/; classtype:trojan-activity;sid:84427736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564638)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/dao/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564638/; classtype:trojan-activity;sid:84427738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564633)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564633/; classtype:trojan-activity;sid:84427733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564634)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/service/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564634/; classtype:trojan-activity;sid:84427734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564635)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564635/; classtype:trojan-activity;sid:84427735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564630)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/entity/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564630/; classtype:trojan-activity;sid:84427730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564629)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564629/; classtype:trojan-activity;sid:84427729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564620)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564620/; classtype:trojan-activity;sid:84427720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564621)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/service/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564621/; classtype:trojan-activity;sid:84427721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564616)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/web/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564616/; classtype:trojan-activity;sid:84427716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564611)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/web/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564611/; classtype:trojan-activity;sid:84427711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564599)"; flow:established,from_client; content:"GET"; http_method; content:"/guirui/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564599/; classtype:trojan-activity;sid:84427699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564600)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564600/; classtype:trojan-activity;sid:84427700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564601)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564601/; classtype:trojan-activity;sid:84427701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564602)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/action/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564602/; classtype:trojan-activity;sid:84427702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564603)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/action/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564603/; classtype:trojan-activity;sid:84427703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564597)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/dao/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564597/; classtype:trojan-activity;sid:84427697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564598)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564598/; classtype:trojan-activity;sid:84427698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564594)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564594/; classtype:trojan-activity;sid:84427694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564595)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564595/; classtype:trojan-activity;sid:84427695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564596)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/service/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564596/; classtype:trojan-activity;sid:84427696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564593)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/excel/annotation/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564593/; classtype:trojan-activity;sid:84427693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564592)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/service/impl/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564592/; classtype:trojan-activity;sid:84427692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564590)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/dao/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564590/; classtype:trojan-activity;sid:84427690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564583)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/service/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564583/; classtype:trojan-activity;sid:84427683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564584)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%96%b0%e6%96%87%e4%bb%b6%e5%a4%b9%20(2)/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564584/; classtype:trojan-activity;sid:84427684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564585)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564585/; classtype:trojan-activity;sid:84427685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564581)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564581/; classtype:trojan-activity;sid:84427681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564578)"; flow:established,from_client; content:"GET"; http_method; content:"/haohua/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564578/; classtype:trojan-activity;sid:84427678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564577)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/base/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564577/; classtype:trojan-activity;sid:84427677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564576)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/count/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564576/; classtype:trojan-activity;sid:84427676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564574)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564574/; classtype:trojan-activity;sid:84427674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564575)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564575/; classtype:trojan-activity;sid:84427675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564569)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564569/; classtype:trojan-activity;sid:84427669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564568)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/service/impl/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564568/; classtype:trojan-activity;sid:84427668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564566)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/rgsy/system/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564566/; classtype:trojan-activity;sid:84427666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564565)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/chkpt/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564565/; classtype:trojan-activity;sid:84427665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564563)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564563/; classtype:trojan-activity;sid:84427663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564561)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/controller/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564561/; classtype:trojan-activity;sid:84427661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564562)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564562/; classtype:trojan-activity;sid:84427662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564559)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/entity/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564559/; classtype:trojan-activity;sid:84427659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564554)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/lib/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564554/; classtype:trojan-activity;sid:84427654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564542)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564542/; classtype:trojan-activity;sid:84427642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564543)"; flow:established,from_client; content:"GET"; http_method; content:"/kaifa/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564543/; classtype:trojan-activity;sid:84427643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564544)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dto/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564544/; classtype:trojan-activity;sid:84427644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564545)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564545/; classtype:trojan-activity;sid:84427645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564539)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564539/; classtype:trojan-activity;sid:84427639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564540)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/viewws/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564540/; classtype:trojan-activity;sid:84427640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564541)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/pdawss/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564541/; classtype:trojan-activity;sid:84427641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564538)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/web/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564538/; classtype:trojan-activity;sid:84427638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564534)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564534/; classtype:trojan-activity;sid:84427634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564535)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564535/; classtype:trojan-activity;sid:84427635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564536)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/action/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564536/; classtype:trojan-activity;sid:84427636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564537)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564537/; classtype:trojan-activity;sid:84427637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564527)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564527/; classtype:trojan-activity;sid:84427627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564528)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564528/; classtype:trojan-activity;sid:84427628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564529)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/web/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564529/; classtype:trojan-activity;sid:84427629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564526)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/temp/poifiles/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564526/; classtype:trojan-activity;sid:84427626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564522)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/report/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564522/; classtype:trojan-activity;sid:84427622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564521)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/dao/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564521/; classtype:trojan-activity;sid:84427621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564519)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564519/; classtype:trojan-activity;sid:84427619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564518)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/entity/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564518/; classtype:trojan-activity;sid:84427618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564515)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564515/; classtype:trojan-activity;sid:84427615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564514)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/action/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564514/; classtype:trojan-activity;sid:84427614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564509)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564509/; classtype:trojan-activity;sid:84427609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564500)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564500/; classtype:trojan-activity;sid:84427600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564502)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564502/; classtype:trojan-activity;sid:84427602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564498)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/service/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564498/; classtype:trojan-activity;sid:84427598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564499)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/dept/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564499/; classtype:trojan-activity;sid:84427599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564497)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564497/; classtype:trojan-activity;sid:84427597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563547)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/fonts/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563547/; classtype:trojan-activity;sid:84426647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563546)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/conn/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563546/; classtype:trojan-activity;sid:84426646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563543)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/img001.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563543/; classtype:trojan-activity;sid:84426643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563544)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563544/; classtype:trojan-activity;sid:84426644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563545)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/css/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563545/; classtype:trojan-activity;sid:84426645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563540)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563540/; classtype:trojan-activity;sid:84426640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563541)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/conn/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563541/; classtype:trojan-activity;sid:84426641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563542)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/css/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563542/; classtype:trojan-activity;sid:84426642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563535)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/fonts/img001.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563535/; classtype:trojan-activity;sid:84426635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563536)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/dist/css/img001.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563536/; classtype:trojan-activity;sid:84426636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563539)"; flow:established,from_client; content:"GET"; http_method; content:"/aspjpeg_setup%e5%9b%be%e7%89%87%e5%a4%84%e7%90%86%e7%bb%84%e4%bb%b6/img001.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563539/; classtype:trojan-activity;sid:84426639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563533)"; flow:established,from_client; content:"GET"; http_method; content:"/iis/css/img001.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563533/; classtype:trojan-activity;sid:84426633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563449)"; flow:established,from_client; content:"GET"; http_method; content:"/evil.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.158.33.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563449/; classtype:trojan-activity;sid:84426549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563446)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.206.214.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563446/; classtype:trojan-activity;sid:84426546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563444)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.88.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563444/; classtype:trojan-activity;sid:84426544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563445)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.33.243.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563445/; classtype:trojan-activity;sid:84426545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563441)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.178.174.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563441/; classtype:trojan-activity;sid:84426541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563442)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.178.174.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563442/; classtype:trojan-activity;sid:84426542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563435)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.51.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563435/; classtype:trojan-activity;sid:84426535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563438)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.178.251.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563438/; classtype:trojan-activity;sid:84426538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563439)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.24.81.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563439/; classtype:trojan-activity;sid:84426539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563440)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.78.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563440/; classtype:trojan-activity;sid:84426540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563432)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.193.115.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563432/; classtype:trojan-activity;sid:84426532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563433)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.207.73.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563433/; classtype:trojan-activity;sid:84426533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563429)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.24.81.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563429/; classtype:trojan-activity;sid:84426529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563425)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.51.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563425/; classtype:trojan-activity;sid:84426525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563426)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"123.207.73.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563426/; classtype:trojan-activity;sid:84426526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563427)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.178.251.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563427/; classtype:trojan-activity;sid:84426527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563416)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"124.220.78.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563416/; classtype:trojan-activity;sid:84426516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563417)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"101.33.243.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563417/; classtype:trojan-activity;sid:84426517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563418)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"42.193.115.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563418/; classtype:trojan-activity;sid:84426518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563420)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"123.206.214.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563420/; classtype:trojan-activity;sid:84426520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563424)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.88.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563424/; classtype:trojan-activity;sid:84426524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563388)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563388/; classtype:trojan-activity;sid:84426488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563389)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.178.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563389/; classtype:trojan-activity;sid:84426489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563386)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.242.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563386/; classtype:trojan-activity;sid:84426486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563384)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.55.134.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563384/; classtype:trojan-activity;sid:84426484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563382)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.163.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563382/; classtype:trojan-activity;sid:84426482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563380)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.73.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563380/; classtype:trojan-activity;sid:84426480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563381)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"124.223.73.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563381/; classtype:trojan-activity;sid:84426481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563376)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"129.211.27.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563376/; classtype:trojan-activity;sid:84426476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563374)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"42.194.199.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563374/; classtype:trojan-activity;sid:84426474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563372)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.138.242.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563372/; classtype:trojan-activity;sid:84426472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563373)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563373/; classtype:trojan-activity;sid:84426473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563369)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.172.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563369/; classtype:trojan-activity;sid:84426469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563371)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.52.165.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563371/; classtype:trojan-activity;sid:84426471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563361)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.233.178.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563361/; classtype:trojan-activity;sid:84426461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563363)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.233.172.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563363/; classtype:trojan-activity;sid:84426463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563364)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563364/; classtype:trojan-activity;sid:84426464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563358)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.29.5.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563358/; classtype:trojan-activity;sid:84426458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563360)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.52.183.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563360/; classtype:trojan-activity;sid:84426460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563357)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.211.27.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563357/; classtype:trojan-activity;sid:84426457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563354)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.199.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563354/; classtype:trojan-activity;sid:84426454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563348)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.138.163.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563348/; classtype:trojan-activity;sid:84426448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563349)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81.69.185.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563349/; classtype:trojan-activity;sid:84426449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563345)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.52.165.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563345/; classtype:trojan-activity;sid:84426445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563343)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.69.185.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563343/; classtype:trojan-activity;sid:84426443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563336)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.55.134.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563336/; classtype:trojan-activity;sid:84426436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563329)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.199.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563329/; classtype:trojan-activity;sid:84426429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563320)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563320/; classtype:trojan-activity;sid:84426420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563323)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.52.183.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563323/; classtype:trojan-activity;sid:84426423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563324)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.29.5.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563324/; classtype:trojan-activity;sid:84426424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563326)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.178.112.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563326/; classtype:trojan-activity;sid:84426426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563253)"; flow:established,from_client; content:"GET"; http_method; content:"/gg.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.18.10.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563253/; classtype:trojan-activity;sid:84426353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563080)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/testlnk1.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.159.99.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563080/; classtype:trojan-activity;sid:84426180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.200.149.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563068/; classtype:trojan-activity;sid:84426168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562926)"; flow:established,from_client; content:"GET"; http_method; content:"/mar10/wsgidav/archive/refs/heads/master.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3562926/; classtype:trojan-activity;sid:84426026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562803)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-linux-elf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562803/; classtype:trojan-activity;sid:84425903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562785)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-exe.exe.000"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562785/; classtype:trojan-activity;sid:84425885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562786)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-doc.doc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562786/; classtype:trojan-activity;sid:84425886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562778)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/msglu32.ocx"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562778/; classtype:trojan-activity;sid:84425878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562768)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/energizertrojan-malware.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562768/; classtype:trojan-activity;sid:84425868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562769)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/advnetcfg.ocx"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562769/; classtype:trojan-activity;sid:84425869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562770)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/icecast2_2.0.0_vulnerable.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562770/; classtype:trojan-activity;sid:84425870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562771)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/mssecmgr.ocx"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562771/; classtype:trojan-activity;sid:84425871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562772)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/dnsmasq-2.73rc7.tar.gz"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562772/; classtype:trojan-activity;sid:84425872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562774)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/boot32drv.sys"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562774/; classtype:trojan-activity;sid:84425874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562775)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/energizertrojan-malware.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562775/; classtype:trojan-activity;sid:84425875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562766)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/nteps32.ocx"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562766/; classtype:trojan-activity;sid:84425866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562767)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/dnsmasq-2.73rc7.tar.gz"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562767/; classtype:trojan-activity;sid:84425867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562765)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/icecast2_2.0.0_vulnerable.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562765/; classtype:trojan-activity;sid:84425865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562763)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/ccalc32.sys"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562763/; classtype:trojan-activity;sid:84425863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562757)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp_linux_amd64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"101.43.49.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562757/; classtype:trojan-activity;sid:84425857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562758)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2020-15972/tear-down.js"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"119.28.140.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562758/; classtype:trojan-activity;sid:84425858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562752)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.45.29.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562752/; classtype:trojan-activity;sid:84425852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562747)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.48.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562747/; classtype:trojan-activity;sid:84425847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.232.167.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562728/; classtype:trojan-activity;sid:84425828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.83.229.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562709/; classtype:trojan-activity;sid:84425809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562711)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.167.219.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562711/; classtype:trojan-activity;sid:84425811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.28.31.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562674/; classtype:trojan-activity;sid:84425774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.116.56.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562678/; classtype:trojan-activity;sid:84425778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562662)"; flow:established,from_client; content:"GET"; http_method; content:"/botx.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.247.226.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562662/; classtype:trojan-activity;sid:84425762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562661)"; flow:established,from_client; content:"GET"; http_method; content:"/botx.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.247.226.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562661/; classtype:trojan-activity;sid:84425761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562600)"; flow:established,from_client; content:"GET"; http_method; content:"/zusyaku/malware-collection-part-2/refs/heads/main/666/666.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562600/; classtype:trojan-activity;sid:84425700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562599)"; flow:established,from_client; content:"GET"; http_method; content:"/wp.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562599/; classtype:trojan-activity;sid:84425699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562593)"; flow:established,from_client; content:"GET"; http_method; content:"/platinum.mp4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.modernitgen.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562593/; classtype:trojan-activity;sid:84425693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562404)"; flow:established,from_client; content:"GET"; http_method; content:"/live.lnk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.116.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562404/; classtype:trojan-activity;sid:84425504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562403)"; flow:established,from_client; content:"GET"; http_method; content:"/uat.lnk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562403/; classtype:trojan-activity;sid:84425503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562166)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.237.122.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3562166/; classtype:trojan-activity;sid:84425266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561991)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/releases/download/1.2.4.1/cpuminer-gr-1.2.4.1-x86_64_windows.7z"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561991/; classtype:trojan-activity;sid:84425091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561989)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/archive/refs/tags/1.2.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561989/; classtype:trojan-activity;sid:84425089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561990)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/archive/refs/tags/1.2.4.1.tar.gz"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561990/; classtype:trojan-activity;sid:84425090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561988)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/releases/download/1.2.4.1/cpuminer-gr-1.2.4.1-args-x86_64_linux.tar.gz"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561988/; classtype:trojan-activity;sid:84425088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561860)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1746669868_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.yz.tcdnos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561860/; classtype:trojan-activity;sid:84424960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561859)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747308966_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561859/; classtype:trojan-activity;sid:84424959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561858)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747209335_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561858/; classtype:trojan-activity;sid:84424958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561857)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747732120_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561857/; classtype:trojan-activity;sid:84424957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561856)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747640975_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561856/; classtype:trojan-activity;sid:84424956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561839)"; flow:established,from_client; content:"GET"; http_method; content:"/files/data/drss/drbw.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"124.223.105.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561839/; classtype:trojan-activity;sid:84424939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561730)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-doc.doc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561730/; classtype:trojan-activity;sid:84424830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561731)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-excel.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561731/; classtype:trojan-activity;sid:84424831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561727)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561727/; classtype:trojan-activity;sid:84424827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561729)"; flow:established,from_client; content:"GET"; http_method; content:"/mlwr/mlav-ms-exe.exe.000"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"161.132.50.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561729/; classtype:trojan-activity;sid:84424829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561639)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"123.232.43.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_12; reference:url, urlhaus.abuse.ch/url/3561639/; classtype:trojan-activity;sid:84424739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561267)"; flow:established,from_client; content:"GET"; http_method; content:"/b12c87cb-d08b-43f6-abbd-11e7f745c9c1/orderlist.js"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"ucarecdn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_12; reference:url, urlhaus.abuse.ch/url/3561267/; classtype:trojan-activity;sid:84424367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561086)"; flow:established,from_client; content:"GET"; http_method; content:"/zbsm.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561086/; classtype:trojan-activity;sid:84424186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561082)"; flow:established,from_client; content:"GET"; http_method; content:"/1.jsp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561082/; classtype:trojan-activity;sid:84424182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561083)"; flow:established,from_client; content:"GET"; http_method; content:"/poc.xml"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561083/; classtype:trojan-activity;sid:84424183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560955)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.46.212.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560955/; classtype:trojan-activity;sid:84424055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.88.234.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560938/; classtype:trojan-activity;sid:84424038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560550)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.tar.gz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"14.103.234.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560550/; classtype:trojan-activity;sid:84423650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560546)"; flow:established,from_client; content:"GET"; http_method; content:"/setup_c3pool_miner.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"14.103.234.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560546/; classtype:trojan-activity;sid:84423646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560462)"; flow:established,from_client; content:"GET"; http_method; content:"/setup/terminal.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vip.3a9.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560462/; classtype:trojan-activity;sid:84423562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560460)"; flow:established,from_client; content:"GET"; http_method; content:"/yc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560460/; classtype:trojan-activity;sid:84423560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560453)"; flow:established,from_client; content:"GET"; http_method; content:"/annym1/start/main/dnd.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560453/; classtype:trojan-activity;sid:84423553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560452)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/annabelle.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560452/; classtype:trojan-activity;sid:84423552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560449)"; flow:established,from_client; content:"GET"; http_method; content:"/rzm-crack-team/redline-crack/main/redline-crack-by-rzt.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560449/; classtype:trojan-activity;sid:84423549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560445)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/master/ydrag.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560445/; classtype:trojan-activity;sid:84423545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560439)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/loic/master/loic.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560439/; classtype:trojan-activity;sid:84423539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560434)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/kematian_shellcode.ps1"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560434/; classtype:trojan-activity;sid:84423534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560418)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/cryptowall.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560418/; classtype:trojan-activity;sid:84423518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560419)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/main.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560419/; classtype:trojan-activity;sid:84423519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560422)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/cryptolocker.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560422/; classtype:trojan-activity;sid:84423522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560416)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/prolin.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560416/; classtype:trojan-activity;sid:84423516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560412)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/main.bat"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560412/; classtype:trojan-activity;sid:84423512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560414)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/funbatchcode-malicousandnonmalicous/master/worm.bat"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560414/; classtype:trojan-activity;sid:84423514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560409)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560409/; classtype:trojan-activity;sid:84423509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560410)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflip-op-predictor/main/bloxflip%20predictor.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560410/; classtype:trojan-activity;sid:84423510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560392)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/set-2%20firmware%204.01.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"cegelecinfo.fr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560392/; classtype:trojan-activity;sid:84423492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560386)"; flow:established,from_client; content:"GET"; http_method; content:"/_private/me3_setup.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"me3.ne.jp"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560386/; classtype:trojan-activity;sid:84423486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560385)"; flow:established,from_client; content:"GET"; http_method; content:"/pc/pdfconvert/pdfconverter_p2w154-zx-666.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"download.pdf00.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560385/; classtype:trojan-activity;sid:84423485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rod_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560380/; classtype:trojan-activity;sid:84423480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rmd_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560381/; classtype:trojan-activity;sid:84423481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rxd_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560383/; classtype:trojan-activity;sid:84423483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560299)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560299/; classtype:trojan-activity;sid:84423399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560297)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560297/; classtype:trojan-activity;sid:84423397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560209)"; flow:established,from_client; content:"GET"; http_method; content:"/cybertoxin/remcos-professional-cracked-by-alcatraz3222/raw/master/remcos%20professional%20cracked%20by%20alcatraz3222.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560209/; classtype:trojan-activity;sid:84423309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560034)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560034/; classtype:trojan-activity;sid:84423134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560035)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560035/; classtype:trojan-activity;sid:84423135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560036)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560036/; classtype:trojan-activity;sid:84423136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560037)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560037/; classtype:trojan-activity;sid:84423137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560038)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560038/; classtype:trojan-activity;sid:84423138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560039)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560039/; classtype:trojan-activity;sid:84423139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560040)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560040/; classtype:trojan-activity;sid:84423140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560041)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560041/; classtype:trojan-activity;sid:84423141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560042)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560042/; classtype:trojan-activity;sid:84423142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560043)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"205.185.124.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3560043/; classtype:trojan-activity;sid:84423143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559942)"; flow:established,from_client; content:"GET"; http_method; content:"/866.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pub-1445de8c8aa84761aac5200e0036237d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3559942/; classtype:trojan-activity;sid:84423042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559939)"; flow:established,from_client; content:"GET"; http_method; content:"/%c4%a7%be%a7.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"8.138.182.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3559939/; classtype:trojan-activity;sid:84423039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.97.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_09; reference:url, urlhaus.abuse.ch/url/3559887/; classtype:trojan-activity;sid:84422987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_08; reference:url, urlhaus.abuse.ch/url/3559327/; classtype:trojan-activity;sid:84422427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559217)"; flow:established,from_client; content:"GET"; http_method; content:"/public/update/bmw_v1.7.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"acc.jiangsujiaxue.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559217/; classtype:trojan-activity;sid:84422317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559216)"; flow:established,from_client; content:"GET"; http_method; content:"/classticket.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"class1004.dothome.co.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559216/; classtype:trojan-activity;sid:84422316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559211)"; flow:established,from_client; content:"GET"; http_method; content:"/static/download/teleport-assist-windows.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"58.49.210.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559211/; classtype:trojan-activity;sid:84422311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559208)"; flow:established,from_client; content:"GET"; http_method; content:"/yx/dts/sqft/904576/yx_dts.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d.14yaa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559208/; classtype:trojan-activity;sid:84422308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559206)"; flow:established,from_client; content:"GET"; http_method; content:"/cmd/services.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"43.229.135.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559206/; classtype:trojan-activity;sid:84422306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559123)"; flow:established,from_client; content:"GET"; http_method; content:"/nps.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"118.219.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559123/; classtype:trojan-activity;sid:84422223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559040)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/keystone.dll"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559040/; classtype:trojan-activity;sid:84422140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559037)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/sgn.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559037/; classtype:trojan-activity;sid:84422137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559033)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/bsodlogicbomb.ps1"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559033/; classtype:trojan-activity;sid:84422133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559034)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/powersyringe.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559034/; classtype:trojan-activity;sid:84422134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559022)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/invoke-reflectivepeinjection.ps1"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559022/; classtype:trojan-activity;sid:84422122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559025)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/pe2shc.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559025/; classtype:trojan-activity;sid:84422125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559019)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/encrypted.enc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559019/; classtype:trojan-activity;sid:84422119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559009)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/masquerade-peb.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559009/; classtype:trojan-activity;sid:84422109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559012)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/uacbstartup.ps1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559012/; classtype:trojan-activity;sid:84422112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559014)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/invoke-shellcode-fixed.ps1"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559014/; classtype:trojan-activity;sid:84422114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559015)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/onedoesnotsimplybypassentirewindefender.ps1"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559015/; classtype:trojan-activity;sid:84422115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559005)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/migrate.rb"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559005/; classtype:trojan-activity;sid:84422105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559006)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/base64.rb"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559006/; classtype:trojan-activity;sid:84422106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/bugsoft.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558975/; classtype:trojan-activity;sid:84422075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558976)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/brontok.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558976/; classtype:trojan-activity;sid:84422076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558977)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/banking-malware/zloader.xlsm"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558977/; classtype:trojan-activity;sid:84422077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558973)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/anap.a.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558973/; classtype:trojan-activity;sid:84422073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558974)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/axam.a.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558974/; classtype:trojan-activity;sid:84422074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558966)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/banking-malware/emotet.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558966/; classtype:trojan-activity;sid:84422066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558967)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/amus.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558967/; classtype:trojan-activity;sid:84422067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558969)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/rickware/master/rickroll.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558969/; classtype:trojan-activity;sid:84422069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558659)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.115.236.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558659/; classtype:trojan-activity;sid:84421759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558646)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.32.251.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558646/; classtype:trojan-activity;sid:84421746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.73.64.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558634/; classtype:trojan-activity;sid:84421734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.26.97.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558602/; classtype:trojan-activity;sid:84421702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558504)"; flow:established,from_client; content:"GET"; http_method; content:"/1.dll"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"143.92.51.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558504/; classtype:trojan-activity;sid:84421604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558501)"; flow:established,from_client; content:"GET"; http_method; content:"/g7_update.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"118.219.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558501/; classtype:trojan-activity;sid:84421601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558331)"; flow:established,from_client; content:"GET"; http_method; content:"/iluxa94/-3-/main/%d0%a4%d0%be%d1%80%d0%bc%d0%b0%203%d0%9e%d0%a8%d0%91%d0%a0.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558331/; classtype:trojan-activity;sid:84421431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558302)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/amsibypass/main/newamsibypass.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558302/; classtype:trojan-activity;sid:84421402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558300)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/link-exe-test/main/matthew.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558300/; classtype:trojan-activity;sid:84421400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558295)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/second.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558295/; classtype:trojan-activity;sid:84421395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558290)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/urbanvpn.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558290/; classtype:trojan-activity;sid:84421390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558291)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/svhost.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558291/; classtype:trojan-activity;sid:84421391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558292)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/second.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558292/; classtype:trojan-activity;sid:84421392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558289)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-nicelittlekittieobf/main/invoke-nicelittlekittieobf.ps1"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558289/; classtype:trojan-activity;sid:84421389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558285)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/pvp.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558285/; classtype:trojan-activity;sid:84421385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558287)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/darwin.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558287/; classtype:trojan-activity;sid:84421387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558280)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-dropper/main/src/main.rs"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558280/; classtype:trojan-activity;sid:84421380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558271)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/bin/x64/release/phantom.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558271/; classtype:trojan-activity;sid:84421371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558266)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-shell/main/reverse.ps1"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558266/; classtype:trojan-activity;sid:84421366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558264)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/iso-file-testing/main/pleaserunme.iso"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558264/; classtype:trojan-activity;sid:84421364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558260)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/uac64.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558260/; classtype:trojan-activity;sid:84421360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558252)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/payload.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558252/; classtype:trojan-activity;sid:84421352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558247)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/riende.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558247/; classtype:trojan-activity;sid:84421347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558249)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/uac.dll"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558249/; classtype:trojan-activity;sid:84421349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558243)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-nicelittlekittie/main/invoke-nicelittlekittie.ps1"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558243/; classtype:trojan-activity;sid:84421343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558235)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/payload_encrypted.bin"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558235/; classtype:trojan-activity;sid:84421335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558237)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/meter/main/meter5555.ps1"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558237/; classtype:trojan-activity;sid:84421337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558229)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/js-file-test/main/loader.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558229/; classtype:trojan-activity;sid:84421329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558230)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-revshell/main/src/main.rs"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558230/; classtype:trojan-activity;sid:84421330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/ll/hta/f.het"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.messias.org.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558205/; classtype:trojan-activity;sid:84421305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556803)"; flow:established,from_client; content:"GET"; http_method; content:"/qcojt/logs.ldk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"classroomseven.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556803/; classtype:trojan-activity;sid:84419903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556779)"; flow:established,from_client; content:"GET"; http_method; content:"/qcojt/logs.ldr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"classroomseven.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556779/; classtype:trojan-activity;sid:84419879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556612)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556612/; classtype:trojan-activity;sid:84419712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.13.136.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_02; reference:url, urlhaus.abuse.ch/url/3556322/; classtype:trojan-activity;sid:84419422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.177.84.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_01; reference:url, urlhaus.abuse.ch/url/3555991/; classtype:trojan-activity;sid:84419091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555900)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin2.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555900/; classtype:trojan-activity;sid:84419000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555899)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin3.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555899/; classtype:trojan-activity;sid:84418999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555898)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin4.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555898/; classtype:trojan-activity;sid:84418998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555897)"; flow:established,from_client; content:"GET"; http_method; content:"/plugin1.plg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xai830k.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_31; reference:url, urlhaus.abuse.ch/url/3555897/; classtype:trojan-activity;sid:84418997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555717)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.85.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555717/; classtype:trojan-activity;sid:84418817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.202.153.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555694/; classtype:trojan-activity;sid:84418794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.192.40.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555475/; classtype:trojan-activity;sid:84418575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.30.208.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555470/; classtype:trojan-activity;sid:84418570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.78.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_30; reference:url, urlhaus.abuse.ch/url/3555465/; classtype:trojan-activity;sid:84418565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555397)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555397/; classtype:trojan-activity;sid:84418497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555395)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555395/; classtype:trojan-activity;sid:84418495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555396)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555396/; classtype:trojan-activity;sid:84418496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555394)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.arm4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555394/; classtype:trojan-activity;sid:84418494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555393)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555393/; classtype:trojan-activity;sid:84418493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555392)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555392/; classtype:trojan-activity;sid:84418492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555391)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555391/; classtype:trojan-activity;sid:84418491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555390)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555390/; classtype:trojan-activity;sid:84418490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555389)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.i586"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555389/; classtype:trojan-activity;sid:84418489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555388)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555388/; classtype:trojan-activity;sid:84418488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555371)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp1000gbps.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.250.228.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555371/; classtype:trojan-activity;sid:84418471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555192)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/raw/refs/heads/master/ransomware/wannacry.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555192/; classtype:trojan-activity;sid:84418292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.202.153.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555132/; classtype:trojan-activity;sid:84418232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.214.55.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555014/; classtype:trojan-activity;sid:84418114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.199.86.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555017/; classtype:trojan-activity;sid:84418117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.64.135.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555012/; classtype:trojan-activity;sid:84418112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555005)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.90.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555005/; classtype:trojan-activity;sid:84418105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554430)"; flow:established,from_client; content:"GET"; http_method; content:"/rate.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"celebratingseniors.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554430/; classtype:trojan-activity;sid:84417530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554345)"; flow:established,from_client; content:"GET"; http_method; content:"/rats.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"celebratingseniors.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554345/; classtype:trojan-activity;sid:84417445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554334)"; flow:established,from_client; content:"GET"; http_method; content:"/oste.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"celebratingseniors.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554334/; classtype:trojan-activity;sid:84417434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553636)"; flow:established,from_client; content:"GET"; http_method; content:"/bufs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"maidforyou1985.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553636/; classtype:trojan-activity;sid:84416736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553631)"; flow:established,from_client; content:"GET"; http_method; content:"/zsps.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553631/; classtype:trojan-activity;sid:84416731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553633)"; flow:established,from_client; content:"GET"; http_method; content:"/osxs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"windomstatetheater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553633/; classtype:trojan-activity;sid:84416733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553634)"; flow:established,from_client; content:"GET"; http_method; content:"/fste.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553634/; classtype:trojan-activity;sid:84416734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553619)"; flow:established,from_client; content:"GET"; http_method; content:"/fsps.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553619/; classtype:trojan-activity;sid:84416719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553609)"; flow:established,from_client; content:"GET"; http_method; content:"/rars.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"windomstatetheater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553609/; classtype:trojan-activity;sid:84416709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553170)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.125.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3553170/; classtype:trojan-activity;sid:84416270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.79.175.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3553167/; classtype:trojan-activity;sid:84416267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.45.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3553026/; classtype:trojan-activity;sid:84416126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.226.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552816/; classtype:trojan-activity;sid:84415916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552757/; classtype:trojan-activity;sid:84415857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.251.84.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552753/; classtype:trojan-activity;sid:84415853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552725)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.76.252.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552725/; classtype:trojan-activity;sid:84415825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552617)"; flow:established,from_client; content:"GET"; http_method; content:"/bre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.74.204.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552617/; classtype:trojan-activity;sid:84415717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552613)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.79.175.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552613/; classtype:trojan-activity;sid:84415713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552086)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.176.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_25; reference:url, urlhaus.abuse.ch/url/3552086/; classtype:trojan-activity;sid:84415186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552045)"; flow:established,from_client; content:"GET"; http_method; content:"/anonimusman00-2/xmr/refs/heads/main/silent%20miner.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552045/; classtype:trojan-activity;sid:84415145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552042)"; flow:established,from_client; content:"GET"; http_method; content:"/waf/dracula-cmd/master/dist/colortool.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552042/; classtype:trojan-activity;sid:84415142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552043)"; flow:established,from_client; content:"GET"; http_method; content:"/iamsysadmin/setteamsbg/main/set-teams-backgrounds.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552043/; classtype:trojan-activity;sid:84415143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552009)"; flow:established,from_client; content:"GET"; http_method; content:"/anonimusman00-2/xmr/raw/refs/heads/main/silent%20miner.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552009/; classtype:trojan-activity;sid:84415109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552005)"; flow:established,from_client; content:"GET"; http_method; content:"/alanparadis/stalker2simplemodmerger/releases/download/vortex-v1.4.9/stalker2simplemodmergerforvortex.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552005/; classtype:trojan-activity;sid:84415105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.232.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551953/; classtype:trojan-activity;sid:84415053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551493)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.242.66.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551493/; classtype:trojan-activity;sid:84414593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.15.250.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551361/; classtype:trojan-activity;sid:84414461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551305)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.208.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551305/; classtype:trojan-activity;sid:84414405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550735)"; flow:established,from_client; content:"GET"; http_method; content:"/macmid_sonoma_14_5.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.198.40.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550735/; classtype:trojan-activity;sid:84413835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550710)"; flow:established,from_client; content:"GET"; http_method; content:"/aecheck2.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"khavar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550710/; classtype:trojan-activity;sid:84413810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.59.90.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550381/; classtype:trojan-activity;sid:84413481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550388)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.238.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550388/; classtype:trojan-activity;sid:84413488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550358)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.119.34.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550358/; classtype:trojan-activity;sid:84413458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550356)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.190.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550356/; classtype:trojan-activity;sid:84413456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550290)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.15.250.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550290/; classtype:trojan-activity;sid:84413390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550044)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.94.92.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3550044/; classtype:trojan-activity;sid:84413144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550019)"; flow:established,from_client; content:"GET"; http_method; content:"/2023"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"143.92.48.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3550019/; classtype:trojan-activity;sid:84413119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550006)"; flow:established,from_client; content:"GET"; http_method; content:"/3r%bc%bc%ca%f5.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.138.182.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3550006/; classtype:trojan-activity;sid:84413106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549998)"; flow:established,from_client; content:"GET"; http_method; content:"/server.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.14.68.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549998/; classtype:trojan-activity;sid:84413098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549996)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"106.14.68.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549996/; classtype:trojan-activity;sid:84413096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549664)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.206.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549664/; classtype:trojan-activity;sid:84412764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.87.82.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549645/; classtype:trojan-activity;sid:84412745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.117.172.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549642/; classtype:trojan-activity;sid:84412742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.155"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549627/; classtype:trojan-activity;sid:84412727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549491)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.242.224.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549491/; classtype:trojan-activity;sid:84412591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"207.231.111.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3549155/; classtype:trojan-activity;sid:84412255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548988)"; flow:established,from_client; content:"GET"; http_method; content:"/fsps.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jakestrack.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3548988/; classtype:trojan-activity;sid:84412088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548647)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3548647/; classtype:trojan-activity;sid:84411747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548513)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.56.207.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_21; reference:url, urlhaus.abuse.ch/url/3548513/; classtype:trojan-activity;sid:84411613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548058)"; flow:established,from_client; content:"GET"; http_method; content:"/admin-pc/stikpille.psp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"artacom.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548058/; classtype:trojan-activity;sid:84411158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548057)"; flow:established,from_client; content:"GET"; http_method; content:"/admin-pc/qsllcxnogwi52.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"artacom.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548057/; classtype:trojan-activity;sid:84411157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.226.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548023/; classtype:trojan-activity;sid:84411123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548015)"; flow:established,from_client; content:"GET"; http_method; content:"/acheck3.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"khavar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548015/; classtype:trojan-activity;sid:84411115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3548001)"; flow:established,from_client; content:"GET"; http_method; content:"/atata.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"khavar.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3548001/; classtype:trojan-activity;sid:84411101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547880)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ed2w0zvvx53_mfifdszyslleurub40zo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547880/; classtype:trojan-activity;sid:84410980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547784)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.84.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547784/; classtype:trojan-activity;sid:84410884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547782)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.98.176.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547782/; classtype:trojan-activity;sid:84410882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547420)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.212.166.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3547420/; classtype:trojan-activity;sid:84410520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546969)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.236.147.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3546969/; classtype:trojan-activity;sid:84410069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.2.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_18; reference:url, urlhaus.abuse.ch/url/3546411/; classtype:trojan-activity;sid:84409511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.247.124.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_17; reference:url, urlhaus.abuse.ch/url/3545468/; classtype:trojan-activity;sid:84408568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.95.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_17; reference:url, urlhaus.abuse.ch/url/3545469/; classtype:trojan-activity;sid:84408569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.228.153.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_17; reference:url, urlhaus.abuse.ch/url/3545464/; classtype:trojan-activity;sid:84408564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545216)"; flow:established,from_client; content:"GET"; http_method; content:"/b33b49c5-5e3d-4a33-b66b-c719b917fa62/zip.log"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3545216/; classtype:trojan-activity;sid:84408316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545217)"; flow:established,from_client; content:"GET"; http_method; content:"/b33b49c5-5e3d-4a33-b66b-c719b917fa62/tax.pdf"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3545217/; classtype:trojan-activity;sid:84408317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3545213)"; flow:established,from_client; content:"GET"; http_method; content:"/b33b49c5-5e3d-4a33-b66b-c719b917fa62/txjyh.hta"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3545213/; classtype:trojan-activity;sid:84408313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544992)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/nk/wunbbnvf102.bin"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"planetariumobil.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544992/; classtype:trojan-activity;sid:84408092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.204.62.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544460/; classtype:trojan-activity;sid:84407560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.102.164.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544437/; classtype:trojan-activity;sid:84407537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"screen.connectprotocol.es"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3544014/; classtype:trojan-activity;sid:84407114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543803)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.239.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543803/; classtype:trojan-activity;sid:84406903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543805)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.239.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543805/; classtype:trojan-activity;sid:84406905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543801)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543801/; classtype:trojan-activity;sid:84406901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543432)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.221.32.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_14; reference:url, urlhaus.abuse.ch/url/3543432/; classtype:trojan-activity;sid:84406532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.50.222.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_14; reference:url, urlhaus.abuse.ch/url/3543392/; classtype:trojan-activity;sid:84406492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3542563)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wvxiyf_ryvgg_x3x7uceicqrndhb7lul"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_05_13; reference:url, urlhaus.abuse.ch/url/3542563/; classtype:trojan-activity;sid:84405663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541826)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/giphy.gif"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"onfiltre.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_12; reference:url, urlhaus.abuse.ch/url/3541826/; classtype:trojan-activity;sid:84404926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541487)"; flow:established,from_client; content:"GET"; http_method; content:"/download/uninstall.sh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"update.aegis.aliyun.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541487/; classtype:trojan-activity;sid:84404587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541486)"; flow:established,from_client; content:"GET"; http_method; content:"/download/quartz_uninstall.sh"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"update.aegis.aliyun.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541486/; classtype:trojan-activity;sid:84404586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.63.149.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541432/; classtype:trojan-activity;sid:84404532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540931)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.12.2/xmrig-6.12.2-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3540931/; classtype:trojan-activity;sid:84404031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.137.249.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540515/; classtype:trojan-activity;sid:84403615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540217)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.134.51.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540217/; classtype:trojan-activity;sid:84403317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.52.241.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540188/; classtype:trojan-activity;sid:84403288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540085)"; flow:established,from_client; content:"GET"; http_method; content:"/.x/pax.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"13.71.2.244"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540085/; classtype:trojan-activity;sid:84403185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.56.207.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539811/; classtype:trojan-activity;sid:84402911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539735)"; flow:established,from_client; content:"GET"; http_method; content:"/xostes.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.surethinks.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539735/; classtype:trojan-activity;sid:84402835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539686)"; flow:established,from_client; content:"GET"; http_method; content:"/js_bo/werkstastt/shotstar.prm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.silver-hubdachwohnwagen.de"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539686/; classtype:trojan-activity;sid:84402786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539354)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.218.225.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539354/; classtype:trojan-activity;sid:84402454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.160.75.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3539035/; classtype:trojan-activity;sid:84402135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539028)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.22.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3539028/; classtype:trojan-activity;sid:84402128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538764)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.211.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538764/; classtype:trojan-activity;sid:84401864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538763)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.208.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538763/; classtype:trojan-activity;sid:84401863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.209.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538762/; classtype:trojan-activity;sid:84401862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538761)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538761/; classtype:trojan-activity;sid:84401861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.209.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538754/; classtype:trojan-activity;sid:84401854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538755)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.209.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538755/; classtype:trojan-activity;sid:84401855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538747/; classtype:trojan-activity;sid:84401847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538741)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538741/; classtype:trojan-activity;sid:84401841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538744)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538744/; classtype:trojan-activity;sid:84401844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.210.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538671/; classtype:trojan-activity;sid:84401771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538670)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.208.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538670/; classtype:trojan-activity;sid:84401770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538179)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.22.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538179/; classtype:trojan-activity;sid:84401279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537744)"; flow:established,from_client; content:"GET"; http_method; content:"/dfffrf/dfdf/downloads/notificaci%c3%b3n_demanda_virtual_juzgado_09_de_circuito_de_bogot%c3%a1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537744/; classtype:trojan-activity;sid:84400844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537710)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wex.gif"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"stonecradle.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537710/; classtype:trojan-activity;sid:84400810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537561)"; flow:established,from_client; content:"GET"; http_method; content:"/sansebas/sdsd/downloads/01citaci%c3%b3n_personal_demanda_virtual_juzgado_penal_de_circuito_de.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537561/; classtype:trojan-activity;sid:84400661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536070)"; flow:established,from_client; content:"GET"; http_method; content:"/dl202"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536070/; classtype:trojan-activity;sid:84399170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.157.195.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536030/; classtype:trojan-activity;sid:84399130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.182.123.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536025/; classtype:trojan-activity;sid:84399125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3535453)"; flow:established,from_client; content:"GET"; http_method; content:"/4492/e569abd317d7e5f7a39d4af364fe6376/sorandaru2015.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_05; reference:url, urlhaus.abuse.ch/url/3535453/; classtype:trojan-activity;sid:84398553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3535256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_05; reference:url, urlhaus.abuse.ch/url/3535256/; classtype:trojan-activity;sid:84398356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3535078)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.182.123.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_05; reference:url, urlhaus.abuse.ch/url/3535078/; classtype:trojan-activity;sid:84398178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3534886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.93.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_04; reference:url, urlhaus.abuse.ch/url/3534886/; classtype:trojan-activity;sid:84397986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3534191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.249.142.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_04; reference:url, urlhaus.abuse.ch/url/3534191/; classtype:trojan-activity;sid:84397291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.78.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533772/; classtype:trojan-activity;sid:84396872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.109.11.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533773/; classtype:trojan-activity;sid:84396873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.188.92.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533769/; classtype:trojan-activity;sid:84396869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.76.252.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533753/; classtype:trojan-activity;sid:84396853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533582)"; flow:established,from_client; content:"GET"; http_method; content:"/kokotpycauholica/ultraundetecteddrv/refs/heads/main/hbvtmbp46iieehp1.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533582/; classtype:trojan-activity;sid:84396682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532985)"; flow:established,from_client; content:"GET"; http_method; content:"/dl201"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532985/; classtype:trojan-activity;sid:84396085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532847)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532847/; classtype:trojan-activity;sid:84395947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532848)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532848/; classtype:trojan-activity;sid:84395948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532849/; classtype:trojan-activity;sid:84395949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.76.101.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532833/; classtype:trojan-activity;sid:84395933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532827)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532827/; classtype:trojan-activity;sid:84395927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532726)"; flow:established,from_client; content:"GET"; http_method; content:"/2294/7a43bb4cf6c57229b02a9604a1f4614e/skidmore1966.pdf"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532726/; classtype:trojan-activity;sid:84395826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532282)"; flow:established,from_client; content:"GET"; http_method; content:"/dl200"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532282/; classtype:trojan-activity;sid:84395382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.21.252.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531990/; classtype:trojan-activity;sid:84395090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.81.58.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531992/; classtype:trojan-activity;sid:84395092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.203.88.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531994/; classtype:trojan-activity;sid:84395094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.119.203.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531984/; classtype:trojan-activity;sid:84395084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.168.60.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531986/; classtype:trojan-activity;sid:84395086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.255.22.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531972/; classtype:trojan-activity;sid:84395072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.58.146.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531974/; classtype:trojan-activity;sid:84395074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.15.96.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531975/; classtype:trojan-activity;sid:84395075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531643)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.188.92.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531643/; classtype:trojan-activity;sid:84394743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531576)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.210.178.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531576/; classtype:trojan-activity;sid:84394676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531323)"; flow:established,from_client; content:"GET"; http_method; content:"/zc3.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.234.66.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3531323/; classtype:trojan-activity;sid:84394423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531322)"; flow:established,from_client; content:"GET"; http_method; content:"/zal.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.234.66.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3531322/; classtype:trojan-activity;sid:84394422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.51.100.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530894/; classtype:trojan-activity;sid:84393994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530868)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530868/; classtype:trojan-activity;sid:84393968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530870)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530870/; classtype:trojan-activity;sid:84393970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530776)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"4393eb8c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530776/; classtype:trojan-activity;sid:84393876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530262)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.153.97.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530262/; classtype:trojan-activity;sid:84393362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.70.214.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530250/; classtype:trojan-activity;sid:84393350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.31.8.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530248/; classtype:trojan-activity;sid:84393348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.124.228.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530244/; classtype:trojan-activity;sid:84393344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.42.105.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530241/; classtype:trojan-activity;sid:84393341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530168)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.22.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530168/; classtype:trojan-activity;sid:84393268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.154.79.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530163/; classtype:trojan-activity;sid:84393263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530015)"; flow:established,from_client; content:"GET"; http_method; content:"/pocz/new_image.jpg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"glaustralia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530015/; classtype:trojan-activity;sid:84393115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529937)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"157.255.22.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529937/; classtype:trojan-activity;sid:84393037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.21.252.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529929/; classtype:trojan-activity;sid:84393029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529930)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.203.88.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529930/; classtype:trojan-activity;sid:84393030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529912)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.1.37"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529912/; classtype:trojan-activity;sid:84393012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.76.101.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529907/; classtype:trojan-activity;sid:84393007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529908)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.81.58.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529908/; classtype:trojan-activity;sid:84393008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529891)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"101.58.146.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529891/; classtype:trojan-activity;sid:84392991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529895)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.252.11.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529895/; classtype:trojan-activity;sid:84392995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528280)"; flow:established,from_client; content:"GET"; http_method; content:"/mir1ce/hawkeye/releases/download/v0319/hawkeye.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528280/; classtype:trojan-activity;sid:84391380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528279)"; flow:established,from_client; content:"GET"; http_method; content:"/yarahq/yara-forge/releases/latest/download/yara-forge-rules-core.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528279/; classtype:trojan-activity;sid:84391379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528277)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.6.1/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528277/; classtype:trojan-activity;sid:84391377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528171)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831362/alpha.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528171/; classtype:trojan-activity;sid:84391271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528170)"; flow:established,from_client; content:"GET"; http_method; content:"/decalage2/oletools/releases/download/v0.60.2/oletools-0.60.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528170/; classtype:trojan-activity;sid:84391270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528165)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831288/crack.nurik.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528165/; classtype:trojan-activity;sid:84391265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528167)"; flow:established,from_client; content:"GET"; http_method; content:"/firmware/ts2_0001.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"172.170.254.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528167/; classtype:trojan-activity;sid:84391267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528162)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831450/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528162/; classtype:trojan-activity;sid:84391262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19835739/solarus.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528154/; classtype:trojan-activity;sid:84391254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528128)"; flow:established,from_client; content:"GET"; http_method; content:"/zxc5wezxc/new/main/dllbase64reverse.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528128/; classtype:trojan-activity;sid:84391228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528127)"; flow:established,from_client; content:"GET"; http_method; content:"/androidmalware/android_hid/f25d0234cff288ab8384689685e37b1b4bbaf2ba/test.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528127/; classtype:trojan-activity;sid:84391227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528108)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeyadece/v-f/releases/download/1.4.2/vector-fixer-v1.4.2.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528108/; classtype:trojan-activity;sid:84391208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528105)"; flow:established,from_client; content:"GET"; http_method; content:"/ui.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"public.demo.securecloudsandbox.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528105/; classtype:trojan-activity;sid:84391205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528107)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-gif/releases/download/v1.1.0/darts-gif.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528107/; classtype:trojan-activity;sid:84391207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528100)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-pixelit/releases/download/v1.2.2/darts-pixelit.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528100/; classtype:trojan-activity;sid:84391200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528101)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-wled/releases/download/v1.8.1/darts-wled.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528101/; classtype:trojan-activity;sid:84391201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528097)"; flow:established,from_client; content:"GET"; http_method; content:"/harelba/q/releases/download/2.0.19/q-amd64-windows.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528097/; classtype:trojan-activity;sid:84391197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528098)"; flow:established,from_client; content:"GET"; http_method; content:"/mikf/gallery-dl/releases/download/v1.15.0/gallery-dl.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528098/; classtype:trojan-activity;sid:84391198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.95.183.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527870/; classtype:trojan-activity;sid:84390970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.114.7.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527865/; classtype:trojan-activity;sid:84390965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.181.234.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527850/; classtype:trojan-activity;sid:84390950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527856)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.36.11.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527856/; classtype:trojan-activity;sid:84390956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527814)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.57.30.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527814/; classtype:trojan-activity;sid:84390914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526930)"; flow:established,from_client; content:"GET"; http_method; content:"/verify-sec"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"msoftdatastore.z22.web.core.windows.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526930/; classtype:trojan-activity;sid:84390030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.228.12.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526868/; classtype:trojan-activity;sid:84389968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.69.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526832/; classtype:trojan-activity;sid:84389932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.205.81.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526834/; classtype:trojan-activity;sid:84389934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526857/; classtype:trojan-activity;sid:84389957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525788)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.83.124.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525788/; classtype:trojan-activity;sid:84388888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525778)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.95.183.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525778/; classtype:trojan-activity;sid:84388878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525743)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.57.166.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525743/; classtype:trojan-activity;sid:84388843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525738)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.176.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525738/; classtype:trojan-activity;sid:84388838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525731)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.181.234.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525731/; classtype:trojan-activity;sid:84388831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525292)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.114.7.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525292/; classtype:trojan-activity;sid:84388392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.110.37.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525151/; classtype:trojan-activity;sid:84388251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525074)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.101.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525074/; classtype:trojan-activity;sid:84388174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525009)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.214.56.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525009/; classtype:trojan-activity;sid:84388109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525013)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.69.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525013/; classtype:trojan-activity;sid:84388113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525021)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.83.203.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525021/; classtype:trojan-activity;sid:84388121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524811)"; flow:established,from_client; content:"GET"; http_method; content:"/vaxilu/x-ui/releases/latest/download/x-ui-linux-amd64.tar.gz"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524811/; classtype:trojan-activity;sid:84387911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524808)"; flow:established,from_client; content:"GET"; http_method; content:"/teddysun/across/raw/master/bbr.sh"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524808/; classtype:trojan-activity;sid:84387908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524506)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ccjlbddgjhpeeff1b1hfkgp3x16c_tj1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524506/; classtype:trojan-activity;sid:84387606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524454)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1bpc5z-hv6kosk6artkfmbtsnnwwpdghy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524454/; classtype:trojan-activity;sid:84387554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.219.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523645/; classtype:trojan-activity;sid:84386745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.47.243.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523621/; classtype:trojan-activity;sid:84386721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522943)"; flow:established,from_client; content:"GET"; http_method; content:"/oto"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522943/; classtype:trojan-activity;sid:84386043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.30.92.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522876/; classtype:trojan-activity;sid:84385976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.15.202.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522864/; classtype:trojan-activity;sid:84385964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522687)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ltrdqlgcl6smoqujfs1pb2ernzhsbydh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522687/; classtype:trojan-activity;sid:84385787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522201)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/main/ud.bat"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522201/; classtype:trojan-activity;sid:84385301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522159)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.243.36.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522159/; classtype:trojan-activity;sid:84385259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521407/; classtype:trojan-activity;sid:84384507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521377/; classtype:trojan-activity;sid:84384477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521382/; classtype:trojan-activity;sid:84384482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521372)"; flow:established,from_client; content:"GET"; http_method; content:"/////bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"62.60.226.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521372/; classtype:trojan-activity;sid:84384472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"62.60.226.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521360/; classtype:trojan-activity;sid:84384460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521335)"; flow:established,from_client; content:"GET"; http_method; content:"/////bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"62.60.226.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521335/; classtype:trojan-activity;sid:84384435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521316)"; flow:established,from_client; content:"GET"; http_method; content:"/////bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"62.60.226.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521316/; classtype:trojan-activity;sid:84384416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3521312)"; flow:established,from_client; content:"GET"; http_method; content:"/////bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"62.60.226.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3521312/; classtype:trojan-activity;sid:84384412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.73.103"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_21; reference:url, urlhaus.abuse.ch/url/3520923/; classtype:trojan-activity;sid:84384023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520366)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.12.2/xmrig-6.12.2-linux-x64.tar.gz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_21; reference:url, urlhaus.abuse.ch/url/3520366/; classtype:trojan-activity;sid:84383466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520082)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.226.241.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520082/; classtype:trojan-activity;sid:84383182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520081)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.43.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520081/; classtype:trojan-activity;sid:84383181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520073)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.63.168.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520073/; classtype:trojan-activity;sid:84383173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520075)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"122.55.206.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520075/; classtype:trojan-activity;sid:84383175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520071)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.156.141.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520071/; classtype:trojan-activity;sid:84383171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520070)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.63.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520070/; classtype:trojan-activity;sid:84383170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.116.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519608/; classtype:trojan-activity;sid:84382708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.229.20.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519584/; classtype:trojan-activity;sid:84382684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.50.168.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519563/; classtype:trojan-activity;sid:84382663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519542)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/game.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519542/; classtype:trojan-activity;sid:84382642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519540)"; flow:established,from_client; content:"GET"; http_method; content:"/_autovlbs19_new/trainjx2.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"thtp2.volamngayxua.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519540/; classtype:trojan-activity;sid:84382640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519529)"; flow:established,from_client; content:"GET"; http_method; content:"/_autovlbs19_new/trainjx.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"thtp2.volamngayxua.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519529/; classtype:trojan-activity;sid:84382629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519525)"; flow:established,from_client; content:"GET"; http_method; content:"/down/linm_free/tg_linm_data_image_free.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tiwanlinm.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519525/; classtype:trojan-activity;sid:84382625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519523)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest10.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519523/; classtype:trojan-activity;sid:84382623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519518)"; flow:established,from_client; content:"GET"; http_method; content:"/fb/32.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519518/; classtype:trojan-activity;sid:84382618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519521)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest14.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519521/; classtype:trojan-activity;sid:84382621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519514)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest12.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519514/; classtype:trojan-activity;sid:84382614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519515)"; flow:established,from_client; content:"GET"; http_method; content:"/test4.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519515/; classtype:trojan-activity;sid:84382615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519513)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namu832.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519513/; classtype:trojan-activity;sid:84382613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519503)"; flow:established,from_client; content:"GET"; http_method; content:"/autoupdate/autoupdate.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"jxhuyhoang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519503/; classtype:trojan-activity;sid:84382603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519491)"; flow:established,from_client; content:"GET"; http_method; content:"/creation_made_by_grokai.mp4%20%20%20openai.com"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"openaigrok.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519491/; classtype:trojan-activity;sid:84382591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519493)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest24.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519493/; classtype:trojan-activity;sid:84382593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519485)"; flow:established,from_client; content:"GET"; http_method; content:"/versions/gestioniccv20.21.8.51/gestionicc.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"icoffeecloud.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519485/; classtype:trojan-activity;sid:84382585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519478)"; flow:established,from_client; content:"GET"; http_method; content:"/creation_made_by_grokai.mp4%20%20%20openai.com"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"innaflux.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519478/; classtype:trojan-activity;sid:84382578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519469)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"60aaf9c6.salamanderprocessing.pages.dev"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519469/; classtype:trojan-activity;sid:84382569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519467)"; flow:established,from_client; content:"GET"; http_method; content:"/down/linm_free/tg_linm_data_map_free.dll"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"tiwanlinm.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519467/; classtype:trojan-activity;sid:84382567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519461)"; flow:established,from_client; content:"GET"; http_method; content:"/fv/v1_3_8.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"198.46.142.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519461/; classtype:trojan-activity;sid:84382561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519464)"; flow:established,from_client; content:"GET"; http_method; content:"/fb/sm.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519464/; classtype:trojan-activity;sid:84382564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519458)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest38.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519458/; classtype:trojan-activity;sid:84382558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519459)"; flow:established,from_client; content:"GET"; http_method; content:"/pds/mogimall/giftorder/giftorder.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mogimall.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519459/; classtype:trojan-activity;sid:84382559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519456)"; flow:established,from_client; content:"GET"; http_method; content:"/test9.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519456/; classtype:trojan-activity;sid:84382556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519454)"; flow:established,from_client; content:"GET"; http_method; content:"/testpte2.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519454/; classtype:trojan-activity;sid:84382554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519449)"; flow:established,from_client; content:"GET"; http_method; content:"/testwindow.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519449/; classtype:trojan-activity;sid:84382549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519446)"; flow:established,from_client; content:"GET"; http_method; content:"/newchaisupon/vendor/bin/psysh.bat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"99194034-96-20180108171507.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519446/; classtype:trojan-activity;sid:84382546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519442)"; flow:established,from_client; content:"GET"; http_method; content:"/diaclients/doitallmain.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.salonmarketing.ca"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519442/; classtype:trojan-activity;sid:84382542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519443)"; flow:established,from_client; content:"GET"; http_method; content:"/sa0611/systemsa32.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.ss-01.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519443/; classtype:trojan-activity;sid:84382543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519430)"; flow:established,from_client; content:"GET"; http_method; content:"/test6.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519430/; classtype:trojan-activity;sid:84382530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519432)"; flow:established,from_client; content:"GET"; http_method; content:"/msedge.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c9791c08-f1e4-4402-9510-d04c13c50ea3.selstorage.ru"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519432/; classtype:trojan-activity;sid:84382532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519429)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pubdata/hpsocket4c.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519429/; classtype:trojan-activity;sid:84382529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519425)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest31.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519425/; classtype:trojan-activity;sid:84382525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519420)"; flow:established,from_client; content:"GET"; http_method; content:"/testdumpall.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519420/; classtype:trojan-activity;sid:84382520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519421)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest11.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519421/; classtype:trojan-activity;sid:84382521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519419)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sm02zsvdywdotb7rql/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dhnconstrucciones.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519419/; classtype:trojan-activity;sid:84382519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519416)"; flow:established,from_client; content:"GET"; http_method; content:"/filea.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519416/; classtype:trojan-activity;sid:84382516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519415)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"c3436037.salamanderprocessing.pages.dev"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519415/; classtype:trojan-activity;sid:84382515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519410)"; flow:established,from_client; content:"GET"; http_method; content:"/testpte.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519410/; classtype:trojan-activity;sid:84382510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519408)"; flow:established,from_client; content:"GET"; http_method; content:"/rh/setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d3cciiowg5l3jx.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519408/; classtype:trojan-activity;sid:84382508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519404)"; flow:established,from_client; content:"GET"; http_method; content:"/pds/mogimall/giftorder/updater.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"mogimall.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519404/; classtype:trojan-activity;sid:84382504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519392)"; flow:established,from_client; content:"GET"; http_method; content:"/media/video_file/round_setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"tapestryoftruth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519392/; classtype:trojan-activity;sid:84382492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519380)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest36.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519380/; classtype:trojan-activity;sid:84382480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519378)"; flow:established,from_client; content:"GET"; http_method; content:"/test5.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519378/; classtype:trojan-activity;sid:84382478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519368)"; flow:established,from_client; content:"GET"; http_method; content:"/r0400/yahoodll.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.ss-01.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519368/; classtype:trojan-activity;sid:84382468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519369)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519369/; classtype:trojan-activity;sid:84382469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519354)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/addmefast%20bot.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519354/; classtype:trojan-activity;sid:84382454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519356)"; flow:established,from_client; content:"GET"; http_method; content:"/nircmd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pub-0478b308b8cf46709a73d0eed5afd633.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519356/; classtype:trojan-activity;sid:84382456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519346)"; flow:established,from_client; content:"GET"; http_method; content:"/test7.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519346/; classtype:trojan-activity;sid:84382446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519347)"; flow:established,from_client; content:"GET"; http_method; content:"/test8.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519347/; classtype:trojan-activity;sid:84382447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519348)"; flow:established,from_client; content:"GET"; http_method; content:"/test1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519348/; classtype:trojan-activity;sid:84382448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519349)"; flow:established,from_client; content:"GET"; http_method; content:"/testmemtest35.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519349/; classtype:trojan-activity;sid:84382449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519092)"; flow:established,from_client; content:"GET"; http_method; content:"/pst.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"o24o.ru"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519092/; classtype:trojan-activity;sid:84382192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519084)"; flow:established,from_client; content:"GET"; http_method; content:"/airportbeta/files/foam.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"neirong.funshion.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519084/; classtype:trojan-activity;sid:84382184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519066)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519066/; classtype:trojan-activity;sid:84382166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519063)"; flow:established,from_client; content:"GET"; http_method; content:"/vinhuptoday/testbn/raw/refs/heads/main/brbotnet.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519063/; classtype:trojan-activity;sid:84382163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519036)"; flow:established,from_client; content:"GET"; http_method; content:"/tiansys(xp%e4%b8%93%e7%94%a8).exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"fz.tiansys.cn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519036/; classtype:trojan-activity;sid:84382136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519035)"; flow:established,from_client; content:"GET"; http_method; content:"/disbalancer-project/main/releases/latest/download/disbalancer-go-client-windows-386.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519035/; classtype:trojan-activity;sid:84382135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519032)"; flow:established,from_client; content:"GET"; http_method; content:"/game/ysjyx880.exe|3f|tk=ujyxmzylvzn3utywumy0qwomddmyytozqwo1gdo0qdn852b812bj5cm2mtaopxaixhn1idnzcjm5ytm"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"52mj.susuwei.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519032/; classtype:trojan-activity;sid:84382132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519028)"; flow:established,from_client; content:"GET"; http_method; content:"/uniondown/haozip_tiny.201805.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519028/; classtype:trojan-activity;sid:84382128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519029)"; flow:established,from_client; content:"GET"; http_method; content:"/client/update.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.91.133.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519029/; classtype:trojan-activity;sid:84382129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519027)"; flow:established,from_client; content:"GET"; http_method; content:"/cosmicdevv/icarus-lite/releases/download/v1.1.13/icaruslite-v1.1.13-win.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519027/; classtype:trojan-activity;sid:84382127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519025)"; flow:established,from_client; content:"GET"; http_method; content:"/sebaxakerhtc/rdpwrap/releases/download/v1.8.9.9/rdpw_installer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519025/; classtype:trojan-activity;sid:84382125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519026)"; flow:established,from_client; content:"GET"; http_method; content:"/dax009yt/chilledwindows-gui/releases/download/1.0/chilledwindows.gui.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519026/; classtype:trojan-activity;sid:84382126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519019)"; flow:established,from_client; content:"GET"; http_method; content:"/jackson2323/mohradiant/blob/master/updt.exe|3f|raw=true"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519019/; classtype:trojan-activity;sid:84382119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519020)"; flow:established,from_client; content:"GET"; http_method; content:"/down/pkexu0ytxar3.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"115.159.149.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519020/; classtype:trojan-activity;sid:84382120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519021)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/public_file/relogintool.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"47.238.238.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519021/; classtype:trojan-activity;sid:84382121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519016)"; flow:established,from_client; content:"GET"; http_method; content:"/bol-van/zapret/releases/download/v70.6/zapret-v70.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519016/; classtype:trojan-activity;sid:84382116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519012)"; flow:established,from_client; content:"GET"; http_method; content:"/boyo3473/irack/releases/download/idk/load.driver.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519012/; classtype:trojan-activity;sid:84382112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518999)"; flow:established,from_client; content:"GET"; http_method; content:"/2590057.s21d-2.faiusrd.com/0/abuiabblgaagytxhtauo1pck0ge.exe|3f|f=ghost%e7%bd%91%e5%85%8b%e9%9a%86%e6%a3%80%e6%b5%8b%e5%b7%a5%e5%85%b7.exe|7c|26|7c|v=1452829385|7c|26|7c|wsiphost=local|7c|26|7c|wsrid_tag=61c52eb2_psmgzjgord1de87_17635-16713"; http_uri; depth:241; isdataat:!1,relative; nocase; content:"157.185.170.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518999/; classtype:trojan-activity;sid:84382099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519000)"; flow:established,from_client; content:"GET"; http_method; content:"/vexcentry/vex/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519000/; classtype:trojan-activity;sid:84382100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518861)"; flow:established,from_client; content:"GET"; http_method; content:"/ns3.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518861/; classtype:trojan-activity;sid:84381961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518860)"; flow:established,from_client; content:"GET"; http_method; content:"/ns1.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518860/; classtype:trojan-activity;sid:84381960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.39.181.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_19; reference:url, urlhaus.abuse.ch/url/3518308/; classtype:trojan-activity;sid:84381408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3517053)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3517053/; classtype:trojan-activity;sid:84380153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3517040)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3517040/; classtype:trojan-activity;sid:84380140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516658)"; flow:established,from_client; content:"GET"; http_method; content:"/vinhuptoday/testbn/raw/refs/heads/main/brbotnet.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3516658/; classtype:trojan-activity;sid:84379758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.219.49.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3516584/; classtype:trojan-activity;sid:84379684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516107)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3516107/; classtype:trojan-activity;sid:84379207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515966)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"84.21.172.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515966/; classtype:trojan-activity;sid:84379066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515950)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.116.208.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515950/; classtype:trojan-activity;sid:84379050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515947)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.93.28.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515947/; classtype:trojan-activity;sid:84379047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515937)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.93.28.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515937/; classtype:trojan-activity;sid:84379037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515938)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"129.204.254.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515938/; classtype:trojan-activity;sid:84379038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515905)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.74.209.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515905/; classtype:trojan-activity;sid:84379005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514570)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hrp9lnasbplclnhppp1abwb1uwv4kdvs"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514570/; classtype:trojan-activity;sid:84377670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514066)"; flow:established,from_client; content:"GET"; http_method; content:"/nkminash/my-codd/raw/896d806a9b4569c9c3a275f200ebe7d2ecec5702/snd16061.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514066/; classtype:trojan-activity;sid:84377166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.19.57.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513496/; classtype:trojan-activity;sid:84376596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3513251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin//support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:78; isdataat:!1,relative; nocase; content:"45.88.186.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_16; reference:url, urlhaus.abuse.ch/url/3513251/; classtype:trojan-activity;sid:84376351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3511783)"; flow:established,from_client; content:"GET"; http_method; content:"/ghdsdcbn124.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.khavar.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_15; reference:url, urlhaus.abuse.ch/url/3511783/; classtype:trojan-activity;sid:84374883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3511286)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.91.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3511286/; classtype:trojan-activity;sid:84374386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510901)"; flow:established,from_client; content:"GET"; http_method; content:"/dl16"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510901/; classtype:trojan-activity;sid:84374001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.25.8.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510839/; classtype:trojan-activity;sid:84373939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510830)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.200.94.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510830/; classtype:trojan-activity;sid:84373930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510726)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510726/; classtype:trojan-activity;sid:84373826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510727)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510727/; classtype:trojan-activity;sid:84373827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510724)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510724/; classtype:trojan-activity;sid:84373824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510725)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510725/; classtype:trojan-activity;sid:84373825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510721)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510721/; classtype:trojan-activity;sid:84373821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510722)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510722/; classtype:trojan-activity;sid:84373822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510723)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510723/; classtype:trojan-activity;sid:84373823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510718)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510718/; classtype:trojan-activity;sid:84373818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510712)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510712/; classtype:trojan-activity;sid:84373812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510713)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510713/; classtype:trojan-activity;sid:84373813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510714)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510714/; classtype:trojan-activity;sid:84373814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510715)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510715/; classtype:trojan-activity;sid:84373815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510716)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510716/; classtype:trojan-activity;sid:84373816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509907)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmounben/lc/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509907/; classtype:trojan-activity;sid:84373007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509904)"; flow:established,from_client; content:"GET"; http_method; content:"/justjzero/ahh/refs/heads/main/cloudy.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509904/; classtype:trojan-activity;sid:84373004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509901)"; flow:established,from_client; content:"GET"; http_method; content:"/justjzero/ahh/raw/refs/heads/main/cloudy.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509901/; classtype:trojan-activity;sid:84373001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509872)"; flow:established,from_client; content:"GET"; http_method; content:"/niggedddx/dependenciuesfeife/raw/refs/heads/main/bruterv3.1.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509872/; classtype:trojan-activity;sid:84372972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"nnnpanel.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509591/; classtype:trojan-activity;sid:84372691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxprotectech.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509583/; classtype:trojan-activity;sid:84372683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxguardwave.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509585/; classtype:trojan-activity;sid:84372685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxshieldcore.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509586/; classtype:trojan-activity;sid:84372686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxcryptorix.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509588/; classtype:trojan-activity;sid:84372688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxarmorcrypt.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509589/; classtype:trojan-activity;sid:84372689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxguardify.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509590/; classtype:trojan-activity;sid:84372690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxcyberedge.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509574/; classtype:trojan-activity;sid:84372674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3508860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.70.59.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_12; reference:url, urlhaus.abuse.ch/url/3508860/; classtype:trojan-activity;sid:84371960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.60.246.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507942/; classtype:trojan-activity;sid:84371042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507474)"; flow:established,from_client; content:"GET"; http_method; content:"/kibnakamoto/mimikatz/main/mimikatz.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507474/; classtype:trojan-activity;sid:84370574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507456/; classtype:trojan-activity;sid:84370556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507452)"; flow:established,from_client; content:"GET"; http_method; content:"/misterlobster22/mimik/blob/main/mimikatz.exe|3f|raw=true"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507452/; classtype:trojan-activity;sid:84370552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506392)"; flow:established,from_client; content:"GET"; http_method; content:"/deepakmeena2006/lib/6753a65f543afe81079459a8439ec1e0c0a660b4/s86.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506392/; classtype:trojan-activity;sid:84369492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506391)"; flow:established,from_client; content:"GET"; http_method; content:"/deepakmeena2006/lib/6753a65f543afe81079459a8439ec1e0c0a660b4/s64.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506391/; classtype:trojan-activity;sid:84369491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506386)"; flow:established,from_client; content:"GET"; http_method; content:"/mosseve/reverbed/releases/download/3.8.8/reverbed.v3.8.8.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506386/; classtype:trojan-activity;sid:84369486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506346)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kcbhxhjt-bdxszgxt1nfnzdt5hpvkwk4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506346/; classtype:trojan-activity;sid:84369446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1muftth-5lscdi3ovd5vn7sjkeit2h9k1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505672/; classtype:trojan-activity;sid:84368772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.40.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505645/; classtype:trojan-activity;sid:84368745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505506)"; flow:established,from_client; content:"GET"; http_method; content:"/makeewyk.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bestieslos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505506/; classtype:trojan-activity;sid:84368606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505504)"; flow:established,from_client; content:"GET"; http_method; content:"/uulyorik.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bestieslos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505504/; classtype:trojan-activity;sid:84368604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505502)"; flow:established,from_client; content:"GET"; http_method; content:"/pmlqrjin.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bestieslos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505502/; classtype:trojan-activity;sid:84368602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505422)"; flow:established,from_client; content:"GET"; http_method; content:"/jaime00marulanda/yt-audio-api/releases/download/v2.6.9/yt-audio-api_v2.6.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505422/; classtype:trojan-activity;sid:84368522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505418)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/helloswaps/releases/download/v2.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505418/; classtype:trojan-activity;sid:84368518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505393)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/react-material/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505393/; classtype:trojan-activity;sid:84368493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505394)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/ticker-ai-with-tailwind-css/releases/download/v2.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505394/; classtype:trojan-activity;sid:84368494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505395)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/react-material/releases/download/v2.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505395/; classtype:trojan-activity;sid:84368495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505396)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/docs/releases/download/v2.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505396/; classtype:trojan-activity;sid:84368496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505397)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/simple-todo-list/releases/download/v2.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505397/; classtype:trojan-activity;sid:84368497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505398)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/governingdocs/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505398/; classtype:trojan-activity;sid:84368498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505399)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creatives-for-you/releases/download/v2.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505399/; classtype:trojan-activity;sid:84368499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505400)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/basic-js-problem-solving/releases/download/v1.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505400/; classtype:trojan-activity;sid:84368500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505401)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/governingdocs/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505401/; classtype:trojan-activity;sid:84368501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505402)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/ticker-ai-with-tailwind-css/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505402/; classtype:trojan-activity;sid:84368502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505403)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/wizia/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505403/; classtype:trojan-activity;sid:84368503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505404)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/kiekefotografie/releases/download/v2.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505404/; classtype:trojan-activity;sid:84368504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505405)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/kiekefotografie/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505405/; classtype:trojan-activity;sid:84368505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505406)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/docs/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505406/; classtype:trojan-activity;sid:84368506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505407)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/helloswaps/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505407/; classtype:trojan-activity;sid:84368507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505408)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/mastercard-ui/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505408/; classtype:trojan-activity;sid:84368508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505409)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/wizia/releases/download/v2.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505409/; classtype:trojan-activity;sid:84368509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505410)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/profile-card/releases/download/v2.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505410/; classtype:trojan-activity;sid:84368510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505411)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creative-for-you/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505411/; classtype:trojan-activity;sid:84368511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505412)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/mastercard-ui/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505412/; classtype:trojan-activity;sid:84368512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505413)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/profile-card/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505413/; classtype:trojan-activity;sid:84368513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505414)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creatives-for-you/releases/download/v1.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505414/; classtype:trojan-activity;sid:84368514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505415)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/creative-for-you/releases/download/v2.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505415/; classtype:trojan-activity;sid:84368515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505416)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/simple-todo-list/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505416/; classtype:trojan-activity;sid:84368516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505417)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/basic-js-problem-solving/releases/download/v2.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505417/; classtype:trojan-activity;sid:84368517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505384)"; flow:established,from_client; content:"GET"; http_method; content:"/klhhrx/reel-rec/releases/download/v2.0/release_x64.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505384/; classtype:trojan-activity;sid:84368484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505385)"; flow:established,from_client; content:"GET"; http_method; content:"/andremedina15/reel-rec/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505385/; classtype:trojan-activity;sid:84368485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505376)"; flow:established,from_client; content:"GET"; http_method; content:"/andremedina15/reel-rec/releases/download/v2.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505376/; classtype:trojan-activity;sid:84368476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505377)"; flow:established,from_client; content:"GET"; http_method; content:"/electrichermit/vegas-pro-version/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505377/; classtype:trojan-activity;sid:84368477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505378)"; flow:established,from_client; content:"GET"; http_method; content:"/7777suprim/expo-rsc-movies/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505378/; classtype:trojan-activity;sid:84368478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505379)"; flow:established,from_client; content:"GET"; http_method; content:"/klhhrx/reel-rec/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505379/; classtype:trojan-activity;sid:84368479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505382)"; flow:established,from_client; content:"GET"; http_method; content:"/ergin3432432/movie-mates/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505382/; classtype:trojan-activity;sid:84368482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505336)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/youtube_playlist_downloader/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505336/; classtype:trojan-activity;sid:84368436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505334)"; flow:established,from_client; content:"GET"; http_method; content:"/yumyumdonuts/free-youtube-to-mp3-converter-free/releases/download/1.1.2/freeyoutubetomp3converterfree-1.1.2.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505334/; classtype:trojan-activity;sid:84368434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505327)"; flow:established,from_client; content:"GET"; http_method; content:"/lbngrg/social-media-downloader/releases/download/glassful/social-media-downloader-glassful"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505327/; classtype:trojan-activity;sid:84368427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505328)"; flow:established,from_client; content:"GET"; http_method; content:"/vignesh5229/yt-blaze/releases/download/1.9.1-beta.4/yt-blaze-1.9.1-beta.4.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505328/; classtype:trojan-activity;sid:84368428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505332)"; flow:established,from_client; content:"GET"; http_method; content:"/lbngrg/social-media-downloader/releases/download/v1.8.0/social-media-downloader-v1.8.0"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505332/; classtype:trojan-activity;sid:84368432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505313)"; flow:established,from_client; content:"GET"; http_method; content:"/nmattioni/upload/raw/refs/heads/master/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505313/; classtype:trojan-activity;sid:84368413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505307)"; flow:established,from_client; content:"GET"; http_method; content:"/anamesias580/upload/refs/heads/master/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505307/; classtype:trojan-activity;sid:84368407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505305)"; flow:established,from_client; content:"GET"; http_method; content:"/phanu85/upload/raw/refs/heads/master/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505305/; classtype:trojan-activity;sid:84368405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505304)"; flow:established,from_client; content:"GET"; http_method; content:"/pantay/upload/raw/refs/heads/master/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505304/; classtype:trojan-activity;sid:84368404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"45.88.186.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505108/; classtype:trojan-activity;sid:84368208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504870)"; flow:established,from_client; content:"GET"; http_method; content:"/public/upload/files/l.sh"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"39.104.161.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3504870/; classtype:trojan-activity;sid:84367970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504757)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.232.204.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504757/; classtype:trojan-activity;sid:84367857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504758)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.232.204.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504758/; classtype:trojan-activity;sid:84367858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504759)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.232.204.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504759/; classtype:trojan-activity;sid:84367859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504760)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.232.204.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504760/; classtype:trojan-activity;sid:84367860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504761)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.232.204.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504761/; classtype:trojan-activity;sid:84367861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504762)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.232.204.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504762/; classtype:trojan-activity;sid:84367862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504753)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.232.204.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504753/; classtype:trojan-activity;sid:84367853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504754)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.232.204.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504754/; classtype:trojan-activity;sid:84367854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504755)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.232.204.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504755/; classtype:trojan-activity;sid:84367855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504756)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.232.204.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504756/; classtype:trojan-activity;sid:84367856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504713)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.238.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504713/; classtype:trojan-activity;sid:84367813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.60.216.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503677/; classtype:trojan-activity;sid:84366777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.227.177.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503671/; classtype:trojan-activity;sid:84366771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.17.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503657/; classtype:trojan-activity;sid:84366757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503409)"; flow:established,from_client; content:"GET"; http_method; content:"/tirtekeka/rat-client/zip/refs/heads/main"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503409/; classtype:trojan-activity;sid:84366509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503003)"; flow:established,from_client; content:"GET"; http_method; content:"/download/konsol.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"backupso.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3503003/; classtype:trojan-activity;sid:84366103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3501628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.42.54.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_05; reference:url, urlhaus.abuse.ch/url/3501628/; classtype:trojan-activity;sid:84364728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3501619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.0.41.126"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_05; reference:url, urlhaus.abuse.ch/url/3501619/; classtype:trojan-activity;sid:84364719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3501608)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"35.137.185.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_05; reference:url, urlhaus.abuse.ch/url/3501608/; classtype:trojan-activity;sid:84364708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500891)"; flow:established,from_client; content:"GET"; http_method; content:"/chin/ifjjmktge.mp3"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dcrun.co.uk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500891/; classtype:trojan-activity;sid:84363991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.185.1.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500747/; classtype:trojan-activity;sid:84363847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499996)"; flow:established,from_client; content:"GET"; http_method; content:"/bahaaaymen/chapito/releases/download/v3.3.6/stay.out.firewind.v1.8.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499996/; classtype:trojan-activity;sid:84363096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499995)"; flow:established,from_client; content:"GET"; http_method; content:"/sylvanogammer/apex-no-recoil/releases/download/v1.8.4-beta.4/apex-no-recoil-v1.8.4-beta.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499995/; classtype:trojan-activity;sid:84363095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499993)"; flow:established,from_client; content:"GET"; http_method; content:"/roniel8/apex-no-recoil/releases/download/v2.5.1-alpha.3/apex-no-recoil-v2-5-1-alpha-3.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499993/; classtype:trojan-activity;sid:84363093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxironvault.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499800/; classtype:trojan-activity;sid:84362900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxphantomlock.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499801/; classtype:trojan-activity;sid:84362901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499150)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.124.72.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_02; reference:url, urlhaus.abuse.ch/url/3499150/; classtype:trojan-activity;sid:84362250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498482)"; flow:established,from_client; content:"GET"; http_method; content:"/juanbustoss/src/raw/refs/heads/master/application.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498482/; classtype:trojan-activity;sid:84361582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498084)"; flow:established,from_client; content:"GET"; http_method; content:"/shellyacm/imgx/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498084/; classtype:trojan-activity;sid:84361184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498082)"; flow:established,from_client; content:"GET"; http_method; content:"/shellyacm/imgx/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498082/; classtype:trojan-activity;sid:84361182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498069)"; flow:established,from_client; content:"GET"; http_method; content:"/unknownn89/hackinggpt/releases/download/1.8.9/hackinggpt-1.8.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498069/; classtype:trojan-activity;sid:84361169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498070)"; flow:established,from_client; content:"GET"; http_method; content:"/demonsofhe/onion-rings/releases/download/3.1.7/onion-rings-3.1.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498070/; classtype:trojan-activity;sid:84361170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498071)"; flow:established,from_client; content:"GET"; http_method; content:"/soulfly02/greentendo/releases/download/v1.1/soft.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498071/; classtype:trojan-activity;sid:84361171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498072)"; flow:established,from_client; content:"GET"; http_method; content:"/warisalishah/mytube/releases/download/v1.1/soft.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498072/; classtype:trojan-activity;sid:84361172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498073)"; flow:established,from_client; content:"GET"; http_method; content:"/rippez/wordkeeper/releases/download/caseharden/release.caseharden.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498073/; classtype:trojan-activity;sid:84361173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498074)"; flow:established,from_client; content:"GET"; http_method; content:"/alesti19/driver-booster-pro-installer-2025/releases/download/3.5.4/driver-booster-pro-installer-2025-3.5.4.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498074/; classtype:trojan-activity;sid:84361174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498076)"; flow:established,from_client; content:"GET"; http_method; content:"/jxx1234567890jxx/datatransformationchecker/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498076/; classtype:trojan-activity;sid:84361176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498078)"; flow:established,from_client; content:"GET"; http_method; content:"/8e8bdba457c18cf692a95fe2ec67000b/vulkancooperativematrixattention/releases/download/v2.0/software.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498078/; classtype:trojan-activity;sid:84361178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498064)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerboy5916/booknotify/releases/download/v1.0/release_x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498064/; classtype:trojan-activity;sid:84361164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498065)"; flow:established,from_client; content:"GET"; http_method; content:"/soup6792/silverblue-base-/releases/download/v1.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498065/; classtype:trojan-activity;sid:84361165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498066)"; flow:established,from_client; content:"GET"; http_method; content:"/madureira20/pixtrail/releases/download/3.3.3/pixtrail-3.3.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498066/; classtype:trojan-activity;sid:84361166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498067)"; flow:established,from_client; content:"GET"; http_method; content:"/frank698/localocr/releases/download/v2.3.3/localocr_v2.3.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498067/; classtype:trojan-activity;sid:84361167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498055)"; flow:established,from_client; content:"GET"; http_method; content:"/unknownn89/hackinggpt/releases/download/crowned/hackinggpt-crowned.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498055/; classtype:trojan-activity;sid:84361155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498056)"; flow:established,from_client; content:"GET"; http_method; content:"/wfeifefeifef/pokemon-crud/releases/download/v1.1/soft.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498056/; classtype:trojan-activity;sid:84361156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498058)"; flow:established,from_client; content:"GET"; http_method; content:"/03juseroto/fitlog-progress-tracker-app/releases/download/v1.1/soft.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498058/; classtype:trojan-activity;sid:84361158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498059)"; flow:established,from_client; content:"GET"; http_method; content:"/julia2806/stock-watch/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498059/; classtype:trojan-activity;sid:84361159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498044)"; flow:established,from_client; content:"GET"; http_method; content:"/soup6792/silverblue-base-/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498044/; classtype:trojan-activity;sid:84361144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498045)"; flow:established,from_client; content:"GET"; http_method; content:"/ushii/weather_app/releases/download/v1.0/installer.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498045/; classtype:trojan-activity;sid:84361145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498047)"; flow:established,from_client; content:"GET"; http_method; content:"/rahulpa045/cphishtermux/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498047/; classtype:trojan-activity;sid:84361147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498050)"; flow:established,from_client; content:"GET"; http_method; content:"/wfeifefeifef/pokemon-crud/releases/download/v1.2/soft.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498050/; classtype:trojan-activity;sid:84361150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498052)"; flow:established,from_client; content:"GET"; http_method; content:"/soulfly02/greentendo/releases/download/v1.2/soft.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498052/; classtype:trojan-activity;sid:84361152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498053)"; flow:established,from_client; content:"GET"; http_method; content:"/jxx1234567890jxx/datatransformationchecker/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498053/; classtype:trojan-activity;sid:84361153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498054)"; flow:established,from_client; content:"GET"; http_method; content:"/nazaastore/abacus2api/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498054/; classtype:trojan-activity;sid:84361154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498029)"; flow:established,from_client; content:"GET"; http_method; content:"/03juseroto/fitlog-progress-tracker-app/releases/download/v1.2/soft.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498029/; classtype:trojan-activity;sid:84361129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498030)"; flow:established,from_client; content:"GET"; http_method; content:"/x4lex19o/vue3-crypto-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498030/; classtype:trojan-activity;sid:84361130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498031)"; flow:established,from_client; content:"GET"; http_method; content:"/clemmrobl/capture-one-pro-free/releases/download/1.1.2/capture-one-pro-free-1.1.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498031/; classtype:trojan-activity;sid:84361131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498032)"; flow:established,from_client; content:"GET"; http_method; content:"/computoki/e/releases/download/v1.0/software.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498032/; classtype:trojan-activity;sid:84361132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498033)"; flow:established,from_client; content:"GET"; http_method; content:"/gamer615/acdsee-photo-studio-professional-download/releases/download/v1.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498033/; classtype:trojan-activity;sid:84361133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498034)"; flow:established,from_client; content:"GET"; http_method; content:"/ushii/weather_app/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498034/; classtype:trojan-activity;sid:84361134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498035)"; flow:established,from_client; content:"GET"; http_method; content:"/lucianoolferxa98/solanaj/releases/download/1.9.4-alpha.2/solanaj-v1.9.4-alpha.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498035/; classtype:trojan-activity;sid:84361135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498036)"; flow:established,from_client; content:"GET"; http_method; content:"/gamer615/acdsee-photo-studio-professional-download/releases/download/v2.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498036/; classtype:trojan-activity;sid:84361136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498038)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/php-library-system/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498038/; classtype:trojan-activity;sid:84361138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498040)"; flow:established,from_client; content:"GET"; http_method; content:"/warisalishah/mytube/releases/download/v1.2/soft.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498040/; classtype:trojan-activity;sid:84361140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498041)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerboy5916/booknotify/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498041/; classtype:trojan-activity;sid:84361141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497914)"; flow:established,from_client; content:"GET"; http_method; content:"/pirlokipngeno/crackftp/releases/download/3.5.4/crackftp-3.5.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497914/; classtype:trojan-activity;sid:84361014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497913)"; flow:established,from_client; content:"GET"; http_method; content:"/kinayeeasd/wpcracker/releases/download/2.0.7-beta.4/wpcracker.2.0.7-beta.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497913/; classtype:trojan-activity;sid:84361013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497910)"; flow:established,from_client; content:"GET"; http_method; content:"/tefa1234/wpcracker/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497910/; classtype:trojan-activity;sid:84361010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497906)"; flow:established,from_client; content:"GET"; http_method; content:"/tefa1234/wpcracker/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497906/; classtype:trojan-activity;sid:84361006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497898)"; flow:established,from_client; content:"GET"; http_method; content:"/slyge/yescrypt_crack/releases/download/v2.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497898/; classtype:trojan-activity;sid:84360998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497905)"; flow:established,from_client; content:"GET"; http_method; content:"/slyge/yescrypt_crack/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497905/; classtype:trojan-activity;sid:84361005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497885)"; flow:established,from_client; content:"GET"; http_method; content:"/zigaaaaaaaa/crackftp/releases/download/v2.3.0/crackftp.v2.3.0.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497885/; classtype:trojan-activity;sid:84360985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497878)"; flow:established,from_client; content:"GET"; http_method; content:"/zigaaaaaaaa/crackftp/releases/download/v3.4.5/release.v3.4.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497878/; classtype:trojan-activity;sid:84360978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497872)"; flow:established,from_client; content:"GET"; http_method; content:"/tisha466/stardock_groupy_crack/releases/download/1.7.2/release.1.7.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497872/; classtype:trojan-activity;sid:84360972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497826)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497826/; classtype:trojan-activity;sid:84360926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497822)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497822/; classtype:trojan-activity;sid:84360922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497823)"; flow:established,from_client; content:"GET"; http_method; content:"/unlimxts2/password-manager-intermediate/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497823/; classtype:trojan-activity;sid:84360923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497824)"; flow:established,from_client; content:"GET"; http_method; content:"/neverluckz/stack-back/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497824/; classtype:trojan-activity;sid:84360924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497825)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497825/; classtype:trojan-activity;sid:84360925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497820)"; flow:established,from_client; content:"GET"; http_method; content:"/luisdetre/cmv-stressor/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497820/; classtype:trojan-activity;sid:84360920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497817)"; flow:established,from_client; content:"GET"; http_method; content:"/alan7385/top-10-malware-detection-projects/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497817/; classtype:trojan-activity;sid:84360917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497818)"; flow:established,from_client; content:"GET"; http_method; content:"/luisdetre/cmv-stressor/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497818/; classtype:trojan-activity;sid:84360918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497819)"; flow:established,from_client; content:"GET"; http_method; content:"/alan7385/top-10-malware-detection-projects/releases/download/v1.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497819/; classtype:trojan-activity;sid:84360919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497808)"; flow:established,from_client; content:"GET"; http_method; content:"/0quvy/d-d-trading-program/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497808/; classtype:trojan-activity;sid:84360908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497809)"; flow:established,from_client; content:"GET"; http_method; content:"/jack69393/vuldb-api-golang-examples/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497809/; classtype:trojan-activity;sid:84360909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497810)"; flow:established,from_client; content:"GET"; http_method; content:"/0quvy/d-d-trading-program/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497810/; classtype:trojan-activity;sid:84360910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497811)"; flow:established,from_client; content:"GET"; http_method; content:"/jack69393/vuldb-api-golang-examples/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497811/; classtype:trojan-activity;sid:84360911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497806)"; flow:established,from_client; content:"GET"; http_method; content:"/dragon271320/test-audit/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497806/; classtype:trojan-activity;sid:84360906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497805)"; flow:established,from_client; content:"GET"; http_method; content:"/ffxjevefi/nix-system-services-hardened/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497805/; classtype:trojan-activity;sid:84360905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497798)"; flow:established,from_client; content:"GET"; http_method; content:"/wolladand120/wireless-protect_service_version/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497798/; classtype:trojan-activity;sid:84360898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497797)"; flow:established,from_client; content:"GET"; http_method; content:"/supreme-snaze/permutations/releases/download/v1.0/program.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497797/; classtype:trojan-activity;sid:84360897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497794)"; flow:established,from_client; content:"GET"; http_method; content:"/rip257/dotnet-sdk/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497794/; classtype:trojan-activity;sid:84360894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497791)"; flow:established,from_client; content:"GET"; http_method; content:"/rip257/dotnet-sdk/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497791/; classtype:trojan-activity;sid:84360891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497790)"; flow:established,from_client; content:"GET"; http_method; content:"/wolladand120/wireless-protect_service_version/releases/download/v1.0/soft.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497790/; classtype:trojan-activity;sid:84360890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497786)"; flow:established,from_client; content:"GET"; http_method; content:"/hackhackboyss/crypto-aml-check/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497786/; classtype:trojan-activity;sid:84360886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497782)"; flow:established,from_client; content:"GET"; http_method; content:"/panozkaiscool/guard-clauses/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497782/; classtype:trojan-activity;sid:84360882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497783)"; flow:established,from_client; content:"GET"; http_method; content:"/indiizza/shadowtool/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497783/; classtype:trojan-activity;sid:84360883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497775)"; flow:established,from_client; content:"GET"; http_method; content:"/hackhackboyss/crypto-aml-check/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497775/; classtype:trojan-activity;sid:84360875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497772)"; flow:established,from_client; content:"GET"; http_method; content:"/zackkung688/split-fiction/releases/download/lavalike/splitfiction-lavalike.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497772/; classtype:trojan-activity;sid:84360872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497769)"; flow:established,from_client; content:"GET"; http_method; content:"/tuliodrx/ovh-ddos/releases/download/2.5.6/ovh-ddos-2.5.6.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497769/; classtype:trojan-activity;sid:84360869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497766)"; flow:established,from_client; content:"GET"; http_method; content:"/trunghiuu08/pc-health-advisor/releases/download/3.5.4/pc.health.advisor.3.5.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497766/; classtype:trojan-activity;sid:84360866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497761)"; flow:established,from_client; content:"GET"; http_method; content:"/simplefastfunnels254/tg-cybersec/releases/download/v2.7.1/tg-cybersec-v2.7.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497761/; classtype:trojan-activity;sid:84360861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497760)"; flow:established,from_client; content:"GET"; http_method; content:"/ykn1/dishost/releases/download/1.3.8/dishost.1.3.8.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497760/; classtype:trojan-activity;sid:84360860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497758)"; flow:established,from_client; content:"GET"; http_method; content:"/repirate/asset-recovery-tool/releases/download/v1.7.6/asset-recovery-tool-v1.7.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497758/; classtype:trojan-activity;sid:84360858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497755)"; flow:established,from_client; content:"GET"; http_method; content:"/uruguayopr/sword-art-online-fractured-daydream-cheat/releases/download/3.9.3/sword.art.online.fractured.daydream.cheat.v3.9.3.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497755/; classtype:trojan-activity;sid:84360855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497754)"; flow:established,from_client; content:"GET"; http_method; content:"/cxavi10/ddos-protection/releases/download/uncork/ddos-protection-uncork.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497754/; classtype:trojan-activity;sid:84360854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497750)"; flow:established,from_client; content:"GET"; http_method; content:"/reflx-dot/api-pentesting-tools/releases/download/macrogamete/api.pentesting.tools.macrogamete.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497750/; classtype:trojan-activity;sid:84360850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497749)"; flow:established,from_client; content:"GET"; http_method; content:"/sinoyj00/strongvpn/releases/download/pseudobrotherly/strongvpn_pseudobrotherly.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497749/; classtype:trojan-activity;sid:84360849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497748)"; flow:established,from_client; content:"GET"; http_method; content:"/folcon92/brutecheker/releases/download/2.1.0/brutecheker-v2.1.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497748/; classtype:trojan-activity;sid:84360848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497746)"; flow:established,from_client; content:"GET"; http_method; content:"/92tino/zenless-zone-zero-menu/releases/download/v2.9.3/zenith-zoom-v2.9.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497746/; classtype:trojan-activity;sid:84360846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497744)"; flow:established,from_client; content:"GET"; http_method; content:"/truthtower1/nitro-key/releases/download/v2.2.3/nitro-key_v2.2.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497744/; classtype:trojan-activity;sid:84360844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497739)"; flow:established,from_client; content:"GET"; http_method; content:"/ander12342/pugdns/releases/download/1.3.1/pugdns_v1.3.1.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497739/; classtype:trojan-activity;sid:84360839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497734)"; flow:established,from_client; content:"GET"; http_method; content:"/aravind2152/dune-imperium-vision/releases/download/2.3.8/dune-imperium-vision-2.3.8.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497734/; classtype:trojan-activity;sid:84360834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497708)"; flow:established,from_client; content:"GET"; http_method; content:"/stormy2307/esp32-breakout-rust/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497708/; classtype:trojan-activity;sid:84360808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497709)"; flow:established,from_client; content:"GET"; http_method; content:"/stormy2307/esp32-breakout-rust/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497709/; classtype:trojan-activity;sid:84360809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497705)"; flow:established,from_client; content:"GET"; http_method; content:"/kannankannana/fivem-mod-menu/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497705/; classtype:trojan-activity;sid:84360805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497706)"; flow:established,from_client; content:"GET"; http_method; content:"/kannankannana/fivem-mod-menu/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497706/; classtype:trojan-activity;sid:84360806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497692)"; flow:established,from_client; content:"GET"; http_method; content:"/nuriia-i/palia-script/releases/download/anisoin/palia-script_anisoin.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497692/; classtype:trojan-activity;sid:84360792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497677)"; flow:established,from_client; content:"GET"; http_method; content:"/devpev777/d/refs/heads/main/r.msi"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497677/; classtype:trojan-activity;sid:84360777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.14.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497334/; classtype:trojan-activity;sid:84360434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.97.222.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497333/; classtype:trojan-activity;sid:84360433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.67.26.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497305/; classtype:trojan-activity;sid:84360405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.186.28.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497306/; classtype:trojan-activity;sid:84360406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497266)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497266/; classtype:trojan-activity;sid:84360366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497120)"; flow:established,from_client; content:"GET"; http_method; content:"/dodobaba25/repo/refs/heads/master/s64.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3497120/; classtype:trojan-activity;sid:84360220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497121)"; flow:established,from_client; content:"GET"; http_method; content:"/dodobaba25/repo/refs/heads/master/s86.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3497121/; classtype:trojan-activity;sid:84360221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496952)"; flow:established,from_client; content:"GET"; http_method; content:"/benkku25/assets/raw/41f4f8f16b76af39e1bc3f8024b66010dd2617c7/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496952/; classtype:trojan-activity;sid:84360052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496664)"; flow:established,from_client; content:"GET"; http_method; content:"/syklon99/ai-chatbot-svelte/releases/download/v1.4.9/ai-chatbot-svelte-v1.4.9.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496664/; classtype:trojan-activity;sid:84359764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496663)"; flow:established,from_client; content:"GET"; http_method; content:"/mohamedbama/spider-man-2/releases/download/1.6.7/spider-man-2_v1.6.7.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496663/; classtype:trojan-activity;sid:84359763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496662)"; flow:established,from_client; content:"GET"; http_method; content:"/sigarikafat/xeet/releases/download/1.6.4/xeet_v1.6.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496662/; classtype:trojan-activity;sid:84359762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496649)"; flow:established,from_client; content:"GET"; http_method; content:"/cooldudeqwer1/esp32marauder-portal-pwn/releases/download/v1.0/program.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496649/; classtype:trojan-activity;sid:84359749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496647)"; flow:established,from_client; content:"GET"; http_method; content:"/ashhh220711/checkers/releases/download/v1.0/program.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496647/; classtype:trojan-activity;sid:84359747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496645)"; flow:established,from_client; content:"GET"; http_method; content:"/naoval19/tacos/releases/download/v1.0/program.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496645/; classtype:trojan-activity;sid:84359745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496646)"; flow:established,from_client; content:"GET"; http_method; content:"/naoval19/tacos/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496646/; classtype:trojan-activity;sid:84359746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496637)"; flow:established,from_client; content:"GET"; http_method; content:"/tountolover/board-taxomomies/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496637/; classtype:trojan-activity;sid:84359737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496636)"; flow:established,from_client; content:"GET"; http_method; content:"/levinrr/swiftextensions/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496636/; classtype:trojan-activity;sid:84359736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496628)"; flow:established,from_client; content:"GET"; http_method; content:"/vandalyz/nodejs-dockerized-app/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496628/; classtype:trojan-activity;sid:84359728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496630)"; flow:established,from_client; content:"GET"; http_method; content:"/levinrr/swiftextensions/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496630/; classtype:trojan-activity;sid:84359730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496631)"; flow:established,from_client; content:"GET"; http_method; content:"/rle123/ai-self-coding-book/releases/download/v1.0/program.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496631/; classtype:trojan-activity;sid:84359731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496634)"; flow:established,from_client; content:"GET"; http_method; content:"/2trk/sillyfiles/releases/download/v1.0/program.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496634/; classtype:trojan-activity;sid:84359734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496635)"; flow:established,from_client; content:"GET"; http_method; content:"/kerlissandro/how-i-stripe/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496635/; classtype:trojan-activity;sid:84359735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496624)"; flow:established,from_client; content:"GET"; http_method; content:"/kerlissandro/how-i-stripe/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496624/; classtype:trojan-activity;sid:84359724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496625)"; flow:established,from_client; content:"GET"; http_method; content:"/vandalyz/nodejs-dockerized-app/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496625/; classtype:trojan-activity;sid:84359725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496626)"; flow:established,from_client; content:"GET"; http_method; content:"/2trk/sillyfiles/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496626/; classtype:trojan-activity;sid:84359726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496597)"; flow:established,from_client; content:"GET"; http_method; content:"/juann22/fastmud/releases/download/2.1.1/fastmud.2.1.1.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496597/; classtype:trojan-activity;sid:84359697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496600)"; flow:established,from_client; content:"GET"; http_method; content:"/erik2011/multi-theft-auto-menu/releases/download/2.1.9/multi-theft-auto-menu-2.1.9.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496600/; classtype:trojan-activity;sid:84359700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496602)"; flow:established,from_client; content:"GET"; http_method; content:"/alperenuurlu/mobile-legends-menu/releases/download/v3.3.0/mobile.legends.menu.v3.3.0.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496602/; classtype:trojan-activity;sid:84359702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496604)"; flow:established,from_client; content:"GET"; http_method; content:"/yahabaha/exam-quiz-test/releases/download/v2.9.2/exam-quiz-test-v2.9.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496604/; classtype:trojan-activity;sid:84359704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496591)"; flow:established,from_client; content:"GET"; http_method; content:"/brian124qqr/nero-burning-rom-free/releases/download/1.4.8-beta.3/nero-burning-rom-free-1.4.8-beta.3.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496591/; classtype:trojan-activity;sid:84359691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496592)"; flow:established,from_client; content:"GET"; http_method; content:"/klaus998851/github-achievements/releases/download/3.5.8/github-achievements-3.5.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496592/; classtype:trojan-activity;sid:84359692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496594)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidi-crypto/quarkus-openapi-problem/releases/download/v1.4.2/quarkus-openapi-problem-v1.4.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496594/; classtype:trojan-activity;sid:84359694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496585)"; flow:established,from_client; content:"GET"; http_method; content:"/aboubakar909/dreamdance/releases/download/v2.5.1/dreamdance.v2.5.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496585/; classtype:trojan-activity;sid:84359685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496564)"; flow:established,from_client; content:"GET"; http_method; content:"/stepbox23/assets/60af1f798cc4708a2872a66cebab351e529e43f8/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496564/; classtype:trojan-activity;sid:84359664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496067)"; flow:established,from_client; content:"GET"; http_method; content:"/new_image.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496067/; classtype:trojan-activity;sid:84359167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496061)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/raw/refs/heads/main/ud.bat"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496061/; classtype:trojan-activity;sid:84359161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496058)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/raw/main/ud.bat"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496058/; classtype:trojan-activity;sid:84359158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3495857)"; flow:established,from_client; content:"GET"; http_method; content:"/tsl/downloader.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tobecation.github.io"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3495857/; classtype:trojan-activity;sid:84358957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3495124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"accesspoint.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3495124/; classtype:trojan-activity;sid:84358224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494793)"; flow:established,from_client; content:"GET"; http_method; content:"/dl20"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3494793/; classtype:trojan-activity;sid:84357893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493868)"; flow:established,from_client; content:"GET"; http_method; content:"/order_svea.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lindenappliances.co.za"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493868/; classtype:trojan-activity;sid:84356968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493608)"; flow:established,from_client; content:"GET"; http_method; content:"/aussieonzaza/assets/refs/heads/master/launcher.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493608/; classtype:trojan-activity;sid:84356708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493606)"; flow:established,from_client; content:"GET"; http_method; content:"/khemrinp/brookhaven-script/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493606/; classtype:trojan-activity;sid:84356706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493604)"; flow:established,from_client; content:"GET"; http_method; content:"/rafael1679/assets/raw/refs/heads/master/launcher.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493604/; classtype:trojan-activity;sid:84356704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493088)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3493088/; classtype:trojan-activity;sid:84356188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492619)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/wild-storage/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492619/; classtype:trojan-activity;sid:84355719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492620)"; flow:established,from_client; content:"GET"; http_method; content:"/jo-dll/hb4/releases/download/v2.0/software.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492620/; classtype:trojan-activity;sid:84355720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492621)"; flow:established,from_client; content:"GET"; http_method; content:"/bbget00/wikitok/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492621/; classtype:trojan-activity;sid:84355721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492622)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeu-cpu/coap-mqtt-encryption/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492622/; classtype:trojan-activity;sid:84355722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492618)"; flow:established,from_client; content:"GET"; http_method; content:"/bbget00/wikitok/releases/download/v1.0/app.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492618/; classtype:trojan-activity;sid:84355718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492611)"; flow:established,from_client; content:"GET"; http_method; content:"/forzon96/cataclismo/releases/download/1.4.6/cataclismo_1.4.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492611/; classtype:trojan-activity;sid:84355711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492613)"; flow:established,from_client; content:"GET"; http_method; content:"/mjunaid87/tokenset/releases/download/v2.8.1/tokenset.v2.8.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492613/; classtype:trojan-activity;sid:84355713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492608)"; flow:established,from_client; content:"GET"; http_method; content:"/joacokia/oopd/releases/download/bretschneideraceae/oopd_bretschneideraceae.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492608/; classtype:trojan-activity;sid:84355708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492601)"; flow:established,from_client; content:"GET"; http_method; content:"/stayns/glpwnme/releases/download/3.1.1/glpwnme-3.1.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492601/; classtype:trojan-activity;sid:84355701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492602)"; flow:established,from_client; content:"GET"; http_method; content:"/catexec/signature-recognition-cnn/releases/download/v1.6.8/signature-recognition-cnn-v1.6.8.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492602/; classtype:trojan-activity;sid:84355702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492604)"; flow:established,from_client; content:"GET"; http_method; content:"/tombalestra/m3-spatial/releases/download/v3.3.4/m3-spatial-v3.3.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492604/; classtype:trojan-activity;sid:84355704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492600)"; flow:established,from_client; content:"GET"; http_method; content:"/mardecilnonp568/assasin-creed-shadows/releases/download/v2.7.5/assassin-creed-shadows-v2.7.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492600/; classtype:trojan-activity;sid:84355700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492591)"; flow:established,from_client; content:"GET"; http_method; content:"/sudip1801/loyalty/releases/download/v3.4.4-alpha.1/loyalty_v3.4.4-alpha.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492591/; classtype:trojan-activity;sid:84355691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492586)"; flow:established,from_client; content:"GET"; http_method; content:"/bosstrung/fedora/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492586/; classtype:trojan-activity;sid:84355686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492580)"; flow:established,from_client; content:"GET"; http_method; content:"/jppb1216/hit-swap-fix/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492580/; classtype:trojan-activity;sid:84355680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492581)"; flow:established,from_client; content:"GET"; http_method; content:"/hzufu/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492581/; classtype:trojan-activity;sid:84355681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492582)"; flow:established,from_client; content:"GET"; http_method; content:"/hzufu/cosmicstar/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492582/; classtype:trojan-activity;sid:84355682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492584)"; flow:established,from_client; content:"GET"; http_method; content:"/jppb1216/hit-swap-fix/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492584/; classtype:trojan-activity;sid:84355684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492578)"; flow:established,from_client; content:"GET"; http_method; content:"/artinplay123/seed-checker-by-creqtor/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492578/; classtype:trojan-activity;sid:84355678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492579)"; flow:established,from_client; content:"GET"; http_method; content:"/artinplay123/seed-checker-by-creqtor/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492579/; classtype:trojan-activity;sid:84355679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492575)"; flow:established,from_client; content:"GET"; http_method; content:"/taham56/bliss_browser_golo/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492575/; classtype:trojan-activity;sid:84355675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492576)"; flow:established,from_client; content:"GET"; http_method; content:"/taham56/bliss_browser_golo/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492576/; classtype:trojan-activity;sid:84355676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492577)"; flow:established,from_client; content:"GET"; http_method; content:"/antifreezsa/portfolio/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492577/; classtype:trojan-activity;sid:84355677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492563)"; flow:established,from_client; content:"GET"; http_method; content:"/reninstem/productlisting/releases/download/2.6.1/productlisting-2.6.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492563/; classtype:trojan-activity;sid:84355663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492557)"; flow:established,from_client; content:"GET"; http_method; content:"/suvam-01/alayalite/releases/download/v1.4.8/alayalite_v1.4.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492557/; classtype:trojan-activity;sid:84355657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492553)"; flow:established,from_client; content:"GET"; http_method; content:"/ricardocrc735/navicatpwn/releases/download/3.2.3/navicatpwn-3.2.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492553/; classtype:trojan-activity;sid:84355653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492224)"; flow:established,from_client; content:"GET"; http_method; content:"/lordland929on6/1ab-phantasystaronline2b/releases/download/p7ew0zthra/156qeiu3fhnohcj2.rar"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492224/; classtype:trojan-activity;sid:84355324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492193)"; flow:established,from_client; content:"GET"; http_method; content:"/jaiaiaka/pancake-protectors-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492193/; classtype:trojan-activity;sid:84355293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492194)"; flow:established,from_client; content:"GET"; http_method; content:"/jaiaiaka/pancake-protectors-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492194/; classtype:trojan-activity;sid:84355294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492188)"; flow:established,from_client; content:"GET"; http_method; content:"/eding442gfm/1ar-bladeandsoulr/releases/download/4sd7l2qydh/37uji8i2.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492188/; classtype:trojan-activity;sid:84355288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492186)"; flow:established,from_client; content:"GET"; http_method; content:"/eding442gfm/1ax-bladeandsoulx/releases/download/n6seqop1o4/q.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492186/; classtype:trojan-activity;sid:84355286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492168)"; flow:established,from_client; content:"GET"; http_method; content:"/howlux40worthyfp4h/1af-starwars-theoldrepublicf/releases/download/j0ndd81djg/eskf6bqczzc2j.rar"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492168/; classtype:trojan-activity;sid:84355268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492160)"; flow:established,from_client; content:"GET"; http_method; content:"/uragon005/ai-chatbot-svelte/releases/download/v2.4.5/ai-chatbot-svelte_v2.4.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492160/; classtype:trojan-activity;sid:84355260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492148)"; flow:established,from_client; content:"GET"; http_method; content:"/clishine/blade-ball/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492148/; classtype:trojan-activity;sid:84355248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492142)"; flow:established,from_client; content:"GET"; http_method; content:"/clishine/blade-ball/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492142/; classtype:trojan-activity;sid:84355242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492135)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeguay/seed-phrase-generator/releases/download/v1.0/release.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492135/; classtype:trojan-activity;sid:84355235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492134)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeguay/seed-phrase-generator/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492134/; classtype:trojan-activity;sid:84355234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492123)"; flow:established,from_client; content:"GET"; http_method; content:"/mathists9/abaqus-aluminum-bending-ductile-damage-3d/releases/download/2.7.3/release.2.7.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492123/; classtype:trojan-activity;sid:84355223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492116)"; flow:established,from_client; content:"GET"; http_method; content:"/averagecoderinohio/crop-disease-identification-model/releases/download/v1.0/release.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492116/; classtype:trojan-activity;sid:84355216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492117)"; flow:established,from_client; content:"GET"; http_method; content:"/averagecoderinohio/crop-disease-identification-model/releases/download/v2.0/software.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492117/; classtype:trojan-activity;sid:84355217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492118)"; flow:established,from_client; content:"GET"; http_method; content:"/aki019aki/godotttttt/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492118/; classtype:trojan-activity;sid:84355218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492112)"; flow:established,from_client; content:"GET"; http_method; content:"/solarcrownyt/learning-sqlx/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492112/; classtype:trojan-activity;sid:84355212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492113)"; flow:established,from_client; content:"GET"; http_method; content:"/aki019aki/godotttttt/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492113/; classtype:trojan-activity;sid:84355213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492099)"; flow:established,from_client; content:"GET"; http_method; content:"/shanabbasi916/about-miguel/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492099/; classtype:trojan-activity;sid:84355199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492098)"; flow:established,from_client; content:"GET"; http_method; content:"/shanabbasi916/about-miguel/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492098/; classtype:trojan-activity;sid:84355198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492086)"; flow:established,from_client; content:"GET"; http_method; content:"/voslol/hack-crypto-wallet/releases/download/croupous/hack-crypto-wallet-croupous.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492086/; classtype:trojan-activity;sid:84355186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492074)"; flow:established,from_client; content:"GET"; http_method; content:"/hakimil/hack-crypto-wallet/releases/download/v2.7.7-beta.4/hack-crypto-wallet-v2.7.7-beta.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492074/; classtype:trojan-activity;sid:84355174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492056)"; flow:established,from_client; content:"GET"; http_method; content:"/aussieonzaza/assets/raw/refs/heads/master/launcher.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492056/; classtype:trojan-activity;sid:84355156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491981)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.116.208.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491981/; classtype:trojan-activity;sid:84355081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491957)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.24.64.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491957/; classtype:trojan-activity;sid:84355057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.121.103.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491771/; classtype:trojan-activity;sid:84354871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491653)"; flow:established,from_client; content:"GET"; http_method; content:"/hassan-be/pet-simulator-99-dupe-gui/releases/download/newmarket/pet-simulator-99-dupe-gui-newmarket.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491653/; classtype:trojan-activity;sid:84354753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490438)"; flow:established,from_client; content:"GET"; http_method; content:"/kenzie299312/hack-crypto-wallet/releases/download/v1.9.0-alpha.1/hack-crypto-wallet-v1.9.0-alpha.1.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490438/; classtype:trojan-activity;sid:84353538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490437)"; flow:established,from_client; content:"GET"; http_method; content:"/kenzie299312/hack-crypto-wallet/releases/download/3.7.6/hack-crypto-wallet_v3.7.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490437/; classtype:trojan-activity;sid:84353537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490432)"; flow:established,from_client; content:"GET"; http_method; content:"/phamkhanhhung208/assets/refs/heads/master/launcher.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490432/; classtype:trojan-activity;sid:84353532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490427)"; flow:established,from_client; content:"GET"; http_method; content:"/rafael1679/assets/refs/heads/master/launcher.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490427/; classtype:trojan-activity;sid:84353527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490409)"; flow:established,from_client; content:"GET"; http_method; content:"/beast2122006/assignment/238415a963aab57f18fd2c2ef60995d7c0b39fe0/library.txt"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490409/; classtype:trojan-activity;sid:84353509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490350)"; flow:established,from_client; content:"GET"; http_method; content:"/ilganrat342/dertyom/refs/heads/main/setup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490350/; classtype:trojan-activity;sid:84353450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490349)"; flow:established,from_client; content:"GET"; http_method; content:"/rh/setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d3cciiowg5l3jx.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490349/; classtype:trojan-activity;sid:84353449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490313)"; flow:established,from_client; content:"GET"; http_method; content:"/kammywammyman/boyboy/main/chromeupdate.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490313/; classtype:trojan-activity;sid:84353413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490294)"; flow:established,from_client; content:"GET"; http_method; content:"/tacocat2222/materia-fivem/refs/heads/main/loader.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490294/; classtype:trojan-activity;sid:84353394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490235)"; flow:established,from_client; content:"GET"; http_method; content:"/dl18"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490235/; classtype:trojan-activity;sid:84353335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489510)"; flow:established,from_client; content:"GET"; http_method; content:"/theus12324/roblox-appleware/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489510/; classtype:trojan-activity;sid:84352610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489509)"; flow:established,from_client; content:"GET"; http_method; content:"/aldenpogznet22/hamster-bot/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489509/; classtype:trojan-activity;sid:84352609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489505)"; flow:established,from_client; content:"GET"; http_method; content:"/azoresn/roblox-nihon/releases/download/v1.0/executor.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489505/; classtype:trojan-activity;sid:84352605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489507)"; flow:established,from_client; content:"GET"; http_method; content:"/jjgamerz123/roblox-nihon/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489507/; classtype:trojan-activity;sid:84352607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489508)"; flow:established,from_client; content:"GET"; http_method; content:"/worakom99/carbon-executor/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489508/; classtype:trojan-activity;sid:84352608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489502)"; flow:established,from_client; content:"GET"; http_method; content:"/thurynw/uoffice_library_uot/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489502/; classtype:trojan-activity;sid:84352602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489501)"; flow:established,from_client; content:"GET"; http_method; content:"/jamescarlzafra/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489501/; classtype:trojan-activity;sid:84352601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489474)"; flow:established,from_client; content:"GET"; http_method; content:"/toanminh2004/duan1/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489474/; classtype:trojan-activity;sid:84352574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489476)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/loco/releases/download/v1.0/application.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489476/; classtype:trojan-activity;sid:84352576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489478)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/loco/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489478/; classtype:trojan-activity;sid:84352578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489479)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-2/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489479/; classtype:trojan-activity;sid:84352579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489480)"; flow:established,from_client; content:"GET"; http_method; content:"/cistelsa/predictive-sentiment-analysis-of-twitter-for-btc/releases/download/v1.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489480/; classtype:trojan-activity;sid:84352580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489481)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-proxytv/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489481/; classtype:trojan-activity;sid:84352581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489471)"; flow:established,from_client; content:"GET"; http_method; content:"/cistelsa/predictive-sentiment-analysis-of-twitter-for-btc/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489471/; classtype:trojan-activity;sid:84352571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489472)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-proxytv/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489472/; classtype:trojan-activity;sid:84352572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489473)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-2/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489473/; classtype:trojan-activity;sid:84352573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489466)"; flow:established,from_client; content:"GET"; http_method; content:"/justakidthatcode/deez-guess/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489466/; classtype:trojan-activity;sid:84352566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489467)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/pythonproject3src/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489467/; classtype:trojan-activity;sid:84352567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489465)"; flow:established,from_client; content:"GET"; http_method; content:"/kelsey950/bounceoff/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489465/; classtype:trojan-activity;sid:84352565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489455)"; flow:established,from_client; content:"GET"; http_method; content:"/pritamdash143/art-expo/releases/download/v1.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489455/; classtype:trojan-activity;sid:84352555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489456)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-1/releases/download/v1.0/release_x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489456/; classtype:trojan-activity;sid:84352556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489457)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-2/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489457/; classtype:trojan-activity;sid:84352557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489458)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-1/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489458/; classtype:trojan-activity;sid:84352558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489459)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/pi_analisis_de_criptomonedas/releases/download/v1.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489459/; classtype:trojan-activity;sid:84352559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489461)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-2/releases/download/v1.0/release_x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489461/; classtype:trojan-activity;sid:84352561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489463)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/pi_analisis_de_criptomonedas/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489463/; classtype:trojan-activity;sid:84352563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489464)"; flow:established,from_client; content:"GET"; http_method; content:"/justakidthatcode/deez-guess/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489464/; classtype:trojan-activity;sid:84352564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489451)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/pythonproject3src/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489451/; classtype:trojan-activity;sid:84352551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489452)"; flow:established,from_client; content:"GET"; http_method; content:"/kelsey950/collition-algorithm/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489452/; classtype:trojan-activity;sid:84352552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489428)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/leanx/releases/download/v2.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489428/; classtype:trojan-activity;sid:84352528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489440)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/leanx/releases/download/v1.0/application.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489440/; classtype:trojan-activity;sid:84352540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489411)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/gerenciamento-de-eventos3/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489411/; classtype:trojan-activity;sid:84352511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489407)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/gerenciamento-de-eventos3/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489407/; classtype:trojan-activity;sid:84352507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489369)"; flow:established,from_client; content:"GET"; http_method; content:"/dcfam747/dcfam747.github.io/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489369/; classtype:trojan-activity;sid:84352469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489370)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489370/; classtype:trojan-activity;sid:84352470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489373)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/dnangel298/releases/download/v1.0/program.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489373/; classtype:trojan-activity;sid:84352473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489375)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v1.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489375/; classtype:trojan-activity;sid:84352475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489380)"; flow:established,from_client; content:"GET"; http_method; content:"/thomas636b/skills-introduction-to-github/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489380/; classtype:trojan-activity;sid:84352480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489382)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489382/; classtype:trojan-activity;sid:84352482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489383)"; flow:established,from_client; content:"GET"; http_method; content:"/dcfam747/dcfam747.github.io/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489383/; classtype:trojan-activity;sid:84352483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489385)"; flow:established,from_client; content:"GET"; http_method; content:"/thomas636b/skills-introduction-to-github/releases/download/v1.0/release.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489385/; classtype:trojan-activity;sid:84352485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489386)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/dnangel298/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489386/; classtype:trojan-activity;sid:84352486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489367)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/dnangel298/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489367/; classtype:trojan-activity;sid:84352467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489333)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/new/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489333/; classtype:trojan-activity;sid:84352433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489336)"; flow:established,from_client; content:"GET"; http_method; content:"/akashnilrecovered/text-formatting-crash-course/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489336/; classtype:trojan-activity;sid:84352436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489339)"; flow:established,from_client; content:"GET"; http_method; content:"/btl-database/front-end/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489339/; classtype:trojan-activity;sid:84352439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489340)"; flow:established,from_client; content:"GET"; http_method; content:"/akashnilrecovered/text-formatting-crash-course/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489340/; classtype:trojan-activity;sid:84352440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489330)"; flow:established,from_client; content:"GET"; http_method; content:"/tountolover/tountolover/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489330/; classtype:trojan-activity;sid:84352430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489331)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/new/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489331/; classtype:trojan-activity;sid:84352431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489310)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489310/; classtype:trojan-activity;sid:84352410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489313)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489313/; classtype:trojan-activity;sid:84352413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489314)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489314/; classtype:trojan-activity;sid:84352414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489315)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489315/; classtype:trojan-activity;sid:84352415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489317)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/newlaravel/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489317/; classtype:trojan-activity;sid:84352417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489307)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489307/; classtype:trojan-activity;sid:84352407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489308)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489308/; classtype:trojan-activity;sid:84352408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489300)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489300/; classtype:trojan-activity;sid:84352400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489303)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/newlaravel/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489303/; classtype:trojan-activity;sid:84352403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489272)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/l.github.io/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489272/; classtype:trojan-activity;sid:84352372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489274)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/frontendmentor/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489274/; classtype:trojan-activity;sid:84352374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489275)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489275/; classtype:trojan-activity;sid:84352375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489280)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/frontendmentor/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489280/; classtype:trojan-activity;sid:84352380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489284)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/l.github.io/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489284/; classtype:trojan-activity;sid:84352384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489288)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v1.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489288/; classtype:trojan-activity;sid:84352388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489266)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bootable_recovery/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489266/; classtype:trojan-activity;sid:84352366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489265)"; flow:established,from_client; content:"GET"; http_method; content:"/hackslash-nitp/healthcare-web-page/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489265/; classtype:trojan-activity;sid:84352365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489263)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinycompress/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489263/; classtype:trojan-activity;sid:84352363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489264)"; flow:established,from_client; content:"GET"; http_method; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489264/; classtype:trojan-activity;sid:84352364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489244)"; flow:established,from_client; content:"GET"; http_method; content:"/confidencemedia/confidencemedia.com/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489244/; classtype:trojan-activity;sid:84352344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489245)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489245/; classtype:trojan-activity;sid:84352345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489246)"; flow:established,from_client; content:"GET"; http_method; content:"/amineehhhhhhhtopg/grrrrr/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489246/; classtype:trojan-activity;sid:84352346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489247)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_build/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489247/; classtype:trojan-activity;sid:84352347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489248)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_json-c/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489248/; classtype:trojan-activity;sid:84352348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489249)"; flow:established,from_client; content:"GET"; http_method; content:"/hermogenesjr/domu/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489249/; classtype:trojan-activity;sid:84352349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489250)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/proxy-service/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489250/; classtype:trojan-activity;sid:84352350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489251)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489251/; classtype:trojan-activity;sid:84352351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489252)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinycompress/releases/download/v1.0/application.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489252/; classtype:trojan-activity;sid:84352352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489253)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_build/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489253/; classtype:trojan-activity;sid:84352353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489254)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/proyecto_final/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489254/; classtype:trojan-activity;sid:84352354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489255)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_selinux/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489255/; classtype:trojan-activity;sid:84352355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489256)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_json-c/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489256/; classtype:trojan-activity;sid:84352356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489257)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/mybot1/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489257/; classtype:trojan-activity;sid:84352357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489258)"; flow:established,from_client; content:"GET"; http_method; content:"/leehanini/leehanini.github.io/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489258/; classtype:trojan-activity;sid:84352358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489260)"; flow:established,from_client; content:"GET"; http_method; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489260/; classtype:trojan-activity;sid:84352360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489261)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489261/; classtype:trojan-activity;sid:84352361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489262)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/final/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489262/; classtype:trojan-activity;sid:84352362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489230)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/proyecto_final/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489230/; classtype:trojan-activity;sid:84352330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489231)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_sqlite/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489231/; classtype:trojan-activity;sid:84352331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489232)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bootable_recovery/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489232/; classtype:trojan-activity;sid:84352332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489234)"; flow:established,from_client; content:"GET"; http_method; content:"/amineehhhhhhhtopg/grrrrr/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489234/; classtype:trojan-activity;sid:84352334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489235)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/mybot1/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489235/; classtype:trojan-activity;sid:84352335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489237)"; flow:established,from_client; content:"GET"; http_method; content:"/nodiq/ranksshow/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489237/; classtype:trojan-activity;sid:84352337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489239)"; flow:established,from_client; content:"GET"; http_method; content:"/leehanini/leehanini.github.io/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489239/; classtype:trojan-activity;sid:84352339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489240)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bionic/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489240/; classtype:trojan-activity;sid:84352340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489241)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/proxy-service/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489241/; classtype:trojan-activity;sid:84352341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489242)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_sqlite/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489242/; classtype:trojan-activity;sid:84352342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489243)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489243/; classtype:trojan-activity;sid:84352343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489227)"; flow:established,from_client; content:"GET"; http_method; content:"/ambassadorscoders/togonon_motiv.poster/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489227/; classtype:trojan-activity;sid:84352327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489228)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bionic/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489228/; classtype:trojan-activity;sid:84352328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489213)"; flow:established,from_client; content:"GET"; http_method; content:"/sriramapriyan/medicinal-plants-classification/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489213/; classtype:trojan-activity;sid:84352313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489214)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/12-03assignment/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489214/; classtype:trojan-activity;sid:84352314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489215)"; flow:established,from_client; content:"GET"; http_method; content:"/cvm010/nucleus/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489215/; classtype:trojan-activity;sid:84352315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489218)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/eltrapico2/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489218/; classtype:trojan-activity;sid:84352318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489219)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/amazon/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489219/; classtype:trojan-activity;sid:84352319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489220)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/land/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489220/; classtype:trojan-activity;sid:84352320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489205)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/fri-app/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489205/; classtype:trojan-activity;sid:84352305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489206)"; flow:established,from_client; content:"GET"; http_method; content:"/essa1212/aku/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489206/; classtype:trojan-activity;sid:84352306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489207)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/ecommerce/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489207/; classtype:trojan-activity;sid:84352307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489210)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/90-days-dsa-challenges/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489210/; classtype:trojan-activity;sid:84352310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489211)"; flow:established,from_client; content:"GET"; http_method; content:"/student-chicken/fit-track-goal-progress/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489211/; classtype:trojan-activity;sid:84352311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489212)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/resume/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489212/; classtype:trojan-activity;sid:84352312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489202)"; flow:established,from_client; content:"GET"; http_method; content:"/cvm010/movie/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489202/; classtype:trojan-activity;sid:84352302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489203)"; flow:established,from_client; content:"GET"; http_method; content:"/vernaloqui/farmer-shubreact/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489203/; classtype:trojan-activity;sid:84352303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489177)"; flow:established,from_client; content:"GET"; http_method; content:"/desmonsd/blazingtool/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489177/; classtype:trojan-activity;sid:84352277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489178)"; flow:established,from_client; content:"GET"; http_method; content:"/djmuro4ever/personal/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489178/; classtype:trojan-activity;sid:84352278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489179)"; flow:established,from_client; content:"GET"; http_method; content:"/desmonsd/blazingtool/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489179/; classtype:trojan-activity;sid:84352279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489176)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/99monisha/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489176/; classtype:trojan-activity;sid:84352276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489173)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/fixing-error-0xc00000ba/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489173/; classtype:trojan-activity;sid:84352273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489175)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/deploy-admin/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489175/; classtype:trojan-activity;sid:84352275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489166)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/manuxing/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489166/; classtype:trojan-activity;sid:84352266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489167)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/protfolio-design/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489167/; classtype:trojan-activity;sid:84352267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489168)"; flow:established,from_client; content:"GET"; http_method; content:"/neko-emon/fixing-error-0xc000007b/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489168/; classtype:trojan-activity;sid:84352268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489169)"; flow:established,from_client; content:"GET"; http_method; content:"/ggjgjghggvc/fixing-error-0xc00000ba/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489169/; classtype:trojan-activity;sid:84352269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489170)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwani15upadhyay/weather-app/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489170/; classtype:trojan-activity;sid:84352270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489171)"; flow:established,from_client; content:"GET"; http_method; content:"/matimazzia/worldgame-web/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489171/; classtype:trojan-activity;sid:84352271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489172)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwani15upadhyay/portfolio/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489172/; classtype:trojan-activity;sid:84352272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489164)"; flow:established,from_client; content:"GET"; http_method; content:"/evil-cyber65/prem-ig/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489164/; classtype:trojan-activity;sid:84352264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489165)"; flow:established,from_client; content:"GET"; http_method; content:"/hannah20190/fixing-error-d3dx9-43-dll/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489165/; classtype:trojan-activity;sid:84352265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489153)"; flow:established,from_client; content:"GET"; http_method; content:"/anas200321/kernel-memory-reading-writing/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489153/; classtype:trojan-activity;sid:84352253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489154)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/aluraflix/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489154/; classtype:trojan-activity;sid:84352254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489155)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v3.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489155/; classtype:trojan-activity;sid:84352255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489156)"; flow:established,from_client; content:"GET"; http_method; content:"/pedjagejmer/digital-resume-builder/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489156/; classtype:trojan-activity;sid:84352256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489157)"; flow:established,from_client; content:"GET"; http_method; content:"/bryanlps/ai-data-scientist-scores-top-1-percent-on-kaggle/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489157/; classtype:trojan-activity;sid:84352257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489147)"; flow:established,from_client; content:"GET"; http_method; content:"/suffer220/bbuild/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489147/; classtype:trojan-activity;sid:84352247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489148)"; flow:established,from_client; content:"GET"; http_method; content:"/bryanlps/ai-data-scientist-scores-top-1-percent-on-kaggle/releases/download/v1.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489148/; classtype:trojan-activity;sid:84352248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489149)"; flow:established,from_client; content:"GET"; http_method; content:"/suffer220/bbuild/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489149/; classtype:trojan-activity;sid:84352249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489150)"; flow:established,from_client; content:"GET"; http_method; content:"/kennethxc33/bliss_browser_codeowners/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489150/; classtype:trojan-activity;sid:84352250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489151)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489151/; classtype:trojan-activity;sid:84352251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489152)"; flow:established,from_client; content:"GET"; http_method; content:"/kennethxc33/bliss_browser_codeowners/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489152/; classtype:trojan-activity;sid:84352252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489146)"; flow:established,from_client; content:"GET"; http_method; content:"/jorgegael5/tos/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489146/; classtype:trojan-activity;sid:84352246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489144)"; flow:established,from_client; content:"GET"; http_method; content:"/pedjagejmer/digital-resume-builder/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489144/; classtype:trojan-activity;sid:84352244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489145)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/aluraflix/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489145/; classtype:trojan-activity;sid:84352245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489123)"; flow:established,from_client; content:"GET"; http_method; content:"/kayraspro/snake-fruit-game-asmr/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489123/; classtype:trojan-activity;sid:84352223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489124)"; flow:established,from_client; content:"GET"; http_method; content:"/mrrobot0404/the-wild-oasis/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489124/; classtype:trojan-activity;sid:84352224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489125)"; flow:established,from_client; content:"GET"; http_method; content:"/mrrobot0404/the-wild-oasis/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489125/; classtype:trojan-activity;sid:84352225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489126)"; flow:established,from_client; content:"GET"; http_method; content:"/guest0689/flutter-starter-app/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489126/; classtype:trojan-activity;sid:84352226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489127)"; flow:established,from_client; content:"GET"; http_method; content:"/drankrych/fakebtcsend/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489127/; classtype:trojan-activity;sid:84352227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489128)"; flow:established,from_client; content:"GET"; http_method; content:"/atom3dx/array-base-scatter-filled/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489128/; classtype:trojan-activity;sid:84352228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489129)"; flow:established,from_client; content:"GET"; http_method; content:"/bluecheatah123/apex/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489129/; classtype:trojan-activity;sid:84352229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489131)"; flow:established,from_client; content:"GET"; http_method; content:"/lethanhdat0403/earnorm/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489131/; classtype:trojan-activity;sid:84352231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489132)"; flow:established,from_client; content:"GET"; http_method; content:"/undenialable/grpc-sso-service/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489132/; classtype:trojan-activity;sid:84352232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489133)"; flow:established,from_client; content:"GET"; http_method; content:"/grahgrahboom/myportfolio/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489133/; classtype:trojan-activity;sid:84352233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489135)"; flow:established,from_client; content:"GET"; http_method; content:"/firematheo00x/chat-app-mern/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489135/; classtype:trojan-activity;sid:84352235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489137)"; flow:established,from_client; content:"GET"; http_method; content:"/monyigamer/bliss_browser_janet/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489137/; classtype:trojan-activity;sid:84352237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489138)"; flow:established,from_client; content:"GET"; http_method; content:"/undenialable/grpc-sso-service/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489138/; classtype:trojan-activity;sid:84352238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489115)"; flow:established,from_client; content:"GET"; http_method; content:"/brabaoeu/powershell_httpserver/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489115/; classtype:trojan-activity;sid:84352215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489116)"; flow:established,from_client; content:"GET"; http_method; content:"/theboss6921/json-to-typescript/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489116/; classtype:trojan-activity;sid:84352216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489117)"; flow:established,from_client; content:"GET"; http_method; content:"/speedwalker48700/snu_2d_programmingtools_ide_nwscript/releases/download/v2.0/software.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489117/; classtype:trojan-activity;sid:84352217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489118)"; flow:established,from_client; content:"GET"; http_method; content:"/monyigamer/bliss_browser_janet/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489118/; classtype:trojan-activity;sid:84352218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489119)"; flow:established,from_client; content:"GET"; http_method; content:"/tamiur2011/cors-proxy-server-employee-api/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489119/; classtype:trojan-activity;sid:84352219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489120)"; flow:established,from_client; content:"GET"; http_method; content:"/firematheo00x/chat-app-mern/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489120/; classtype:trojan-activity;sid:84352220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489121)"; flow:established,from_client; content:"GET"; http_method; content:"/theboss6921/json-to-typescript/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489121/; classtype:trojan-activity;sid:84352221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489122)"; flow:established,from_client; content:"GET"; http_method; content:"/austinxsome/key-clicker/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489122/; classtype:trojan-activity;sid:84352222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489105)"; flow:established,from_client; content:"GET"; http_method; content:"/preakp90/python_wallpaper_crawler/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489105/; classtype:trojan-activity;sid:84352205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489106)"; flow:established,from_client; content:"GET"; http_method; content:"/shirfor/autoforjob/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489106/; classtype:trojan-activity;sid:84352206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489107)"; flow:established,from_client; content:"GET"; http_method; content:"/shirfor/autoforjob/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489107/; classtype:trojan-activity;sid:84352207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489108)"; flow:established,from_client; content:"GET"; http_method; content:"/probe895/prodigy_wd_01/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489108/; classtype:trojan-activity;sid:84352208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489098)"; flow:established,from_client; content:"GET"; http_method; content:"/juliocesarmara/emojico/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489098/; classtype:trojan-activity;sid:84352198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489099)"; flow:established,from_client; content:"GET"; http_method; content:"/pop144615/wmpignore/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489099/; classtype:trojan-activity;sid:84352199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489100)"; flow:established,from_client; content:"GET"; http_method; content:"/samudark4068/test-interface/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489100/; classtype:trojan-activity;sid:84352200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489104)"; flow:established,from_client; content:"GET"; http_method; content:"/samudark4068/test-interface/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489104/; classtype:trojan-activity;sid:84352204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489097)"; flow:established,from_client; content:"GET"; http_method; content:"/daar12-web/testdmode/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489097/; classtype:trojan-activity;sid:84352197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489094)"; flow:established,from_client; content:"GET"; http_method; content:"/daar12-web/testdmode/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489094/; classtype:trojan-activity;sid:84352194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489095)"; flow:established,from_client; content:"GET"; http_method; content:"/probe895/prodigy_wd_01/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489095/; classtype:trojan-activity;sid:84352195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489090)"; flow:established,from_client; content:"GET"; http_method; content:"/lilanders123/act/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489090/; classtype:trojan-activity;sid:84352190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489088)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/project-hub/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489088/; classtype:trojan-activity;sid:84352188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489089)"; flow:established,from_client; content:"GET"; http_method; content:"/salvix317/bliss_browser_mirah/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489089/; classtype:trojan-activity;sid:84352189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489077)"; flow:established,from_client; content:"GET"; http_method; content:"/1erne/blue-potato-nvidia/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489077/; classtype:trojan-activity;sid:84352177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489078)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeydluffy6956/fixedprojects/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489078/; classtype:trojan-activity;sid:84352178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489080)"; flow:established,from_client; content:"GET"; http_method; content:"/tiago1237/react-cooking-ninja/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489080/; classtype:trojan-activity;sid:84352180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489081)"; flow:established,from_client; content:"GET"; http_method; content:"/irineubelutti/pro-portfolio-website/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489081/; classtype:trojan-activity;sid:84352181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489082)"; flow:established,from_client; content:"GET"; http_method; content:"/jimjam112/linktree-template/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489082/; classtype:trojan-activity;sid:84352182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489083)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/project-hub/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489083/; classtype:trojan-activity;sid:84352183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489085)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/bliss_browser_odin/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489085/; classtype:trojan-activity;sid:84352185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489086)"; flow:established,from_client; content:"GET"; http_method; content:"/irineubelutti/pro-portfolio-website/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489086/; classtype:trojan-activity;sid:84352186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489087)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/bliss_browser_odin/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489087/; classtype:trojan-activity;sid:84352187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489073)"; flow:established,from_client; content:"GET"; http_method; content:"/1erne/blue-potato-nvidia/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489073/; classtype:trojan-activity;sid:84352173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489074)"; flow:established,from_client; content:"GET"; http_method; content:"/jimjam112/linktree-template/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489074/; classtype:trojan-activity;sid:84352174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489075)"; flow:established,from_client; content:"GET"; http_method; content:"/salvix317/bliss_browser_mirah/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489075/; classtype:trojan-activity;sid:84352175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489076)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeydluffy6956/fixedprojects/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489076/; classtype:trojan-activity;sid:84352176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489063)"; flow:established,from_client; content:"GET"; http_method; content:"/basterfg/myproject/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489063/; classtype:trojan-activity;sid:84352163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489054)"; flow:established,from_client; content:"GET"; http_method; content:"/booody123/manual-brick-breaker/releases/download/v1.0/program.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489054/; classtype:trojan-activity;sid:84352154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489055)"; flow:established,from_client; content:"GET"; http_method; content:"/joshuagamayutin/bytesized.webring/releases/download/v1.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489055/; classtype:trojan-activity;sid:84352155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489056)"; flow:established,from_client; content:"GET"; http_method; content:"/lucksssssss/flick_share/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489056/; classtype:trojan-activity;sid:84352156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489058)"; flow:established,from_client; content:"GET"; http_method; content:"/lol123123456/flowdown-beta/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489058/; classtype:trojan-activity;sid:84352158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489059)"; flow:established,from_client; content:"GET"; http_method; content:"/lucksssssss/flick_share/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489059/; classtype:trojan-activity;sid:84352159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489060)"; flow:established,from_client; content:"GET"; http_method; content:"/carlosprogramador991/baitroute/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489060/; classtype:trojan-activity;sid:84352160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489061)"; flow:established,from_client; content:"GET"; http_method; content:"/carlosprogramador991/baitroute/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489061/; classtype:trojan-activity;sid:84352161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489051)"; flow:established,from_client; content:"GET"; http_method; content:"/brahiim05/indian_migrating_students_analysis/releases/download/v1.0/program.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489051/; classtype:trojan-activity;sid:84352151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489052)"; flow:established,from_client; content:"GET"; http_method; content:"/lol123123456/flowdown-beta/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489052/; classtype:trojan-activity;sid:84352152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489049)"; flow:established,from_client; content:"GET"; http_method; content:"/basterfg/myproject/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489049/; classtype:trojan-activity;sid:84352149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489050)"; flow:established,from_client; content:"GET"; http_method; content:"/joshuagamayutin/bytesized.webring/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489050/; classtype:trojan-activity;sid:84352150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489046)"; flow:established,from_client; content:"GET"; http_method; content:"/brahiim05/indian_migrating_students_analysis/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489046/; classtype:trojan-activity;sid:84352146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489047)"; flow:established,from_client; content:"GET"; http_method; content:"/booody123/manual-brick-breaker/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489047/; classtype:trojan-activity;sid:84352147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489042)"; flow:established,from_client; content:"GET"; http_method; content:"/ashraff12345/snu_2d_clouddrive_modes_snu/releases/download/v1.0/program.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489042/; classtype:trojan-activity;sid:84352142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489043)"; flow:established,from_client; content:"GET"; http_method; content:"/emilio549/solindexllm/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489043/; classtype:trojan-activity;sid:84352143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489041)"; flow:established,from_client; content:"GET"; http_method; content:"/anthony166-cmyk/codify/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489041/; classtype:trojan-activity;sid:84352141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489031)"; flow:established,from_client; content:"GET"; http_method; content:"/soilder931/djlint-snap/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489031/; classtype:trojan-activity;sid:84352131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489032)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v1.0/application.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489032/; classtype:trojan-activity;sid:84352132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489034)"; flow:established,from_client; content:"GET"; http_method; content:"/anthony166-cmyk/codify/releases/download/v1.0.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489034/; classtype:trojan-activity;sid:84352134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489035)"; flow:established,from_client; content:"GET"; http_method; content:"/nash-abella/organization-service/releases/download/v1.0.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489035/; classtype:trojan-activity;sid:84352135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489036)"; flow:established,from_client; content:"GET"; http_method; content:"/oneshotviper24/g-n-rateur-de-robots.txt-et-sitemap.xml/releases/download/v1.0/application.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489036/; classtype:trojan-activity;sid:84352136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489038)"; flow:established,from_client; content:"GET"; http_method; content:"/soilder931/djlint-snap/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489038/; classtype:trojan-activity;sid:84352138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489039)"; flow:established,from_client; content:"GET"; http_method; content:"/2jzlove/property-portfolio-forecaster/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489039/; classtype:trojan-activity;sid:84352139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489040)"; flow:established,from_client; content:"GET"; http_method; content:"/emilio549/solindexllm/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489040/; classtype:trojan-activity;sid:84352140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489026)"; flow:established,from_client; content:"GET"; http_method; content:"/2jzlove/property-portfolio-forecaster/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489026/; classtype:trojan-activity;sid:84352126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489027)"; flow:established,from_client; content:"GET"; http_method; content:"/nash-abella/organization-service/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489027/; classtype:trojan-activity;sid:84352127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489028)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v2.0/software.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489028/; classtype:trojan-activity;sid:84352128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489029)"; flow:established,from_client; content:"GET"; http_method; content:"/oneshotviper24/g-n-rateur-de-robots.txt-et-sitemap.xml/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489029/; classtype:trojan-activity;sid:84352129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489025)"; flow:established,from_client; content:"GET"; http_method; content:"/ashraff12345/snu_2d_clouddrive_modes_snu/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489025/; classtype:trojan-activity;sid:84352125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489020)"; flow:established,from_client; content:"GET"; http_method; content:"/tailstheflyingfox/subghost/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489020/; classtype:trojan-activity;sid:84352120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488996)"; flow:established,from_client; content:"GET"; http_method; content:"/majorclient/html-crypto-currency-chart-snippets/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488996/; classtype:trojan-activity;sid:84352096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488997)"; flow:established,from_client; content:"GET"; http_method; content:"/zaytosmooth23/metamask-wallet-api-react-web3-extension-connect-blockhain-ethereum/releases/download/v1.0/release.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488997/; classtype:trojan-activity;sid:84352097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488998)"; flow:established,from_client; content:"GET"; http_method; content:"/rizasaurus/car-price-prediction-exercise-with-regression-model/releases/download/v2.0/software.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488998/; classtype:trojan-activity;sid:84352098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488999)"; flow:established,from_client; content:"GET"; http_method; content:"/julianarpr/coinbase-wallet-python-api-wallet-storage-web-browser-multi-crypto-secure-gui/releases/download/v2.0/software.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488999/; classtype:trojan-activity;sid:84352099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489000)"; flow:established,from_client; content:"GET"; http_method; content:"/refloxo/nlp-translator/releases/download/v1.0/soft.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489000/; classtype:trojan-activity;sid:84352100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489001)"; flow:established,from_client; content:"GET"; http_method; content:"/rizasaurus/car-price-prediction-exercise-with-regression-model/releases/download/v1.0/release.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489001/; classtype:trojan-activity;sid:84352101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489002)"; flow:established,from_client; content:"GET"; http_method; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v1.0/release.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489002/; classtype:trojan-activity;sid:84352102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489003)"; flow:established,from_client; content:"GET"; http_method; content:"/tailstheflyingfox/subghost/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489003/; classtype:trojan-activity;sid:84352103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489004)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489004/; classtype:trojan-activity;sid:84352104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489005)"; flow:established,from_client; content:"GET"; http_method; content:"/basemnabill/stock-forecasting-rnn/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489005/; classtype:trojan-activity;sid:84352105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489006)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489006/; classtype:trojan-activity;sid:84352106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489007)"; flow:established,from_client; content:"GET"; http_method; content:"/basemnabill/stock-forecasting-rnn/releases/download/v1.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489007/; classtype:trojan-activity;sid:84352107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489008)"; flow:established,from_client; content:"GET"; http_method; content:"/jatomsplamkakj/mysql-bootcamp-go-from-sql-beginner-to-expert/releases/download/v1.0/release.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489008/; classtype:trojan-activity;sid:84352108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489009)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489009/; classtype:trojan-activity;sid:84352109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489010)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489010/; classtype:trojan-activity;sid:84352110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489011)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489011/; classtype:trojan-activity;sid:84352111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489012)"; flow:established,from_client; content:"GET"; http_method; content:"/jatomsplamkakj/mysql-bootcamp-go-from-sql-beginner-to-expert/releases/download/v2.0/software.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489012/; classtype:trojan-activity;sid:84352112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489013)"; flow:established,from_client; content:"GET"; http_method; content:"/dungtaplaptrinh/ivms/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489013/; classtype:trojan-activity;sid:84352113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489014)"; flow:established,from_client; content:"GET"; http_method; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v2.0/software.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489014/; classtype:trojan-activity;sid:84352114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489015)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489015/; classtype:trojan-activity;sid:84352115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489016)"; flow:established,from_client; content:"GET"; http_method; content:"/julianarpr/coinbase-wallet-python-api-wallet-storage-web-browser-multi-crypto-secure-gui/releases/download/v1.0/release.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489016/; classtype:trojan-activity;sid:84352116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488992)"; flow:established,from_client; content:"GET"; http_method; content:"/notnc/android-x64_android5.1_degoogled_edition_docs/releases/download/v1.0/application.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488992/; classtype:trojan-activity;sid:84352092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488993)"; flow:established,from_client; content:"GET"; http_method; content:"/refloxo/nlp-translator/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488993/; classtype:trojan-activity;sid:84352093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488994)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488994/; classtype:trojan-activity;sid:84352094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488995)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488995/; classtype:trojan-activity;sid:84352095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488989)"; flow:established,from_client; content:"GET"; http_method; content:"/notnc/android-x64_android5.1_degoogled_edition_docs/releases/download/v2.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488989/; classtype:trojan-activity;sid:84352089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488990)"; flow:established,from_client; content:"GET"; http_method; content:"/dungtaplaptrinh/ivms/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488990/; classtype:trojan-activity;sid:84352090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488983)"; flow:established,from_client; content:"GET"; http_method; content:"/majorclient/html-crypto-currency-chart-snippets/releases/download/v1.0/release.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488983/; classtype:trojan-activity;sid:84352083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488985)"; flow:established,from_client; content:"GET"; http_method; content:"/dredarty/ringsharp/releases/download/v1.0/soft.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488985/; classtype:trojan-activity;sid:84352085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488986)"; flow:established,from_client; content:"GET"; http_method; content:"/zaytosmooth23/metamask-wallet-api-react-web3-extension-connect-blockhain-ethereum/releases/download/v2.0/software.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488986/; classtype:trojan-activity;sid:84352086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488987)"; flow:established,from_client; content:"GET"; http_method; content:"/notnc/android-x64_android5.1_degoogled_edition_docs/releases/download/v1.0/program.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488987/; classtype:trojan-activity;sid:84352087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488988)"; flow:established,from_client; content:"GET"; http_method; content:"/dredarty/ringsharp/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488988/; classtype:trojan-activity;sid:84352088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488964)"; flow:established,from_client; content:"GET"; http_method; content:"/megapuppiedoctor/evo/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488964/; classtype:trojan-activity;sid:84352064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488966)"; flow:established,from_client; content:"GET"; http_method; content:"/peloixitu35/javascript-questions-pro/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488966/; classtype:trojan-activity;sid:84352066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488967)"; flow:established,from_client; content:"GET"; http_method; content:"/bardock47/detecteur-de-contenu-ia/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488967/; classtype:trojan-activity;sid:84352067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488968)"; flow:established,from_client; content:"GET"; http_method; content:"/mkailal/traking_app/releases/download/v1.0/release_x64.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488968/; classtype:trojan-activity;sid:84352068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488969)"; flow:established,from_client; content:"GET"; http_method; content:"/peloixitu35/javascript-questions-pro/releases/download/v1.0/program.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488969/; classtype:trojan-activity;sid:84352069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488970)"; flow:established,from_client; content:"GET"; http_method; content:"/mkailal/traking_app/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488970/; classtype:trojan-activity;sid:84352070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488971)"; flow:established,from_client; content:"GET"; http_method; content:"/happie123/milvus-querying/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488971/; classtype:trojan-activity;sid:84352071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488973)"; flow:established,from_client; content:"GET"; http_method; content:"/brunoesmael/cot_proxy/releases/download/v1.0/release.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488973/; classtype:trojan-activity;sid:84352073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488974)"; flow:established,from_client; content:"GET"; http_method; content:"/kentcann/generateur-de-fichiers-.htaccess-pour-redirections-seo/releases/download/v2.0/software.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488974/; classtype:trojan-activity;sid:84352074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488975)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaralay/generateur-de-fil-d-ariane/releases/download/v1.0/release_x64.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488975/; classtype:trojan-activity;sid:84352075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488976)"; flow:established,from_client; content:"GET"; http_method; content:"/happie123/milvus-querying/releases/download/v1.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488976/; classtype:trojan-activity;sid:84352076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488961)"; flow:established,from_client; content:"GET"; http_method; content:"/bardock47/detecteur-de-contenu-ia/releases/download/v1.0/release_x64.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488961/; classtype:trojan-activity;sid:84352061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488962)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaralay/generateur-de-fil-d-ariane/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488962/; classtype:trojan-activity;sid:84352062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488963)"; flow:established,from_client; content:"GET"; http_method; content:"/brunoesmael/cot_proxy/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488963/; classtype:trojan-activity;sid:84352063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488958)"; flow:established,from_client; content:"GET"; http_method; content:"/kentcann/generateur-de-fichiers-.htaccess-pour-redirections-seo/releases/download/v1.0/release_x64.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488958/; classtype:trojan-activity;sid:84352058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488959)"; flow:established,from_client; content:"GET"; http_method; content:"/megapuppiedoctor/evo/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488959/; classtype:trojan-activity;sid:84352059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488949)"; flow:established,from_client; content:"GET"; http_method; content:"/externator/drizzle-next-tauri/releases/download/v1.0/release_x64.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488949/; classtype:trojan-activity;sid:84352049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488950)"; flow:established,from_client; content:"GET"; http_method; content:"/konnuyu/0xbuilder/releases/download/v1.0/release_x64.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488950/; classtype:trojan-activity;sid:84352050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488940)"; flow:established,from_client; content:"GET"; http_method; content:"/finn9633/batchgenie/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488940/; classtype:trojan-activity;sid:84352040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488941)"; flow:established,from_client; content:"GET"; http_method; content:"/konnuyu/0xbuilder/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488941/; classtype:trojan-activity;sid:84352041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488942)"; flow:established,from_client; content:"GET"; http_method; content:"/big0loser/nodepay-bot/releases/download/v1.0/release_x64.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488942/; classtype:trojan-activity;sid:84352042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488943)"; flow:established,from_client; content:"GET"; http_method; content:"/rakkunsatura/p.e.n.i.s./releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488943/; classtype:trojan-activity;sid:84352043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488944)"; flow:established,from_client; content:"GET"; http_method; content:"/big0loser/nodepay-bot/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488944/; classtype:trojan-activity;sid:84352044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488945)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v1.0/release_x64.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488945/; classtype:trojan-activity;sid:84352045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488946)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v2.0/software.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488946/; classtype:trojan-activity;sid:84352046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488939)"; flow:established,from_client; content:"GET"; http_method; content:"/externator/drizzle-next-tauri/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488939/; classtype:trojan-activity;sid:84352039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488926)"; flow:established,from_client; content:"GET"; http_method; content:"/t7dela/shadowtool/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488926/; classtype:trojan-activity;sid:84352026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488927)"; flow:established,from_client; content:"GET"; http_method; content:"/danblox669/fixing-error-0xc000007b/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488927/; classtype:trojan-activity;sid:84352027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488904)"; flow:established,from_client; content:"GET"; http_method; content:"/ahvaitomanocuvai/shadcn-tour/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488904/; classtype:trojan-activity;sid:84352004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488905)"; flow:established,from_client; content:"GET"; http_method; content:"/tsmdavidyt10kpro/myquest/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488905/; classtype:trojan-activity;sid:84352005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488908)"; flow:established,from_client; content:"GET"; http_method; content:"/malo360/tapsi/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488908/; classtype:trojan-activity;sid:84352008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488909)"; flow:established,from_client; content:"GET"; http_method; content:"/malo360/tapsi/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488909/; classtype:trojan-activity;sid:84352009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488910)"; flow:established,from_client; content:"GET"; http_method; content:"/jayvzz121706/basic-geometry-engine/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488910/; classtype:trojan-activity;sid:84352010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488912)"; flow:established,from_client; content:"GET"; http_method; content:"/phillipp09/countriesfacts-quiz/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488912/; classtype:trojan-activity;sid:84352012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488914)"; flow:established,from_client; content:"GET"; http_method; content:"/tsmdavidyt10kpro/myquest/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488914/; classtype:trojan-activity;sid:84352014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488915)"; flow:established,from_client; content:"GET"; http_method; content:"/phillipp09/countriesfacts-quiz/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488915/; classtype:trojan-activity;sid:84352015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488916)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v1.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488916/; classtype:trojan-activity;sid:84352016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488918)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488918/; classtype:trojan-activity;sid:84352018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488919)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/oade_openvoices/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488919/; classtype:trojan-activity;sid:84352019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488920)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/oade_openvoices/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488920/; classtype:trojan-activity;sid:84352020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488921)"; flow:established,from_client; content:"GET"; http_method; content:"/jayvzz121706/basic-geometry-engine/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488921/; classtype:trojan-activity;sid:84352021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488903)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488903/; classtype:trojan-activity;sid:84352003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488892)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukoontop/orbia/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488892/; classtype:trojan-activity;sid:84351992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488893)"; flow:established,from_client; content:"GET"; http_method; content:"/clearlyaxgen/to-do-task-app-with-oracle-apex/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488893/; classtype:trojan-activity;sid:84351993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488894)"; flow:established,from_client; content:"GET"; http_method; content:"/ilayking/exam-surveillance-platform/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488894/; classtype:trojan-activity;sid:84351994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488895)"; flow:established,from_client; content:"GET"; http_method; content:"/clearlyaxgen/to-do-task-app-with-oracle-apex/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488895/; classtype:trojan-activity;sid:84351995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488896)"; flow:established,from_client; content:"GET"; http_method; content:"/fallidox/varzesh3/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488896/; classtype:trojan-activity;sid:84351996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488897)"; flow:established,from_client; content:"GET"; http_method; content:"/itallo1122/csharp-devcontainer-template/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488897/; classtype:trojan-activity;sid:84351997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488898)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukoontop/orbia/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488898/; classtype:trojan-activity;sid:84351998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488891)"; flow:established,from_client; content:"GET"; http_method; content:"/ilayking/exam-surveillance-platform/releases/download/v2.0/release_x64.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488891/; classtype:trojan-activity;sid:84351991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488890)"; flow:established,from_client; content:"GET"; http_method; content:"/samix151210/ndarray-base-normalize-indices/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488890/; classtype:trojan-activity;sid:84351990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488883)"; flow:established,from_client; content:"GET"; http_method; content:"/kirukazuma/react-ulbitv/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488883/; classtype:trojan-activity;sid:84351983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488884)"; flow:established,from_client; content:"GET"; http_method; content:"/simoqanboui/dawn-validator-bot-js/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488884/; classtype:trojan-activity;sid:84351984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488881)"; flow:established,from_client; content:"GET"; http_method; content:"/simoqanboui/dawn-validator-bot-js/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488881/; classtype:trojan-activity;sid:84351981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488880)"; flow:established,from_client; content:"GET"; http_method; content:"/asdadadsaasdsadas991/database-project/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488880/; classtype:trojan-activity;sid:84351980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488872)"; flow:established,from_client; content:"GET"; http_method; content:"/jonatanelmaspro2023/ailert-nextjs/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488872/; classtype:trojan-activity;sid:84351972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488873)"; flow:established,from_client; content:"GET"; http_method; content:"/hyuki875/transformers/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488873/; classtype:trojan-activity;sid:84351973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488874)"; flow:established,from_client; content:"GET"; http_method; content:"/merosegamerx/pizza_webapp/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488874/; classtype:trojan-activity;sid:84351974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488875)"; flow:established,from_client; content:"GET"; http_method; content:"/tinhuynh123/secluded/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488875/; classtype:trojan-activity;sid:84351975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488877)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenquy19/fit-track-goals-app/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488877/; classtype:trojan-activity;sid:84351977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488879)"; flow:established,from_client; content:"GET"; http_method; content:"/merosegamerx/pizza_webapp/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488879/; classtype:trojan-activity;sid:84351979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488867)"; flow:established,from_client; content:"GET"; http_method; content:"/marionerjattv/lapack-base-zlacpy/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488867/; classtype:trojan-activity;sid:84351967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488868)"; flow:established,from_client; content:"GET"; http_method; content:"/marionerjattv/lapack-base-zlacpy/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488868/; classtype:trojan-activity;sid:84351968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488869)"; flow:established,from_client; content:"GET"; http_method; content:"/hkabj/codefetch/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488869/; classtype:trojan-activity;sid:84351969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488870)"; flow:established,from_client; content:"GET"; http_method; content:"/dandygamer198981/bliss_browser_mint/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488870/; classtype:trojan-activity;sid:84351970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488865)"; flow:established,from_client; content:"GET"; http_method; content:"/hkabj/codefetch/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488865/; classtype:trojan-activity;sid:84351965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488866)"; flow:established,from_client; content:"GET"; http_method; content:"/charles100000/twitch-clone/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488866/; classtype:trojan-activity;sid:84351966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488863)"; flow:established,from_client; content:"GET"; http_method; content:"/ligdeezznuts/bliss_browser_jcl/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488863/; classtype:trojan-activity;sid:84351963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488857)"; flow:established,from_client; content:"GET"; http_method; content:"/enessah00/adaptive-classifier/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488857/; classtype:trojan-activity;sid:84351957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488845)"; flow:established,from_client; content:"GET"; http_method; content:"/benbonbun/carvisionai/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488845/; classtype:trojan-activity;sid:84351945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488848)"; flow:established,from_client; content:"GET"; http_method; content:"/benbonbun/carvisionai/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488848/; classtype:trojan-activity;sid:84351948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488849)"; flow:established,from_client; content:"GET"; http_method; content:"/astral-ash/deployeride-erc20-toolkit/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488849/; classtype:trojan-activity;sid:84351949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488850)"; flow:established,from_client; content:"GET"; http_method; content:"/kleteee/injectra/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488850/; classtype:trojan-activity;sid:84351950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488851)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed2006-cmd/carrepairreservationsystem-loginpage/releases/download/v1.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488851/; classtype:trojan-activity;sid:84351951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488852)"; flow:established,from_client; content:"GET"; http_method; content:"/thalik330/bliss_browser_jison-lex/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488852/; classtype:trojan-activity;sid:84351952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488854)"; flow:established,from_client; content:"GET"; http_method; content:"/astral-ash/deployeride-erc20-toolkit/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488854/; classtype:trojan-activity;sid:84351954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488855)"; flow:established,from_client; content:"GET"; http_method; content:"/enessah00/adaptive-classifier/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488855/; classtype:trojan-activity;sid:84351955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488841)"; flow:established,from_client; content:"GET"; http_method; content:"/edgaras980/audiocrypt/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488841/; classtype:trojan-activity;sid:84351941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488842)"; flow:established,from_client; content:"GET"; http_method; content:"/imenapr/crime-news-ai-nlp-machine-learning/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488842/; classtype:trojan-activity;sid:84351942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488843)"; flow:established,from_client; content:"GET"; http_method; content:"/softnightmare/fit-goals/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488843/; classtype:trojan-activity;sid:84351943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488840)"; flow:established,from_client; content:"GET"; http_method; content:"/yuxiangwuzhang/prodigy_wd_02/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488840/; classtype:trojan-activity;sid:84351940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488839)"; flow:established,from_client; content:"GET"; http_method; content:"/imenapr/crime-news-ai-nlp-machine-learning/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488839/; classtype:trojan-activity;sid:84351939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488835)"; flow:established,from_client; content:"GET"; http_method; content:"/brehdonacounter/contact-form1-main/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488835/; classtype:trojan-activity;sid:84351935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488837)"; flow:established,from_client; content:"GET"; http_method; content:"/yuxiangwuzhang/prodigy_wd_02/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488837/; classtype:trojan-activity;sid:84351937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488831)"; flow:established,from_client; content:"GET"; http_method; content:"/frebirus/poll-maker/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488831/; classtype:trojan-activity;sid:84351931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488832)"; flow:established,from_client; content:"GET"; http_method; content:"/edgaras980/audiocrypt/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488832/; classtype:trojan-activity;sid:84351932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488833)"; flow:established,from_client; content:"GET"; http_method; content:"/vzcar/bliss_browser_turtle/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488833/; classtype:trojan-activity;sid:84351933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488826)"; flow:established,from_client; content:"GET"; http_method; content:"/softnightmare/fit-goals/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488826/; classtype:trojan-activity;sid:84351926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488827)"; flow:established,from_client; content:"GET"; http_method; content:"/frebirus/poll-maker/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488827/; classtype:trojan-activity;sid:84351927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488828)"; flow:established,from_client; content:"GET"; http_method; content:"/vzcar/bliss_browser_turtle/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488828/; classtype:trojan-activity;sid:84351928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488829)"; flow:established,from_client; content:"GET"; http_method; content:"/brehdonacounter/contact-form1-main/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488829/; classtype:trojan-activity;sid:84351929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488819)"; flow:established,from_client; content:"GET"; http_method; content:"/ozziesforest/translatesheet-examples/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488819/; classtype:trojan-activity;sid:84351919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488821)"; flow:established,from_client; content:"GET"; http_method; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488821/; classtype:trojan-activity;sid:84351921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488822)"; flow:established,from_client; content:"GET"; http_method; content:"/nsgaming999/lottery/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488822/; classtype:trojan-activity;sid:84351922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488797)"; flow:established,from_client; content:"GET"; http_method; content:"/ozziesforest/translatesheet-examples/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488797/; classtype:trojan-activity;sid:84351897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488798)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/springboot-api-rest/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488798/; classtype:trojan-activity;sid:84351898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488799)"; flow:established,from_client; content:"GET"; http_method; content:"/ruka232323/network-traffic-visualizer/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488799/; classtype:trojan-activity;sid:84351899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488800)"; flow:established,from_client; content:"GET"; http_method; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v1.0/application.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488800/; classtype:trojan-activity;sid:84351900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488802)"; flow:established,from_client; content:"GET"; http_method; content:"/ruka232323/network-traffic-visualizer/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488802/; classtype:trojan-activity;sid:84351902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488804)"; flow:established,from_client; content:"GET"; http_method; content:"/shiffy22/awesome-portfolio/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488804/; classtype:trojan-activity;sid:84351904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488806)"; flow:established,from_client; content:"GET"; http_method; content:"/pietro152/tgbot-for-orders/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488806/; classtype:trojan-activity;sid:84351906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488787)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/springboot-api-rest/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488787/; classtype:trojan-activity;sid:84351887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488793)"; flow:established,from_client; content:"GET"; http_method; content:"/nsgaming999/lottery/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488793/; classtype:trojan-activity;sid:84351893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488794)"; flow:established,from_client; content:"GET"; http_method; content:"/shiffy22/awesome-portfolio/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488794/; classtype:trojan-activity;sid:84351894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488795)"; flow:established,from_client; content:"GET"; http_method; content:"/pietro152/tgbot-for-orders/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488795/; classtype:trojan-activity;sid:84351895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488781)"; flow:established,from_client; content:"GET"; http_method; content:"/millansan12/random-mnemonic-phrase-generator/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488781/; classtype:trojan-activity;sid:84351881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488770)"; flow:established,from_client; content:"GET"; http_method; content:"/millansan12/random-mnemonic-phrase-generator/releases/download/v1.0/application.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488770/; classtype:trojan-activity;sid:84351870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488771)"; flow:established,from_client; content:"GET"; http_method; content:"/antoniomrbr/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488771/; classtype:trojan-activity;sid:84351871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488778)"; flow:established,from_client; content:"GET"; http_method; content:"/sickclaymaker/text-processing-tool/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488778/; classtype:trojan-activity;sid:84351878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488779)"; flow:established,from_client; content:"GET"; http_method; content:"/hza3o/covid-19_dashboard/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488779/; classtype:trojan-activity;sid:84351879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488780)"; flow:established,from_client; content:"GET"; http_method; content:"/hza3o/covid-19_dashboard/releases/download/v1.0.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488780/; classtype:trojan-activity;sid:84351880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488768)"; flow:established,from_client; content:"GET"; http_method; content:"/antoniomrbr/cosmicstar/releases/download/v1.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488768/; classtype:trojan-activity;sid:84351868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488769)"; flow:established,from_client; content:"GET"; http_method; content:"/relic87/blox-fruits-script-roblox/releases/download/v1.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488769/; classtype:trojan-activity;sid:84351869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488764)"; flow:established,from_client; content:"GET"; http_method; content:"/12345far/metrics-calculation-precision-recall/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488764/; classtype:trojan-activity;sid:84351864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488765)"; flow:established,from_client; content:"GET"; http_method; content:"/1set-t/ai-model/releases/download/v1.0.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488765/; classtype:trojan-activity;sid:84351865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488758)"; flow:established,from_client; content:"GET"; http_method; content:"/1set-t/ai-model/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488758/; classtype:trojan-activity;sid:84351858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488760)"; flow:established,from_client; content:"GET"; http_method; content:"/12345far/metrics-calculation-precision-recall/releases/download/v1.0/program.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488760/; classtype:trojan-activity;sid:84351860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488763)"; flow:established,from_client; content:"GET"; http_method; content:"/croissant-a/yahoo-finance/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488763/; classtype:trojan-activity;sid:84351863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488757)"; flow:established,from_client; content:"GET"; http_method; content:"/croissant-a/yahoo-finance/releases/download/v1.0.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488757/; classtype:trojan-activity;sid:84351857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488755)"; flow:established,from_client; content:"GET"; http_method; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v1.0/application.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488755/; classtype:trojan-activity;sid:84351855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488746)"; flow:established,from_client; content:"GET"; http_method; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v2.0/software.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488746/; classtype:trojan-activity;sid:84351846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488747)"; flow:established,from_client; content:"GET"; http_method; content:"/willpro34/in-surely/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488747/; classtype:trojan-activity;sid:84351847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488748)"; flow:established,from_client; content:"GET"; http_method; content:"/willpro34/in-surely/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488748/; classtype:trojan-activity;sid:84351848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488749)"; flow:established,from_client; content:"GET"; http_method; content:"/sytheflay1/oneclick-image-downloader-extension/releases/download/v1.0/application.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488749/; classtype:trojan-activity;sid:84351849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488751)"; flow:established,from_client; content:"GET"; http_method; content:"/serbianty/eureka-framework/releases/download/v1.0/soft.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488751/; classtype:trojan-activity;sid:84351851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488752)"; flow:established,from_client; content:"GET"; http_method; content:"/serbianty/eureka-framework/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488752/; classtype:trojan-activity;sid:84351852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488753)"; flow:established,from_client; content:"GET"; http_method; content:"/sytheflay1/oneclick-image-downloader-extension/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488753/; classtype:trojan-activity;sid:84351853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488754)"; flow:established,from_client; content:"GET"; http_method; content:"/dcaiimage2/utils-linux/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488754/; classtype:trojan-activity;sid:84351854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488745)"; flow:established,from_client; content:"GET"; http_method; content:"/dcaiimage2/utils-linux/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488745/; classtype:trojan-activity;sid:84351845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488729)"; flow:established,from_client; content:"GET"; http_method; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488729/; classtype:trojan-activity;sid:84351829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488730)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488730/; classtype:trojan-activity;sid:84351830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488731)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v2.0/software.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488731/; classtype:trojan-activity;sid:84351831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488732)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488732/; classtype:trojan-activity;sid:84351832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488733)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488733/; classtype:trojan-activity;sid:84351833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488734)"; flow:established,from_client; content:"GET"; http_method; content:"/gopuatop100/badan-hukum/releases/download/v1.0/release.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488734/; classtype:trojan-activity;sid:84351834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488735)"; flow:established,from_client; content:"GET"; http_method; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v1.0/program.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488735/; classtype:trojan-activity;sid:84351835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488736)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488736/; classtype:trojan-activity;sid:84351836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488737)"; flow:established,from_client; content:"GET"; http_method; content:"/kdieu1/avast-cleanup/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488737/; classtype:trojan-activity;sid:84351837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488738)"; flow:established,from_client; content:"GET"; http_method; content:"/kdieu1/avast-cleanup/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488738/; classtype:trojan-activity;sid:84351838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488739)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488739/; classtype:trojan-activity;sid:84351839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488740)"; flow:established,from_client; content:"GET"; http_method; content:"/as3dyasen/portfolio/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488740/; classtype:trojan-activity;sid:84351840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488741)"; flow:established,from_client; content:"GET"; http_method; content:"/jakester2020/designsystem/releases/download/v1.0/release.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488741/; classtype:trojan-activity;sid:84351841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488742)"; flow:established,from_client; content:"GET"; http_method; content:"/as3dyasen/portfolio/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488742/; classtype:trojan-activity;sid:84351842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488725)"; flow:established,from_client; content:"GET"; http_method; content:"/gopuatop100/badan-hukum/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488725/; classtype:trojan-activity;sid:84351825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488726)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v1.0/application.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488726/; classtype:trojan-activity;sid:84351826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488727)"; flow:established,from_client; content:"GET"; http_method; content:"/jakester2020/designsystem/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488727/; classtype:trojan-activity;sid:84351827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488728)"; flow:established,from_client; content:"GET"; http_method; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v2.0/software.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488728/; classtype:trojan-activity;sid:84351828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488722)"; flow:established,from_client; content:"GET"; http_method; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v1.0/program.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488722/; classtype:trojan-activity;sid:84351822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488723)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v1.0/program.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488723/; classtype:trojan-activity;sid:84351823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488724)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v1.0/program.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488724/; classtype:trojan-activity;sid:84351824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488721)"; flow:established,from_client; content:"GET"; http_method; content:"/byluu55/lumokit/releases/download/v1.0/program.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488721/; classtype:trojan-activity;sid:84351821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488720)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/program.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488720/; classtype:trojan-activity;sid:84351820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488711)"; flow:established,from_client; content:"GET"; http_method; content:"/zrty456/web-development-project-2/releases/download/v1.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488711/; classtype:trojan-activity;sid:84351811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488712)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v1.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488712/; classtype:trojan-activity;sid:84351812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488713)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488713/; classtype:trojan-activity;sid:84351813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488714)"; flow:established,from_client; content:"GET"; http_method; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v1.0/program.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488714/; classtype:trojan-activity;sid:84351814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488715)"; flow:established,from_client; content:"GET"; http_method; content:"/turdtalker33/fitlink-fitness-tracker/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488715/; classtype:trojan-activity;sid:84351815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488716)"; flow:established,from_client; content:"GET"; http_method; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488716/; classtype:trojan-activity;sid:84351816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488717)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488717/; classtype:trojan-activity;sid:84351817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488705)"; flow:established,from_client; content:"GET"; http_method; content:"/byluu55/lumokit/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488705/; classtype:trojan-activity;sid:84351805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488706)"; flow:established,from_client; content:"GET"; http_method; content:"/zrty456/web-development-project-2/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488706/; classtype:trojan-activity;sid:84351806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488708)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/application.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488708/; classtype:trojan-activity;sid:84351808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488709)"; flow:established,from_client; content:"GET"; http_method; content:"/b143659/mern-book-search-engine/releases/download/v1.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488709/; classtype:trojan-activity;sid:84351809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488710)"; flow:established,from_client; content:"GET"; http_method; content:"/turdtalker33/fitlink-fitness-tracker/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488710/; classtype:trojan-activity;sid:84351810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488702)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488702/; classtype:trojan-activity;sid:84351802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488703)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v2.0/software.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488703/; classtype:trojan-activity;sid:84351803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488704)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488704/; classtype:trojan-activity;sid:84351804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488700)"; flow:established,from_client; content:"GET"; http_method; content:"/b143659/mern-book-search-engine/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488700/; classtype:trojan-activity;sid:84351800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488699)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/program.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488699/; classtype:trojan-activity;sid:84351799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488697)"; flow:established,from_client; content:"GET"; http_method; content:"/hirosugoi/pi_full_monitor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488697/; classtype:trojan-activity;sid:84351797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488684)"; flow:established,from_client; content:"GET"; http_method; content:"/antonio12gkn71/underlayer/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488684/; classtype:trojan-activity;sid:84351784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488685)"; flow:established,from_client; content:"GET"; http_method; content:"/yamenstarxtheking/sumitrmalik.io/releases/download/v1.0/soft.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488685/; classtype:trojan-activity;sid:84351785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488686)"; flow:established,from_client; content:"GET"; http_method; content:"/sundarlalji/autoimport/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488686/; classtype:trojan-activity;sid:84351786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488687)"; flow:established,from_client; content:"GET"; http_method; content:"/peashooter0001/ublue-os-cosmic/releases/download/v1.0/soft.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488687/; classtype:trojan-activity;sid:84351787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488688)"; flow:established,from_client; content:"GET"; http_method; content:"/hirosugoi/pi_full_monitor/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488688/; classtype:trojan-activity;sid:84351788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488689)"; flow:established,from_client; content:"GET"; http_method; content:"/lxlstepsup/event-management/releases/download/v1.0.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488689/; classtype:trojan-activity;sid:84351789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488690)"; flow:established,from_client; content:"GET"; http_method; content:"/lxlstepsup/event-management/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488690/; classtype:trojan-activity;sid:84351790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488691)"; flow:established,from_client; content:"GET"; http_method; content:"/ajain1414/web-analyzer-frontend/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488691/; classtype:trojan-activity;sid:84351791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488692)"; flow:established,from_client; content:"GET"; http_method; content:"/rafinha0rafinha/web-analyzer-backend/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488692/; classtype:trojan-activity;sid:84351792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488693)"; flow:established,from_client; content:"GET"; http_method; content:"/yamenstarxtheking/sumitrmalik.io/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488693/; classtype:trojan-activity;sid:84351793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488694)"; flow:established,from_client; content:"GET"; http_method; content:"/ajain1414/web-analyzer-frontend/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488694/; classtype:trojan-activity;sid:84351794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488695)"; flow:established,from_client; content:"GET"; http_method; content:"/cobra90vr/php-supabase-comments/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488695/; classtype:trojan-activity;sid:84351795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488696)"; flow:established,from_client; content:"GET"; http_method; content:"/rafinha0rafinha/web-analyzer-backend/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488696/; classtype:trojan-activity;sid:84351796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488680)"; flow:established,from_client; content:"GET"; http_method; content:"/cobra90vr/php-supabase-comments/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488680/; classtype:trojan-activity;sid:84351780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488681)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaa77/pixelated/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488681/; classtype:trojan-activity;sid:84351781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488682)"; flow:established,from_client; content:"GET"; http_method; content:"/sundarlalji/autoimport/releases/download/v1.0.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488682/; classtype:trojan-activity;sid:84351782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488683)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaa77/pixelated/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488683/; classtype:trojan-activity;sid:84351783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488679)"; flow:established,from_client; content:"GET"; http_method; content:"/antonio12gkn71/underlayer/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488679/; classtype:trojan-activity;sid:84351779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488678)"; flow:established,from_client; content:"GET"; http_method; content:"/peashooter0001/ublue-os-cosmic/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488678/; classtype:trojan-activity;sid:84351778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488671)"; flow:established,from_client; content:"GET"; http_method; content:"/saniyayadav/ai-lead-generation-agent/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488671/; classtype:trojan-activity;sid:84351771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488672)"; flow:established,from_client; content:"GET"; http_method; content:"/xxmadkillerx10/data-engineering-zoomcamp/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488672/; classtype:trojan-activity;sid:84351772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488673)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/lauth/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488673/; classtype:trojan-activity;sid:84351773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488674)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488674/; classtype:trojan-activity;sid:84351774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488663)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488663/; classtype:trojan-activity;sid:84351763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488665)"; flow:established,from_client; content:"GET"; http_method; content:"/mooskifc/iobit-malware-fighter-pro-download/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488665/; classtype:trojan-activity;sid:84351765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488666)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/lauth/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488666/; classtype:trojan-activity;sid:84351766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488667)"; flow:established,from_client; content:"GET"; http_method; content:"/saniyayadav/ai-lead-generation-agent/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488667/; classtype:trojan-activity;sid:84351767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488669)"; flow:established,from_client; content:"GET"; http_method; content:"/mooskifc/iobit-malware-fighter-pro-download/releases/download/v1.0/application.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488669/; classtype:trojan-activity;sid:84351769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488659)"; flow:established,from_client; content:"GET"; http_method; content:"/rzxmha/linear_algebra/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488659/; classtype:trojan-activity;sid:84351759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488661)"; flow:established,from_client; content:"GET"; http_method; content:"/xxmadkillerx10/data-engineering-zoomcamp/releases/download/v1.0/application.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488661/; classtype:trojan-activity;sid:84351761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488658)"; flow:established,from_client; content:"GET"; http_method; content:"/rzxmha/linear_algebra/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488658/; classtype:trojan-activity;sid:84351758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488657)"; flow:established,from_client; content:"GET"; http_method; content:"/llul5ive/maliang-extensions/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488657/; classtype:trojan-activity;sid:84351757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488656)"; flow:established,from_client; content:"GET"; http_method; content:"/luhi989/triviaquest/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488656/; classtype:trojan-activity;sid:84351756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488644)"; flow:established,from_client; content:"GET"; http_method; content:"/llul5ive/maliang-extensions/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488644/; classtype:trojan-activity;sid:84351744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488647)"; flow:established,from_client; content:"GET"; http_method; content:"/muum1209/couplers/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488647/; classtype:trojan-activity;sid:84351747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488648)"; flow:established,from_client; content:"GET"; http_method; content:"/luhi989/triviaquest/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488648/; classtype:trojan-activity;sid:84351748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488649)"; flow:established,from_client; content:"GET"; http_method; content:"/muum1209/couplers/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488649/; classtype:trojan-activity;sid:84351749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488651)"; flow:established,from_client; content:"GET"; http_method; content:"/ne-ted/free_us_investment_agent_system/releases/download/v1.0/application.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488651/; classtype:trojan-activity;sid:84351751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488652)"; flow:established,from_client; content:"GET"; http_method; content:"/otaviomsj/hdo-box-app/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488652/; classtype:trojan-activity;sid:84351752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488654)"; flow:established,from_client; content:"GET"; http_method; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488654/; classtype:trojan-activity;sid:84351754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488642)"; flow:established,from_client; content:"GET"; http_method; content:"/otaviomsj/hdo-box-app/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488642/; classtype:trojan-activity;sid:84351742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488643)"; flow:established,from_client; content:"GET"; http_method; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488643/; classtype:trojan-activity;sid:84351743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488636)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18630095/software.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488636/; classtype:trojan-activity;sid:84351736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488637)"; flow:established,from_client; content:"GET"; http_method; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488637/; classtype:trojan-activity;sid:84351737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488638)"; flow:established,from_client; content:"GET"; http_method; content:"/maxt5n/deepseek-model-finetune-inference-platform/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488638/; classtype:trojan-activity;sid:84351738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488630)"; flow:established,from_client; content:"GET"; http_method; content:"/dasara21/hypermatch/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488630/; classtype:trojan-activity;sid:84351730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488631)"; flow:established,from_client; content:"GET"; http_method; content:"/sudi008/mocha-job-portal-frontend/releases/download/v1.0/software.zip/"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488631/; classtype:trojan-activity;sid:84351731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488632)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18630095/software.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488632/; classtype:trojan-activity;sid:84351732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488633)"; flow:established,from_client; content:"GET"; http_method; content:"/moatazgt3/email2_classicemail_docs/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488633/; classtype:trojan-activity;sid:84351733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488634)"; flow:established,from_client; content:"GET"; http_method; content:"/brevidade/fleet-pattern/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488634/; classtype:trojan-activity;sid:84351734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488620)"; flow:established,from_client; content:"GET"; http_method; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488620/; classtype:trojan-activity;sid:84351720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488627)"; flow:established,from_client; content:"GET"; http_method; content:"/ahsankhan55/send-form-email/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488627/; classtype:trojan-activity;sid:84351727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488618)"; flow:established,from_client; content:"GET"; http_method; content:"/barza22/phpstorm-jetbrains-unlimited-ide/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488618/; classtype:trojan-activity;sid:84351718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488616)"; flow:established,from_client; content:"GET"; http_method; content:"/thilakshanthavarajah/simpletemp-demo/releases/download/v2.0/software.zip/"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488616/; classtype:trojan-activity;sid:84351716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488597)"; flow:established,from_client; content:"GET"; http_method; content:"/aashishpatil2001/coffee_causality/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488597/; classtype:trojan-activity;sid:84351697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488599)"; flow:established,from_client; content:"GET"; http_method; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488599/; classtype:trojan-activity;sid:84351699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488601)"; flow:established,from_client; content:"GET"; http_method; content:"/desarrolladorsoftwarejr/office-2024/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488601/; classtype:trojan-activity;sid:84351701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488602)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488602/; classtype:trojan-activity;sid:84351702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488605)"; flow:established,from_client; content:"GET"; http_method; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488605/; classtype:trojan-activity;sid:84351705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488606)"; flow:established,from_client; content:"GET"; http_method; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488606/; classtype:trojan-activity;sid:84351706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488608)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488608/; classtype:trojan-activity;sid:84351708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488609)"; flow:established,from_client; content:"GET"; http_method; content:"/roblox12400z/dx9ware-roblox/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488609/; classtype:trojan-activity;sid:84351709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488610)"; flow:established,from_client; content:"GET"; http_method; content:"/awisyhaziq/g4/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488610/; classtype:trojan-activity;sid:84351710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488614)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488614/; classtype:trojan-activity;sid:84351714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488615)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18722098/application.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488615/; classtype:trojan-activity;sid:84351715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488595)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18722098/application.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488595/; classtype:trojan-activity;sid:84351695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488590)"; flow:established,from_client; content:"GET"; http_method; content:"/thilakshanthavarajah/simpletemp-demo/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488590/; classtype:trojan-activity;sid:84351690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488582)"; flow:established,from_client; content:"GET"; http_method; content:"/razzisproatgaming/hacathon-backend-smit/releases/download/v1.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488582/; classtype:trojan-activity;sid:84351682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488585)"; flow:established,from_client; content:"GET"; http_method; content:"/obaniissnek/earlycascade/releases/download/v2.0/release_x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488585/; classtype:trojan-activity;sid:84351685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488587)"; flow:established,from_client; content:"GET"; http_method; content:"/fufulooky/life.html/releases/download/v2.0/release_x64.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488587/; classtype:trojan-activity;sid:84351687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488566)"; flow:established,from_client; content:"GET"; http_method; content:"/hahaha911/detoxify/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488566/; classtype:trojan-activity;sid:84351666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488567)"; flow:established,from_client; content:"GET"; http_method; content:"/farizalsalman21/keon/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488567/; classtype:trojan-activity;sid:84351667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488573)"; flow:established,from_client; content:"GET"; http_method; content:"/discord-link-redirect/hr-analytics-optimizer/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488573/; classtype:trojan-activity;sid:84351673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488574)"; flow:established,from_client; content:"GET"; http_method; content:"/discord-link-redirect/hr-analytics-optimizer/releases/download/v1.0/application.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488574/; classtype:trojan-activity;sid:84351674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488575)"; flow:established,from_client; content:"GET"; http_method; content:"/hahaha911/detoxify/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488575/; classtype:trojan-activity;sid:84351675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488580)"; flow:established,from_client; content:"GET"; http_method; content:"/razzisproatgaming/hacathon-backend-smit/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488580/; classtype:trojan-activity;sid:84351680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488581)"; flow:established,from_client; content:"GET"; http_method; content:"/iqquxd/futzin-online/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488581/; classtype:trojan-activity;sid:84351681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488547)"; flow:established,from_client; content:"GET"; http_method; content:"/trey89878668/dagger/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488547/; classtype:trojan-activity;sid:84351647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488548)"; flow:established,from_client; content:"GET"; http_method; content:"/nass3344/trello-like-api/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488548/; classtype:trojan-activity;sid:84351648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488549)"; flow:established,from_client; content:"GET"; http_method; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488549/; classtype:trojan-activity;sid:84351649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488550)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488550/; classtype:trojan-activity;sid:84351650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488552)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488552/; classtype:trojan-activity;sid:84351652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488554)"; flow:established,from_client; content:"GET"; http_method; content:"/itzidkmoment/flutter_flower_clone_app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488554/; classtype:trojan-activity;sid:84351654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488555)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488555/; classtype:trojan-activity;sid:84351655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488557)"; flow:established,from_client; content:"GET"; http_method; content:"/afonsosousait/freeroam/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488557/; classtype:trojan-activity;sid:84351657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488533)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488533/; classtype:trojan-activity;sid:84351633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488537)"; flow:established,from_client; content:"GET"; http_method; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488537/; classtype:trojan-activity;sid:84351637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488541)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/smart-web-scraper-2.0-using-gen-ai/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488541/; classtype:trojan-activity;sid:84351641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488543)"; flow:established,from_client; content:"GET"; http_method; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488543/; classtype:trojan-activity;sid:84351643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488545)"; flow:established,from_client; content:"GET"; http_method; content:"/narfor502/cucumberbddframework/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488545/; classtype:trojan-activity;sid:84351645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488511)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488511/; classtype:trojan-activity;sid:84351611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488514)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemdaher772/weather-app/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488514/; classtype:trojan-activity;sid:84351614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488505)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488505/; classtype:trojan-activity;sid:84351605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488476)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488476/; classtype:trojan-activity;sid:84351576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488477)"; flow:established,from_client; content:"GET"; http_method; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488477/; classtype:trojan-activity;sid:84351577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488478)"; flow:established,from_client; content:"GET"; http_method; content:"/rahulpa045/cphishtermux/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488478/; classtype:trojan-activity;sid:84351578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488480)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488480/; classtype:trojan-activity;sid:84351580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488483)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip/"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488483/; classtype:trojan-activity;sid:84351583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488485)"; flow:established,from_client; content:"GET"; http_method; content:"/ne-ted/free_us_investment_agent_system/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488485/; classtype:trojan-activity;sid:84351585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488487)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488487/; classtype:trojan-activity;sid:84351587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488488)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488488/; classtype:trojan-activity;sid:84351588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488490)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488490/; classtype:trojan-activity;sid:84351590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488492)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488492/; classtype:trojan-activity;sid:84351592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488494)"; flow:established,from_client; content:"GET"; http_method; content:"/akusayudodograu/agentic-rag-story-generation-with-multimodal-genai/releases/download/v2.0/software.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488494/; classtype:trojan-activity;sid:84351594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488496)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488496/; classtype:trojan-activity;sid:84351596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488497)"; flow:established,from_client; content:"GET"; http_method; content:"/globalnewsory/layeredge-auto-bot/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488497/; classtype:trojan-activity;sid:84351597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488499)"; flow:established,from_client; content:"GET"; http_method; content:"/double-back/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488499/; classtype:trojan-activity;sid:84351599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488500)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488500/; classtype:trojan-activity;sid:84351600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488501)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488501/; classtype:trojan-activity;sid:84351601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488502)"; flow:established,from_client; content:"GET"; http_method; content:"/devofss/leadfinder-agent/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488502/; classtype:trojan-activity;sid:84351602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488470)"; flow:established,from_client; content:"GET"; http_method; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488470/; classtype:trojan-activity;sid:84351570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488471)"; flow:established,from_client; content:"GET"; http_method; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488471/; classtype:trojan-activity;sid:84351571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488472)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488472/; classtype:trojan-activity;sid:84351572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488473)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip/"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488473/; classtype:trojan-activity;sid:84351573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488460)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v2.0/software.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488460/; classtype:trojan-activity;sid:84351560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488439)"; flow:established,from_client; content:"GET"; http_method; content:"/iampoo31331/hydrogen-executor/releases/download/v2.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488439/; classtype:trojan-activity;sid:84351539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488440)"; flow:established,from_client; content:"GET"; http_method; content:"/lordsatanthenuker/discorduniverse/releases/download/v2.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488440/; classtype:trojan-activity;sid:84351540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488441)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488441/; classtype:trojan-activity;sid:84351541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488442)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488442/; classtype:trojan-activity;sid:84351542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488443)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488443/; classtype:trojan-activity;sid:84351543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488436)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488436/; classtype:trojan-activity;sid:84351536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488433)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488433/; classtype:trojan-activity;sid:84351533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488434)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488434/; classtype:trojan-activity;sid:84351534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488426)"; flow:established,from_client; content:"GET"; http_method; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488426/; classtype:trojan-activity;sid:84351526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488427)"; flow:established,from_client; content:"GET"; http_method; content:"/calebtheman116/hotel_customers_sentiments/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488427/; classtype:trojan-activity;sid:84351527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488428)"; flow:established,from_client; content:"GET"; http_method; content:"/theoiscoollol/estatease.co/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488428/; classtype:trojan-activity;sid:84351528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488429)"; flow:established,from_client; content:"GET"; http_method; content:"/bnytgamer/wondershare-drfone-download/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488429/; classtype:trojan-activity;sid:84351529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488430)"; flow:established,from_client; content:"GET"; http_method; content:"/bnytgamer/wondershare-drfone-download/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488430/; classtype:trojan-activity;sid:84351530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488431)"; flow:established,from_client; content:"GET"; http_method; content:"/calebtheman116/hotel_customers_sentiments/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488431/; classtype:trojan-activity;sid:84351531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488425)"; flow:established,from_client; content:"GET"; http_method; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488425/; classtype:trojan-activity;sid:84351525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488424)"; flow:established,from_client; content:"GET"; http_method; content:"/theoiscoollol/estatease.co/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488424/; classtype:trojan-activity;sid:84351524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488413)"; flow:established,from_client; content:"GET"; http_method; content:"/oscar09284/nuxt-swal/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488413/; classtype:trojan-activity;sid:84351513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488412)"; flow:established,from_client; content:"GET"; http_method; content:"/lolvr69/llms-from-scratch/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488412/; classtype:trojan-activity;sid:84351512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488397)"; flow:established,from_client; content:"GET"; http_method; content:"/whitreyce3/paytasker-client/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488397/; classtype:trojan-activity;sid:84351497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488400)"; flow:established,from_client; content:"GET"; http_method; content:"/hannesfht/hotel-reservation-analysis-dashboard/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488400/; classtype:trojan-activity;sid:84351500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488401)"; flow:established,from_client; content:"GET"; http_method; content:"/oscar09284/nuxt-swal/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488401/; classtype:trojan-activity;sid:84351501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488402)"; flow:established,from_client; content:"GET"; http_method; content:"/cursrrx/zero-overhead-promise-lock/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488402/; classtype:trojan-activity;sid:84351502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488403)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488403/; classtype:trojan-activity;sid:84351503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488406)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488406/; classtype:trojan-activity;sid:84351506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488408)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwin-wright/image-url-converter/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488408/; classtype:trojan-activity;sid:84351508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488409)"; flow:established,from_client; content:"GET"; http_method; content:"/dongskie43/nlp-engineering-hub/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488409/; classtype:trojan-activity;sid:84351509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488410)"; flow:established,from_client; content:"GET"; http_method; content:"/cursrrx/zero-overhead-promise-lock/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488410/; classtype:trojan-activity;sid:84351510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488411)"; flow:established,from_client; content:"GET"; http_method; content:"/hannesfht/hotel-reservation-analysis-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488411/; classtype:trojan-activity;sid:84351511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488387)"; flow:established,from_client; content:"GET"; http_method; content:"/elfranp4/safespace/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488387/; classtype:trojan-activity;sid:84351487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488392)"; flow:established,from_client; content:"GET"; http_method; content:"/elfranp4/safespace/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488392/; classtype:trojan-activity;sid:84351492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488393)"; flow:established,from_client; content:"GET"; http_method; content:"/sudjgfajshdgajsdh/mojo-ui/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488393/; classtype:trojan-activity;sid:84351493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488394)"; flow:established,from_client; content:"GET"; http_method; content:"/whitreyce3/paytasker-client/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488394/; classtype:trojan-activity;sid:84351494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488396)"; flow:established,from_client; content:"GET"; http_method; content:"/dongskie43/nlp-engineering-hub/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488396/; classtype:trojan-activity;sid:84351496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488385)"; flow:established,from_client; content:"GET"; http_method; content:"/edhmatinlassi/slf4j-examples/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488385/; classtype:trojan-activity;sid:84351485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488386)"; flow:established,from_client; content:"GET"; http_method; content:"/sudjgfajshdgajsdh/mojo-ui/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488386/; classtype:trojan-activity;sid:84351486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488381)"; flow:established,from_client; content:"GET"; http_method; content:"/vascoverde/rainfall-monitoring-system-iot/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488381/; classtype:trojan-activity;sid:84351481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488383)"; flow:established,from_client; content:"GET"; http_method; content:"/edhmatinlassi/slf4j-examples/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488383/; classtype:trojan-activity;sid:84351483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488379)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwin-wright/image-url-converter/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488379/; classtype:trojan-activity;sid:84351479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488380)"; flow:established,from_client; content:"GET"; http_method; content:"/vascoverde/rainfall-monitoring-system-iot/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488380/; classtype:trojan-activity;sid:84351480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488374)"; flow:established,from_client; content:"GET"; http_method; content:"/lolvr69/llms-from-scratch/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488374/; classtype:trojan-activity;sid:84351474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488368)"; flow:established,from_client; content:"GET"; http_method; content:"/notready155/whatsapp-chat-analysis/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488368/; classtype:trojan-activity;sid:84351468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488367)"; flow:established,from_client; content:"GET"; http_method; content:"/francisco5577/ffmp/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488367/; classtype:trojan-activity;sid:84351467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488350)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovedoo/ted-lasso-gpt/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488350/; classtype:trojan-activity;sid:84351450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488351)"; flow:established,from_client; content:"GET"; http_method; content:"/fnfurrcann/any-listen/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488351/; classtype:trojan-activity;sid:84351451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488352)"; flow:established,from_client; content:"GET"; http_method; content:"/helic2355/clatsworth/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488352/; classtype:trojan-activity;sid:84351452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488353)"; flow:established,from_client; content:"GET"; http_method; content:"/fnfurrcann/any-listen/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488353/; classtype:trojan-activity;sid:84351453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488354)"; flow:established,from_client; content:"GET"; http_method; content:"/axodoof/numeronym-generator/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488354/; classtype:trojan-activity;sid:84351454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488355)"; flow:established,from_client; content:"GET"; http_method; content:"/zerovr988/apaphx_ads1015/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488355/; classtype:trojan-activity;sid:84351455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488356)"; flow:established,from_client; content:"GET"; http_method; content:"/helic2355/clatsworth/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488356/; classtype:trojan-activity;sid:84351456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488357)"; flow:established,from_client; content:"GET"; http_method; content:"/joshue2006/llm-reasoner/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488357/; classtype:trojan-activity;sid:84351457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488358)"; flow:established,from_client; content:"GET"; http_method; content:"/francisco5577/ffmp/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488358/; classtype:trojan-activity;sid:84351458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488359)"; flow:established,from_client; content:"GET"; http_method; content:"/notready155/whatsapp-chat-analysis/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488359/; classtype:trojan-activity;sid:84351459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488360)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovedoo/ted-lasso-gpt/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488360/; classtype:trojan-activity;sid:84351460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488361)"; flow:established,from_client; content:"GET"; http_method; content:"/joshue2006/llm-reasoner/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488361/; classtype:trojan-activity;sid:84351461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488362)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/player-engagement-system/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488362/; classtype:trojan-activity;sid:84351462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488363)"; flow:established,from_client; content:"GET"; http_method; content:"/zerovr988/apaphx_ads1015/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488363/; classtype:trojan-activity;sid:84351463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488364)"; flow:established,from_client; content:"GET"; http_method; content:"/axodoof/numeronym-generator/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488364/; classtype:trojan-activity;sid:84351464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488365)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/player-engagement-system/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488365/; classtype:trojan-activity;sid:84351465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488366)"; flow:established,from_client; content:"GET"; http_method; content:"/dannythescripter/rails-modern-stack-template/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488366/; classtype:trojan-activity;sid:84351466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488349)"; flow:established,from_client; content:"GET"; http_method; content:"/quocbaovioedu/squibview/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488349/; classtype:trojan-activity;sid:84351449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488348)"; flow:established,from_client; content:"GET"; http_method; content:"/darkskin508/thor/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488348/; classtype:trojan-activity;sid:84351448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488344)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedthegoat10/inklink/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488344/; classtype:trojan-activity;sid:84351444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488346)"; flow:established,from_client; content:"GET"; http_method; content:"/bigdaveyy/react-form-validator-pro/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488346/; classtype:trojan-activity;sid:84351446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488347)"; flow:established,from_client; content:"GET"; http_method; content:"/leaf342/liveexec32/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488347/; classtype:trojan-activity;sid:84351447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488329)"; flow:established,from_client; content:"GET"; http_method; content:"/nigsgehe/leakygpt/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488329/; classtype:trojan-activity;sid:84351429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488330)"; flow:established,from_client; content:"GET"; http_method; content:"/ego-creator/hepmassclassification/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488330/; classtype:trojan-activity;sid:84351430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488331)"; flow:established,from_client; content:"GET"; http_method; content:"/ego-creator/hepmassclassification/releases/download/v1.0/installer.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488331/; classtype:trojan-activity;sid:84351431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488333)"; flow:established,from_client; content:"GET"; http_method; content:"/elfrijoles/navengine/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488333/; classtype:trojan-activity;sid:84351433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin49/gym-management-system-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488334/; classtype:trojan-activity;sid:84351434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488335)"; flow:established,from_client; content:"GET"; http_method; content:"/juanpepep213/hummingbird-wallet/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488335/; classtype:trojan-activity;sid:84351435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin49/gym-management-system-/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488336/; classtype:trojan-activity;sid:84351436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488337)"; flow:established,from_client; content:"GET"; http_method; content:"/quocbaovioedu/squibview/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488337/; classtype:trojan-activity;sid:84351437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488339)"; flow:established,from_client; content:"GET"; http_method; content:"/bigdaveyy/react-form-validator-pro/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488339/; classtype:trojan-activity;sid:84351439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488341)"; flow:established,from_client; content:"GET"; http_method; content:"/dy1365/smiles2dta-demo/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488341/; classtype:trojan-activity;sid:84351441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488343)"; flow:established,from_client; content:"GET"; http_method; content:"/leaf342/liveexec32/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488343/; classtype:trojan-activity;sid:84351443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488325)"; flow:established,from_client; content:"GET"; http_method; content:"/yunichi/livekit-voice-ai-agent-setup/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488325/; classtype:trojan-activity;sid:84351425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488327)"; flow:established,from_client; content:"GET"; http_method; content:"/dy1365/smiles2dta-demo/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488327/; classtype:trojan-activity;sid:84351427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488323)"; flow:established,from_client; content:"GET"; http_method; content:"/darkskin508/thor/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488323/; classtype:trojan-activity;sid:84351423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488324)"; flow:established,from_client; content:"GET"; http_method; content:"/elfrijoles/navengine/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488324/; classtype:trojan-activity;sid:84351424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488320)"; flow:established,from_client; content:"GET"; http_method; content:"/nigsgehe/leakygpt/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488320/; classtype:trojan-activity;sid:84351420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488322)"; flow:established,from_client; content:"GET"; http_method; content:"/juanpepep213/hummingbird-wallet/releases/download/v1.0/installer.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488322/; classtype:trojan-activity;sid:84351422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488309)"; flow:established,from_client; content:"GET"; http_method; content:"/dianfauzi16/school-project/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488309/; classtype:trojan-activity;sid:84351409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488311)"; flow:established,from_client; content:"GET"; http_method; content:"/duyanh2017/keyauth-imgui-example-protected/releases/download/v1.0/installer.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488311/; classtype:trojan-activity;sid:84351411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488312)"; flow:established,from_client; content:"GET"; http_method; content:"/woo071002/parcel-management-system/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488312/; classtype:trojan-activity;sid:84351412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488314)"; flow:established,from_client; content:"GET"; http_method; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488314/; classtype:trojan-activity;sid:84351414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488305)"; flow:established,from_client; content:"GET"; http_method; content:"/duyanh2017/keyauth-imgui-example-protected/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488305/; classtype:trojan-activity;sid:84351405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488306)"; flow:established,from_client; content:"GET"; http_method; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v1.0/installer.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488306/; classtype:trojan-activity;sid:84351406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488307)"; flow:established,from_client; content:"GET"; http_method; content:"/thandoman/seedtool/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488307/; classtype:trojan-activity;sid:84351407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488308)"; flow:established,from_client; content:"GET"; http_method; content:"/woo071002/parcel-management-system/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488308/; classtype:trojan-activity;sid:84351408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488304)"; flow:established,from_client; content:"GET"; http_method; content:"/thandoman/seedtool/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488304/; classtype:trojan-activity;sid:84351404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488294)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488294/; classtype:trojan-activity;sid:84351394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488295)"; flow:established,from_client; content:"GET"; http_method; content:"/james14669/react-flames-calculator/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488295/; classtype:trojan-activity;sid:84351395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488297)"; flow:established,from_client; content:"GET"; http_method; content:"/agaztya/trezor-suite-official-wallet-management/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488297/; classtype:trojan-activity;sid:84351397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488285)"; flow:established,from_client; content:"GET"; http_method; content:"/idk471/dmail_classicemail_docs/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488285/; classtype:trojan-activity;sid:84351385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488288)"; flow:established,from_client; content:"GET"; http_method; content:"/akusayudodograu/agentic-rag-story-generation-with-multimodal-genai/releases/download/v1.0/release.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488288/; classtype:trojan-activity;sid:84351388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488291)"; flow:established,from_client; content:"GET"; http_method; content:"/kryptonnic/blue-warehousing-system/releases/download/v1.0/release.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488291/; classtype:trojan-activity;sid:84351391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488293)"; flow:established,from_client; content:"GET"; http_method; content:"/imthegoat123456/snu_2d_programmingtools_ide_2-dimensional-array/releases/download/v1.0/release.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488293/; classtype:trojan-activity;sid:84351393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488266)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488266/; classtype:trojan-activity;sid:84351366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488267)"; flow:established,from_client; content:"GET"; http_method; content:"/agaztya/trezor-suite-official-wallet-management/releases/download/v1.0/installer.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488267/; classtype:trojan-activity;sid:84351367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488268)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v1.0/installer.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488268/; classtype:trojan-activity;sid:84351368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488269)"; flow:established,from_client; content:"GET"; http_method; content:"/marig1204/dmail_classicemail/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488269/; classtype:trojan-activity;sid:84351369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488270)"; flow:established,from_client; content:"GET"; http_method; content:"/n0tunknown/autonics/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488270/; classtype:trojan-activity;sid:84351370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488271)"; flow:established,from_client; content:"GET"; http_method; content:"/kryptonnic/blue-warehousing-system/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488271/; classtype:trojan-activity;sid:84351371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488273)"; flow:established,from_client; content:"GET"; http_method; content:"/itztoastie/email2_classicemail/releases/download/v1.0/installer.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488273/; classtype:trojan-activity;sid:84351373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488274)"; flow:established,from_client; content:"GET"; http_method; content:"/marig1204/dmail_classicemail/releases/download/v1.0/installer.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488274/; classtype:trojan-activity;sid:84351374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488275)"; flow:established,from_client; content:"GET"; http_method; content:"/mcflury62/zipsnipp/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488275/; classtype:trojan-activity;sid:84351375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488276)"; flow:established,from_client; content:"GET"; http_method; content:"/n0tunknown/autonics/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488276/; classtype:trojan-activity;sid:84351376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488278)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488278/; classtype:trojan-activity;sid:84351378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488281)"; flow:established,from_client; content:"GET"; http_method; content:"/imthegoat123456/snu_2d_programmingtools_ide_2-dimensional-array/releases/download/v2.0/software.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488281/; classtype:trojan-activity;sid:84351381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488282)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v1.0/release.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488282/; classtype:trojan-activity;sid:84351382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488283)"; flow:established,from_client; content:"GET"; http_method; content:"/james14669/react-flames-calculator/releases/download/v1.0/release.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488283/; classtype:trojan-activity;sid:84351383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488264)"; flow:established,from_client; content:"GET"; http_method; content:"/itztoastie/email2_classicemail/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488264/; classtype:trojan-activity;sid:84351364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488261)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488261/; classtype:trojan-activity;sid:84351361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488262)"; flow:established,from_client; content:"GET"; http_method; content:"/mcflury62/zipsnipp/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488262/; classtype:trojan-activity;sid:84351362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488241)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito090/pingrabber/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488241/; classtype:trojan-activity;sid:84351341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488242)"; flow:established,from_client; content:"GET"; http_method; content:"/frosty-goat/despeedbot/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488242/; classtype:trojan-activity;sid:84351342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488243)"; flow:established,from_client; content:"GET"; http_method; content:"/pyc888/dbcachinglayer/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488243/; classtype:trojan-activity;sid:84351343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488244)"; flow:established,from_client; content:"GET"; http_method; content:"/hermogenesjr/qeats/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488244/; classtype:trojan-activity;sid:84351344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488245)"; flow:established,from_client; content:"GET"; http_method; content:"/moatazgt3/email2_classicemail_docs/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488245/; classtype:trojan-activity;sid:84351345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488233)"; flow:established,from_client; content:"GET"; http_method; content:"/bolfymcplayer/intermag/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488233/; classtype:trojan-activity;sid:84351333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488234)"; flow:established,from_client; content:"GET"; http_method; content:"/bolfymcplayer/intermag/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488234/; classtype:trojan-activity;sid:84351334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488235)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito090/pingrabber/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488235/; classtype:trojan-activity;sid:84351335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488236)"; flow:established,from_client; content:"GET"; http_method; content:"/moatazgt3/email2_classicemail_docs/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488236/; classtype:trojan-activity;sid:84351336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488238)"; flow:established,from_client; content:"GET"; http_method; content:"/champtamutami/deepseek-azure-javascript/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488238/; classtype:trojan-activity;sid:84351338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488239)"; flow:established,from_client; content:"GET"; http_method; content:"/pyc888/dbcachinglayer/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488239/; classtype:trojan-activity;sid:84351339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488229)"; flow:established,from_client; content:"GET"; http_method; content:"/rieeeerieeee/understanding-react/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488229/; classtype:trojan-activity;sid:84351329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488230)"; flow:established,from_client; content:"GET"; http_method; content:"/frosty-goat/despeedbot/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488230/; classtype:trojan-activity;sid:84351330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488214)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito1110/licenses/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488214/; classtype:trojan-activity;sid:84351314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488213)"; flow:established,from_client; content:"GET"; http_method; content:"/vsparedes/pycalc/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488213/; classtype:trojan-activity;sid:84351313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488207)"; flow:established,from_client; content:"GET"; http_method; content:"/egejuniyors/parvanota/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488207/; classtype:trojan-activity;sid:84351307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488208)"; flow:established,from_client; content:"GET"; http_method; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488208/; classtype:trojan-activity;sid:84351308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488209)"; flow:established,from_client; content:"GET"; http_method; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488209/; classtype:trojan-activity;sid:84351309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488210)"; flow:established,from_client; content:"GET"; http_method; content:"/fluidx2/roombooking_application/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488210/; classtype:trojan-activity;sid:84351310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488211)"; flow:established,from_client; content:"GET"; http_method; content:"/viper700pro/serum-vst-installer-2024-free/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488211/; classtype:trojan-activity;sid:84351311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488212)"; flow:established,from_client; content:"GET"; http_method; content:"/jentao1234/guiamestre.js/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488212/; classtype:trojan-activity;sid:84351312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488206)"; flow:established,from_client; content:"GET"; http_method; content:"/damaonly/android-worker/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488206/; classtype:trojan-activity;sid:84351306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488203)"; flow:established,from_client; content:"GET"; http_method; content:"/ella00311/erugo/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488203/; classtype:trojan-activity;sid:84351303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488204)"; flow:established,from_client; content:"GET"; http_method; content:"/jentao1234/guiamestre.js/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488204/; classtype:trojan-activity;sid:84351304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488182)"; flow:established,from_client; content:"GET"; http_method; content:"/nour10381/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488182/; classtype:trojan-activity;sid:84351282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488184)"; flow:established,from_client; content:"GET"; http_method; content:"/nour10381/cosmicstar/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488184/; classtype:trojan-activity;sid:84351284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488185)"; flow:established,from_client; content:"GET"; http_method; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488185/; classtype:trojan-activity;sid:84351285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488186)"; flow:established,from_client; content:"GET"; http_method; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488186/; classtype:trojan-activity;sid:84351286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488187)"; flow:established,from_client; content:"GET"; http_method; content:"/fatai-mateen/shadowtool/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488187/; classtype:trojan-activity;sid:84351287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488188)"; flow:established,from_client; content:"GET"; http_method; content:"/fatai-mateen/shadowtool/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488188/; classtype:trojan-activity;sid:84351288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488181)"; flow:established,from_client; content:"GET"; http_method; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488181/; classtype:trojan-activity;sid:84351281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488178)"; flow:established,from_client; content:"GET"; http_method; content:"/mantokarev/silencegen/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488178/; classtype:trojan-activity;sid:84351278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488179)"; flow:established,from_client; content:"GET"; http_method; content:"/mantokarev/silencegen/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488179/; classtype:trojan-activity;sid:84351279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488180)"; flow:established,from_client; content:"GET"; http_method; content:"/jusjus-m/map/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488180/; classtype:trojan-activity;sid:84351280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488162)"; flow:established,from_client; content:"GET"; http_method; content:"/berstarhunter/deepseek-start/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488162/; classtype:trojan-activity;sid:84351262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488160)"; flow:established,from_client; content:"GET"; http_method; content:"/waleeddevel/driver-booster-pro-installer-2025/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488160/; classtype:trojan-activity;sid:84351260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488161)"; flow:established,from_client; content:"GET"; http_method; content:"/jeremiah95676t/openmetadata-helm-argocd/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488161/; classtype:trojan-activity;sid:84351261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488157)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488157/; classtype:trojan-activity;sid:84351257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488154)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488154/; classtype:trojan-activity;sid:84351254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488156)"; flow:established,from_client; content:"GET"; http_method; content:"/irfanr-source/synthtweet/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488156/; classtype:trojan-activity;sid:84351256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488147)"; flow:established,from_client; content:"GET"; http_method; content:"/arya-gg/axium/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488147/; classtype:trojan-activity;sid:84351247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488148)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488148/; classtype:trojan-activity;sid:84351248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488149)"; flow:established,from_client; content:"GET"; http_method; content:"/jeremiah95676t/openmetadata-helm-argocd/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488149/; classtype:trojan-activity;sid:84351249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488150)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488150/; classtype:trojan-activity;sid:84351250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488152)"; flow:established,from_client; content:"GET"; http_method; content:"/berstarhunter/deepseek-start/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488152/; classtype:trojan-activity;sid:84351252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488153)"; flow:established,from_client; content:"GET"; http_method; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488153/; classtype:trojan-activity;sid:84351253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488146)"; flow:established,from_client; content:"GET"; http_method; content:"/irfanr-source/synthtweet/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488146/; classtype:trojan-activity;sid:84351246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488128)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488128/; classtype:trojan-activity;sid:84351228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488129)"; flow:established,from_client; content:"GET"; http_method; content:"/tim2010990106/catalogue-of-languages/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488129/; classtype:trojan-activity;sid:84351229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488130)"; flow:established,from_client; content:"GET"; http_method; content:"/ariel-pachec0/seeyoohk.github.io/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488130/; classtype:trojan-activity;sid:84351230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488131)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488131/; classtype:trojan-activity;sid:84351231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488132)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488132/; classtype:trojan-activity;sid:84351232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488133)"; flow:established,from_client; content:"GET"; http_method; content:"/patacalida/churn-prediction/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488133/; classtype:trojan-activity;sid:84351233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488134)"; flow:established,from_client; content:"GET"; http_method; content:"/iguit-1/instagramuseranalysis/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488134/; classtype:trojan-activity;sid:84351234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488125)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488125/; classtype:trojan-activity;sid:84351225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488126)"; flow:established,from_client; content:"GET"; http_method; content:"/tim2010990106/catalogue-of-languages/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488126/; classtype:trojan-activity;sid:84351226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488127)"; flow:established,from_client; content:"GET"; http_method; content:"/miyajianimation/spam-filter/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488127/; classtype:trojan-activity;sid:84351227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488123)"; flow:established,from_client; content:"GET"; http_method; content:"/ariel-pachec0/seeyoohk.github.io/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488123/; classtype:trojan-activity;sid:84351223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488124)"; flow:established,from_client; content:"GET"; http_method; content:"/miyajianimation/spam-filter/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488124/; classtype:trojan-activity;sid:84351224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488114)"; flow:established,from_client; content:"GET"; http_method; content:"/lleonex/marsdevx/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488114/; classtype:trojan-activity;sid:84351214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488103)"; flow:established,from_client; content:"GET"; http_method; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488103/; classtype:trojan-activity;sid:84351203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488110)"; flow:established,from_client; content:"GET"; http_method; content:"/flarerealfr/url-biblioteca-web/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488110/; classtype:trojan-activity;sid:84351210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488111)"; flow:established,from_client; content:"GET"; http_method; content:"/sinelli/a2.games/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488111/; classtype:trojan-activity;sid:84351211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488112)"; flow:established,from_client; content:"GET"; http_method; content:"/suprithakv02/buildfair/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488112/; classtype:trojan-activity;sid:84351212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488096)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr-web-cloud/localprompt/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488096/; classtype:trojan-activity;sid:84351196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488097)"; flow:established,from_client; content:"GET"; http_method; content:"/chethanks2005/visionuav-navigation/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488097/; classtype:trojan-activity;sid:84351197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488098)"; flow:established,from_client; content:"GET"; http_method; content:"/prakrititz/deepwater/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488098/; classtype:trojan-activity;sid:84351198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488099)"; flow:established,from_client; content:"GET"; http_method; content:"/hackedbysushi/local_deep_seek/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488099/; classtype:trojan-activity;sid:84351199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488100)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/leaf/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488100/; classtype:trojan-activity;sid:84351200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488101)"; flow:established,from_client; content:"GET"; http_method; content:"/dkpetrov/agent-flux/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488101/; classtype:trojan-activity;sid:84351201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488102)"; flow:established,from_client; content:"GET"; http_method; content:"/futurinav/esteai/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488102/; classtype:trojan-activity;sid:84351202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488090)"; flow:established,from_client; content:"GET"; http_method; content:"/maxiazzinnari/mint-nft-on-sui/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488090/; classtype:trojan-activity;sid:84351190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488091)"; flow:established,from_client; content:"GET"; http_method; content:"/ahsankhan55/send-form-email/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488091/; classtype:trojan-activity;sid:84351191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488092)"; flow:established,from_client; content:"GET"; http_method; content:"/faheem6969/citrix-workspace-software/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488092/; classtype:trojan-activity;sid:84351192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488093)"; flow:established,from_client; content:"GET"; http_method; content:"/erick265/telegramchatorganizer/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488093/; classtype:trojan-activity;sid:84351193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488079)"; flow:established,from_client; content:"GET"; http_method; content:"/alsooory/svg-templates/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488079/; classtype:trojan-activity;sid:84351179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488080)"; flow:established,from_client; content:"GET"; http_method; content:"/fadoulsaboune/amazon-power-bi-dashboard/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488080/; classtype:trojan-activity;sid:84351180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488082)"; flow:established,from_client; content:"GET"; http_method; content:"/thehitter98709/gitkot/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488082/; classtype:trojan-activity;sid:84351182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488083)"; flow:established,from_client; content:"GET"; http_method; content:"/moshe236/vanishmail/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488083/; classtype:trojan-activity;sid:84351183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488084)"; flow:established,from_client; content:"GET"; http_method; content:"/awskhahaha/a/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488084/; classtype:trojan-activity;sid:84351184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488085)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbysaremine/hb2/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488085/; classtype:trojan-activity;sid:84351185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488087)"; flow:established,from_client; content:"GET"; http_method; content:"/vickorkumar/666/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488087/; classtype:trojan-activity;sid:84351187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488088)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/cloudflare-dns-swarm/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488088/; classtype:trojan-activity;sid:84351188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488073)"; flow:established,from_client; content:"GET"; http_method; content:"/frogmen123/saas-billing-tracker/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488073/; classtype:trojan-activity;sid:84351173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488075)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488075/; classtype:trojan-activity;sid:84351175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488067)"; flow:established,from_client; content:"GET"; http_method; content:"/sudi008/mocha-job-portal-frontend/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488067/; classtype:trojan-activity;sid:84351167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488065)"; flow:established,from_client; content:"GET"; http_method; content:"/nirvash27/doctor-dok/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488065/; classtype:trojan-activity;sid:84351165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488062)"; flow:established,from_client; content:"GET"; http_method; content:"/afthab21/movieapp/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488062/; classtype:trojan-activity;sid:84351162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488059)"; flow:established,from_client; content:"GET"; http_method; content:"/btl-ltw/back-end/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488059/; classtype:trojan-activity;sid:84351159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488061)"; flow:established,from_client; content:"GET"; http_method; content:"/ayobcoding/deep-research-py/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488061/; classtype:trojan-activity;sid:84351161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488054)"; flow:established,from_client; content:"GET"; http_method; content:"/keanusmall/sahimatch.ai/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488054/; classtype:trojan-activity;sid:84351154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488056)"; flow:established,from_client; content:"GET"; http_method; content:"/smj3300fn/fff/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488056/; classtype:trojan-activity;sid:84351156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488057)"; flow:established,from_client; content:"GET"; http_method; content:"/alejandro5486/infestuswebapp/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488057/; classtype:trojan-activity;sid:84351157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488058)"; flow:established,from_client; content:"GET"; http_method; content:"/aashishpatil2001/coffee_causality/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488058/; classtype:trojan-activity;sid:84351158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488035)"; flow:established,from_client; content:"GET"; http_method; content:"/kossiw/olievra/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488035/; classtype:trojan-activity;sid:84351135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488036)"; flow:established,from_client; content:"GET"; http_method; content:"/nodiq/tempmail/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488036/; classtype:trojan-activity;sid:84351136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488037)"; flow:established,from_client; content:"GET"; http_method; content:"/narrr16/pihole-ausnews/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488037/; classtype:trojan-activity;sid:84351137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488044)"; flow:established,from_client; content:"GET"; http_method; content:"/klhaus24/android-x64_livecd_13b_docs/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488044/; classtype:trojan-activity;sid:84351144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488045)"; flow:established,from_client; content:"GET"; http_method; content:"/narrr16/pihole-ausnews/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488045/; classtype:trojan-activity;sid:84351145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488046)"; flow:established,from_client; content:"GET"; http_method; content:"/keitaro000/oliver-3/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488046/; classtype:trojan-activity;sid:84351146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488052)"; flow:established,from_client; content:"GET"; http_method; content:"/chrlzjanem/laravel-py/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488052/; classtype:trojan-activity;sid:84351152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488024)"; flow:established,from_client; content:"GET"; http_method; content:"/rila111/content2map/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488024/; classtype:trojan-activity;sid:84351124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488025)"; flow:established,from_client; content:"GET"; http_method; content:"/alfa786-creator/pic-squeeze/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488025/; classtype:trojan-activity;sid:84351125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488027)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwani15upadhyay/mandragora/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488027/; classtype:trojan-activity;sid:84351127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488028)"; flow:established,from_client; content:"GET"; http_method; content:"/sudhanshu182004/ml-from-scratch/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488028/; classtype:trojan-activity;sid:84351128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488029)"; flow:established,from_client; content:"GET"; http_method; content:"/confidencemedia/switch-timeframes-keys/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488029/; classtype:trojan-activity;sid:84351129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488030)"; flow:established,from_client; content:"GET"; http_method; content:"/mrcaptain27/lianjiascraper/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488030/; classtype:trojan-activity;sid:84351130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488033)"; flow:established,from_client; content:"GET"; http_method; content:"/platha19vsb/dcf-valuation/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488033/; classtype:trojan-activity;sid:84351133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488034)"; flow:established,from_client; content:"GET"; http_method; content:"/yogeshnicks/loader-ldtk/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488034/; classtype:trojan-activity;sid:84351134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488023)"; flow:established,from_client; content:"GET"; http_method; content:"/vukhang16/ggg/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488023/; classtype:trojan-activity;sid:84351123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488021)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488021/; classtype:trojan-activity;sid:84351121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488010)"; flow:established,from_client; content:"GET"; http_method; content:"/titiaswe12/rozetka-admin-panel/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488010/; classtype:trojan-activity;sid:84351110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488011)"; flow:established,from_client; content:"GET"; http_method; content:"/cedrickly/master-s-research-project/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488011/; classtype:trojan-activity;sid:84351111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488012)"; flow:established,from_client; content:"GET"; http_method; content:"/murodsb/bool-automation-script/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488012/; classtype:trojan-activity;sid:84351112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488014)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488014/; classtype:trojan-activity;sid:84351114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488015)"; flow:established,from_client; content:"GET"; http_method; content:"/manangoyal-coder/dosint/releases/download/v1.0/app.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488015/; classtype:trojan-activity;sid:84351115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488016)"; flow:established,from_client; content:"GET"; http_method; content:"/rizki7680/auto-gmtsar-setup/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488016/; classtype:trojan-activity;sid:84351116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488017)"; flow:established,from_client; content:"GET"; http_method; content:"/yourmumsbad/testkanban/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488017/; classtype:trojan-activity;sid:84351117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488018)"; flow:established,from_client; content:"GET"; http_method; content:"/perish76b/ratter-app/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488018/; classtype:trojan-activity;sid:84351118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488008)"; flow:established,from_client; content:"GET"; http_method; content:"/manangoyal-coder/dosint/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488008/; classtype:trojan-activity;sid:84351108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488009)"; flow:established,from_client; content:"GET"; http_method; content:"/murodsb/bool-automation-script/releases/download/v1.0/app.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488009/; classtype:trojan-activity;sid:84351109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488006)"; flow:established,from_client; content:"GET"; http_method; content:"/ttoyi/basic-web-auth/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488006/; classtype:trojan-activity;sid:84351106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488007)"; flow:established,from_client; content:"GET"; http_method; content:"/subhankarpramanik/drfone-toolkit/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488007/; classtype:trojan-activity;sid:84351107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487999)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenyy/prestigepreview_python_docs/releases/download/v1.0/app.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487999/; classtype:trojan-activity;sid:84351099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488000)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/invenstock/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488000/; classtype:trojan-activity;sid:84351100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488001)"; flow:established,from_client; content:"GET"; http_method; content:"/riusni/zipship-parcel-management-client/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488001/; classtype:trojan-activity;sid:84351101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488002)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenyy/prestigepreview_python_docs/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488002/; classtype:trojan-activity;sid:84351102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487995)"; flow:established,from_client; content:"GET"; http_method; content:"/titiaswe12/rozetka-admin-panel/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487995/; classtype:trojan-activity;sid:84351095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487996)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487996/; classtype:trojan-activity;sid:84351096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487997)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowmask0/remix-app/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487997/; classtype:trojan-activity;sid:84351097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487994)"; flow:established,from_client; content:"GET"; http_method; content:"/raiokkj/avs-audio-converter-free/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487994/; classtype:trojan-activity;sid:84351094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487990)"; flow:established,from_client; content:"GET"; http_method; content:"/lochielochie/open-deep-research/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487990/; classtype:trojan-activity;sid:84351090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487981)"; flow:established,from_client; content:"GET"; http_method; content:"/dedywahyudi1/minesweeper/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487981/; classtype:trojan-activity;sid:84351081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487982)"; flow:established,from_client; content:"GET"; http_method; content:"/riusni/zipship-parcel-management-client/releases/download/v1.0/app.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487982/; classtype:trojan-activity;sid:84351082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487983)"; flow:established,from_client; content:"GET"; http_method; content:"/zeidmakic/quorixjwt/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487983/; classtype:trojan-activity;sid:84351083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487984)"; flow:established,from_client; content:"GET"; http_method; content:"/cedrickly/master-s-research-project/releases/download/v1.0/app.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487984/; classtype:trojan-activity;sid:84351084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487985)"; flow:established,from_client; content:"GET"; http_method; content:"/hotdogcookie20/yingyanai/releases/download/v1.0/app.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487985/; classtype:trojan-activity;sid:84351085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487986)"; flow:established,from_client; content:"GET"; http_method; content:"/biggobble46/freeddit/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487986/; classtype:trojan-activity;sid:84351086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487987)"; flow:established,from_client; content:"GET"; http_method; content:"/m2iq1/sendfakebtc/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487987/; classtype:trojan-activity;sid:84351087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487979)"; flow:established,from_client; content:"GET"; http_method; content:"/lochielochie/open-deep-research/releases/download/v1.0/app.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487979/; classtype:trojan-activity;sid:84351079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487980)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodbag/prestigepreview_webgl_docs/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487980/; classtype:trojan-activity;sid:84351080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487977)"; flow:established,from_client; content:"GET"; http_method; content:"/zeidmakic/quorixjwt/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487977/; classtype:trojan-activity;sid:84351077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487978)"; flow:established,from_client; content:"GET"; http_method; content:"/tukiiq9/assertive/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487978/; classtype:trojan-activity;sid:84351078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487972)"; flow:established,from_client; content:"GET"; http_method; content:"/dedywahyudi1/minesweeper/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487972/; classtype:trojan-activity;sid:84351072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487974)"; flow:established,from_client; content:"GET"; http_method; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487974/; classtype:trojan-activity;sid:84351074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487975)"; flow:established,from_client; content:"GET"; http_method; content:"/brotimer24/chargingassignment.withtests/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487975/; classtype:trojan-activity;sid:84351075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487966)"; flow:established,from_client; content:"GET"; http_method; content:"/subhankarpramanik/drfone-toolkit/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487966/; classtype:trojan-activity;sid:84351066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487969)"; flow:established,from_client; content:"GET"; http_method; content:"/123450-cloud/bestcodes.dev/releases/download/v1.0/app.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487969/; classtype:trojan-activity;sid:84351069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487958)"; flow:established,from_client; content:"GET"; http_method; content:"/123450-cloud/bestcodes.dev/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487958/; classtype:trojan-activity;sid:84351058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487961)"; flow:established,from_client; content:"GET"; http_method; content:"/mkiuk/jullus2api/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487961/; classtype:trojan-activity;sid:84351061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487947)"; flow:established,from_client; content:"GET"; http_method; content:"/jay3x/auto-commit/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487947/; classtype:trojan-activity;sid:84351047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487948)"; flow:established,from_client; content:"GET"; http_method; content:"/ethanpoo/babyblog/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487948/; classtype:trojan-activity;sid:84351048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487949)"; flow:established,from_client; content:"GET"; http_method; content:"/namensenn/coding-practice-32-car/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487949/; classtype:trojan-activity;sid:84351049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487950)"; flow:established,from_client; content:"GET"; http_method; content:"/brotimer24/chargingassignment.withtests/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487950/; classtype:trojan-activity;sid:84351050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487951)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/tm1637_pico/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487951/; classtype:trojan-activity;sid:84351051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487952)"; flow:established,from_client; content:"GET"; http_method; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487952/; classtype:trojan-activity;sid:84351052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487953)"; flow:established,from_client; content:"GET"; http_method; content:"/daveyisbricked/movie-finder-react/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487953/; classtype:trojan-activity;sid:84351053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487954)"; flow:established,from_client; content:"GET"; http_method; content:"/daveyisbricked/movie-finder-react/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487954/; classtype:trojan-activity;sid:84351054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487955)"; flow:established,from_client; content:"GET"; http_method; content:"/jay3x/auto-commit/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487955/; classtype:trojan-activity;sid:84351055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487956)"; flow:established,from_client; content:"GET"; http_method; content:"/quynh814/teafibot/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487956/; classtype:trojan-activity;sid:84351056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487943)"; flow:established,from_client; content:"GET"; http_method; content:"/okijuinhbugvygbuhi/concept/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487943/; classtype:trojan-activity;sid:84351043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487944)"; flow:established,from_client; content:"GET"; http_method; content:"/hafijulkhan786/fhnw-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487944/; classtype:trojan-activity;sid:84351044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487945)"; flow:established,from_client; content:"GET"; http_method; content:"/rizki7680/auto-gmtsar-setup/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487945/; classtype:trojan-activity;sid:84351045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487941)"; flow:established,from_client; content:"GET"; http_method; content:"/hotdogcookie20/yingyanai/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487941/; classtype:trojan-activity;sid:84351041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487939)"; flow:established,from_client; content:"GET"; http_method; content:"/quynh814/teafibot/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487939/; classtype:trojan-activity;sid:84351039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487940)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/mediassist/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487940/; classtype:trojan-activity;sid:84351040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487935)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/invenstock/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487935/; classtype:trojan-activity;sid:84351035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487937)"; flow:established,from_client; content:"GET"; http_method; content:"/yourmumsbad/testkanban/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487937/; classtype:trojan-activity;sid:84351037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487938)"; flow:established,from_client; content:"GET"; http_method; content:"/namensenn/coding-practice-32-car/releases/download/v1.0/app.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487938/; classtype:trojan-activity;sid:84351038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487933)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487933/; classtype:trojan-activity;sid:84351033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487934)"; flow:established,from_client; content:"GET"; http_method; content:"/ethanpoo/babyblog/releases/download/v1.0/app.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487934/; classtype:trojan-activity;sid:84351034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487930)"; flow:established,from_client; content:"GET"; http_method; content:"/justnem/deep-research/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487930/; classtype:trojan-activity;sid:84351030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487931)"; flow:established,from_client; content:"GET"; http_method; content:"/rofix12/spring-microservices/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487931/; classtype:trojan-activity;sid:84351031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487932)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodbag/prestigepreview_webgl_docs/releases/download/v1.0/app.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487932/; classtype:trojan-activity;sid:84351032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487929)"; flow:established,from_client; content:"GET"; http_method; content:"/justnem/deep-research/releases/download/v1.0/app.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487929/; classtype:trojan-activity;sid:84351029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487927)"; flow:established,from_client; content:"GET"; http_method; content:"/mkiuk/jullus2api/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487927/; classtype:trojan-activity;sid:84351027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487925)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/tm1637_pico/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487925/; classtype:trojan-activity;sid:84351025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487926)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/mediassist/releases/download/v1.0/app.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487926/; classtype:trojan-activity;sid:84351026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487924)"; flow:established,from_client; content:"GET"; http_method; content:"/ttoyi/basic-web-auth/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487924/; classtype:trojan-activity;sid:84351024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487923)"; flow:established,from_client; content:"GET"; http_method; content:"/raiokkj/avs-audio-converter-free/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487923/; classtype:trojan-activity;sid:84351023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487918)"; flow:established,from_client; content:"GET"; http_method; content:"/jeff2807/githubaipy/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487918/; classtype:trojan-activity;sid:84351018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487919)"; flow:established,from_client; content:"GET"; http_method; content:"/ydpox/snu_2d_programmingtools_ide_alpine-abuild/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487919/; classtype:trojan-activity;sid:84351019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487920)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v1.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487920/; classtype:trojan-activity;sid:84351020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487921)"; flow:established,from_client; content:"GET"; http_method; content:"/jeff2807/githubaipy/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487921/; classtype:trojan-activity;sid:84351021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487916)"; flow:established,from_client; content:"GET"; http_method; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487916/; classtype:trojan-activity;sid:84351016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487912)"; flow:established,from_client; content:"GET"; http_method; content:"/envility/pic18f56q24-cnano-8bit-mdfu-solution-mplab-mcc/releases/download/v2.0/software.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487912/; classtype:trojan-activity;sid:84351012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487914)"; flow:established,from_client; content:"GET"; http_method; content:"/ydpox/snu_2d_programmingtools_ide_alpine-abuild/releases/download/v1.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487914/; classtype:trojan-activity;sid:84351014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487907)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemdaher772/weather-app/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487907/; classtype:trojan-activity;sid:84351007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487908)"; flow:established,from_client; content:"GET"; http_method; content:"/m2iq1/sendfakebtc/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487908/; classtype:trojan-activity;sid:84351008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487909)"; flow:established,from_client; content:"GET"; http_method; content:"/rofix12/spring-microservices/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487909/; classtype:trojan-activity;sid:84351009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487910)"; flow:established,from_client; content:"GET"; http_method; content:"/maxt5n/deepseek-model-finetune-inference-platform/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487910/; classtype:trojan-activity;sid:84351010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487911)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemdaher772/weather-app/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487911/; classtype:trojan-activity;sid:84351011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487905)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v2.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487905/; classtype:trojan-activity;sid:84351005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487902)"; flow:established,from_client; content:"GET"; http_method; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487902/; classtype:trojan-activity;sid:84351002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487360)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/bhh666666666666/raw/refs/heads/main/service.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487360/; classtype:trojan-activity;sid:84350460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487363)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/vbvgghjjio999000/raw/refs/heads/main/bnoaprihjatuasss.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487363/; classtype:trojan-activity;sid:84350463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487364)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/bbgy555555551/raw/refs/heads/main/ntladlklthawd.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487364/; classtype:trojan-activity;sid:84350464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487083)"; flow:established,from_client; content:"GET"; http_method; content:"/chenjee/roblox-scriptify/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487083/; classtype:trojan-activity;sid:84350183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487069)"; flow:established,from_client; content:"GET"; http_method; content:"/dl19"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487069/; classtype:trojan-activity;sid:84350169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.101.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486797/; classtype:trojan-activity;sid:84349897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.196.99.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486789/; classtype:trojan-activity;sid:84349889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.231.18.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486773/; classtype:trojan-activity;sid:84349873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486184)"; flow:established,from_client; content:"GET"; http_method; content:"/ilganrat342/dgasgxc/refs/heads/main/setup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486184/; classtype:trojan-activity;sid:84349284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486183)"; flow:established,from_client; content:"GET"; http_method; content:"/lawrencesanity1108/gta-5-mod-menu-2024/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486183/; classtype:trojan-activity;sid:84349283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486175)"; flow:established,from_client; content:"GET"; http_method; content:"/potatowearsyeeezye/gta-5-mod-menu-2025/releases/download/3.7.2/gta-5-mod-menu-2025-v3.7.2.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486175/; classtype:trojan-activity;sid:84349275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485331)"; flow:established,from_client; content:"GET"; http_method; content:"/sh.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485331/; classtype:trojan-activity;sid:84348431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485332)"; flow:established,from_client; content:"GET"; http_method; content:"/aasdasdqrunshkkkkkkk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485332/; classtype:trojan-activity;sid:84348432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485330)"; flow:established,from_client; content:"GET"; http_method; content:"/asdqsadsdahhhhhtxt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485330/; classtype:trojan-activity;sid:84348430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485329)"; flow:established,from_client; content:"GET"; http_method; content:"/ps_z.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485329/; classtype:trojan-activity;sid:84348429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485210)"; flow:established,from_client; content:"GET"; http_method; content:"/duduzx/como-ba/releases/download/v1.0/application.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485210/; classtype:trojan-activity;sid:84348310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485212)"; flow:established,from_client; content:"GET"; http_method; content:"/anikthakur05/nosferatu-2/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485212/; classtype:trojan-activity;sid:84348312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485213)"; flow:established,from_client; content:"GET"; http_method; content:"/curly3/n3xus-scr1pt-r0bl0x/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485213/; classtype:trojan-activity;sid:84348313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485214)"; flow:established,from_client; content:"GET"; http_method; content:"/roblox12400z/dx9ware-roblox/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485214/; classtype:trojan-activity;sid:84348314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485207)"; flow:established,from_client; content:"GET"; http_method; content:"/anikthakur05/nosferatu-2/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485207/; classtype:trojan-activity;sid:84348307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485196)"; flow:established,from_client; content:"GET"; http_method; content:"/massambaf/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485196/; classtype:trojan-activity;sid:84348296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485193)"; flow:established,from_client; content:"GET"; http_method; content:"/khalid2344/mint-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485193/; classtype:trojan-activity;sid:84348293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485154)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kzbxe0sxh2nekdwfbbrvyzg6vsu-nmci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485154/; classtype:trojan-activity;sid:84348254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485144)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k4idibw1vtsntpbqtvbfabfgm2h5s14d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485144/; classtype:trojan-activity;sid:84348244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485140)"; flow:established,from_client; content:"GET"; http_method; content:"/dalsaniyacoomercio/hydrogen-executor/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485140/; classtype:trojan-activity;sid:84348240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485126)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1km_hwk7sn_amuk7q2dk9kttzwk1taelw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485126/; classtype:trojan-activity;sid:84348226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485125)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ek4th7ucqd9_h2yf9orhzhuallukeo0n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485125/; classtype:trojan-activity;sid:84348225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxfortitech.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484561/; classtype:trojan-activity;sid:84347661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"accesspoint.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484576/; classtype:trojan-activity;sid:84347676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484546)"; flow:established,from_client; content:"GET"; http_method; content:"/creation_made_by_grokai.mp4%20%20%20openai.com"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"innaflux.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484546/; classtype:trojan-activity;sid:84347646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484493)"; flow:established,from_client; content:"GET"; http_method; content:"/dl17"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484493/; classtype:trojan-activity;sid:84347593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484480)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484480/; classtype:trojan-activity;sid:84347580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484481)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484481/; classtype:trojan-activity;sid:84347581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484485)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484485/; classtype:trojan-activity;sid:84347585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484474)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484474/; classtype:trojan-activity;sid:84347574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484476)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484476/; classtype:trojan-activity;sid:84347576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484478)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484478/; classtype:trojan-activity;sid:84347578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484465)"; flow:established,from_client; content:"GET"; http_method; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484465/; classtype:trojan-activity;sid:84347565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484466)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v3.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484466/; classtype:trojan-activity;sid:84347566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484464)"; flow:established,from_client; content:"GET"; http_method; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484464/; classtype:trojan-activity;sid:84347564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484461)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v3.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484461/; classtype:trojan-activity;sid:84347561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483995)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483995/; classtype:trojan-activity;sid:84347095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483996)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483996/; classtype:trojan-activity;sid:84347096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483999)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v3.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483999/; classtype:trojan-activity;sid:84347099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484002)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484002/; classtype:trojan-activity;sid:84347102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484004)"; flow:established,from_client; content:"GET"; http_method; content:"/hoang24092003/arceus-executor/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484004/; classtype:trojan-activity;sid:84347104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484005)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484005/; classtype:trojan-activity;sid:84347105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484006)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484006/; classtype:trojan-activity;sid:84347106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483988)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483988/; classtype:trojan-activity;sid:84347088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483990)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483990/; classtype:trojan-activity;sid:84347090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483992)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483992/; classtype:trojan-activity;sid:84347092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483986)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483986/; classtype:trojan-activity;sid:84347086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483984)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483984/; classtype:trojan-activity;sid:84347084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483982)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v2.0/program.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483982/; classtype:trojan-activity;sid:84347082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483978)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483978/; classtype:trojan-activity;sid:84347078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483979)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483979/; classtype:trojan-activity;sid:84347079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483980)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483980/; classtype:trojan-activity;sid:84347080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483406)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1q6iji-1uq5ksrr3luufy3to-jfs4ec4d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483406/; classtype:trojan-activity;sid:84346506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483319)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1inbpqtz2qyus0zqldnbhutbzwgdghhs0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483319/; classtype:trojan-activity;sid:84346419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483317)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1g4q6iay5qjzlgigjqnwftkdc5-o_2pqx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483317/; classtype:trojan-activity;sid:84346417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483311)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19oyoc9sosknxnhyr6e7yrdumyqr6ixdz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483311/; classtype:trojan-activity;sid:84346411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483309)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cl-nvhrrue_wg2zkpuxmvk40tk3knacb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483309/; classtype:trojan-activity;sid:84346409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483308)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10yn0gknsk0hopi5eyv9vxkxxvmwi9k4u"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483308/; classtype:trojan-activity;sid:84346408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483034)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483034/; classtype:trojan-activity;sid:84346134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483030)"; flow:established,from_client; content:"GET"; http_method; content:"/iampoo31331/hydrogen-executor/releases/download/v1.0/executor.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483030/; classtype:trojan-activity;sid:84346130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483027)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483027/; classtype:trojan-activity;sid:84346127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483028)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v3.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483028/; classtype:trojan-activity;sid:84346128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483029)"; flow:established,from_client; content:"GET"; http_method; content:"/masterlines/electron-executor/releases/download/v1.0/executor.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483029/; classtype:trojan-activity;sid:84346129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483018)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483018/; classtype:trojan-activity;sid:84346118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483019)"; flow:established,from_client; content:"GET"; http_method; content:"/masterlines/electron-executor/releases/download/v2.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483019/; classtype:trojan-activity;sid:84346119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483020)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v2.0/program.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483020/; classtype:trojan-activity;sid:84346120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483014)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483014/; classtype:trojan-activity;sid:84346114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483008)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483008/; classtype:trojan-activity;sid:84346108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483006)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483006/; classtype:trojan-activity;sid:84346106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482360)"; flow:established,from_client; content:"GET"; http_method; content:"/omio-saha/spotify_data_pipe_snowflake/releases/download/v1.0/release_x64.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482360/; classtype:trojan-activity;sid:84345460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482367)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482367/; classtype:trojan-activity;sid:84345467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482368)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482368/; classtype:trojan-activity;sid:84345468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482343)"; flow:established,from_client; content:"GET"; http_method; content:"/neffriana/swift-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482343/; classtype:trojan-activity;sid:84345443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482330)"; flow:established,from_client; content:"GET"; http_method; content:"/namexer4all/evon-executor/releases/download/v1.0.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482330/; classtype:trojan-activity;sid:84345430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482262)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/colors/sunrise/xundfaxgnsp84.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.automobile-bk.de"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482262/; classtype:trojan-activity;sid:84345362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482259)"; flow:established,from_client; content:"GET"; http_method; content:"/2023/xundfaxgnsp84.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.luuk-lifestyle.eu"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482259/; classtype:trojan-activity;sid:84345359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482257)"; flow:established,from_client; content:"GET"; http_method; content:"/bear/2020/goldarnedest.aca"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.support-data.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482257/; classtype:trojan-activity;sid:84345357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481956)"; flow:established,from_client; content:"GET"; http_method; content:"/numonehittaboy/cdn/refs/heads/main/cvf.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481956/; classtype:trojan-activity;sid:84345056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.79.114.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481604/; classtype:trojan-activity;sid:84344704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.159.106.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481603/; classtype:trojan-activity;sid:84344703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481600/; classtype:trojan-activity;sid:84344700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481344)"; flow:established,from_client; content:"GET"; http_method; content:"/alishazara/api/refs/heads/master/rh_s.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481344/; classtype:trojan-activity;sid:84344444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481138)"; flow:established,from_client; content:"GET"; http_method; content:"/6354/70534a410169b51c914e9ac9ca318c73/skidanov2017.pdf"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481138/; classtype:trojan-activity;sid:84344238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480616)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/raw/main/ud.bat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480616/; classtype:trojan-activity;sid:84343716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480361)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480361/; classtype:trojan-activity;sid:84343461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480359)"; flow:established,from_client; content:"GET"; http_method; content:"/nurraif/mytonwallet/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480359/; classtype:trojan-activity;sid:84343459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480320)"; flow:established,from_client; content:"GET"; http_method; content:"/thilakshanthavarajah/simpletemp-demo/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480320/; classtype:trojan-activity;sid:84343420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480322)"; flow:established,from_client; content:"GET"; http_method; content:"/dasara21/hypermatch/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480322/; classtype:trojan-activity;sid:84343422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480279)"; flow:established,from_client; content:"GET"; http_method; content:"/pig85236/45k-udemy-course-wordpress-posts/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480279/; classtype:trojan-activity;sid:84343379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480277)"; flow:established,from_client; content:"GET"; http_method; content:"/gwynelan/linux-basics-for-hackers/releases/download/v2.1.2/linux-basics-for-hackers-v2.1.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480277/; classtype:trojan-activity;sid:84343377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480278)"; flow:established,from_client; content:"GET"; http_method; content:"/thanatapn/postman-api-client-setup/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480278/; classtype:trojan-activity;sid:84343378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480271)"; flow:established,from_client; content:"GET"; http_method; content:"/yusen0820/linux-basics-for-hackers/releases/download/v2.6.9/linux-basics-for-hackers-v2.6.9.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480271/; classtype:trojan-activity;sid:84343371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480273)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480273/; classtype:trojan-activity;sid:84343373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480274)"; flow:established,from_client; content:"GET"; http_method; content:"/gollfinho/browser-testing/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480274/; classtype:trojan-activity;sid:84343374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480275)"; flow:established,from_client; content:"GET"; http_method; content:"/barza22/phpstorm-jetbrains-unlimited-ide/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480275/; classtype:trojan-activity;sid:84343375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480276)"; flow:established,from_client; content:"GET"; http_method; content:"/matezk1/rufus-bootable-usb-installer-2025/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480276/; classtype:trojan-activity;sid:84343376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480264)"; flow:established,from_client; content:"GET"; http_method; content:"/basha2247/driver-booster-pro-installer-2025/releases/download/v1.6.7/driver.booster.pro.installer.2025.v1.6.7.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480264/; classtype:trojan-activity;sid:84343364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480265)"; flow:established,from_client; content:"GET"; http_method; content:"/dannythescripter/rails-modern-stack-template/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480265/; classtype:trojan-activity;sid:84343365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480243)"; flow:established,from_client; content:"GET"; http_method; content:"/monggosporlyp/circlexo/releases/download/v1.2/soft.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480243/; classtype:trojan-activity;sid:84343343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480245)"; flow:established,from_client; content:"GET"; http_method; content:"/mynameisbenja/metodis_bot/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480245/; classtype:trojan-activity;sid:84343345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480236)"; flow:established,from_client; content:"GET"; http_method; content:"/vixiecheatz/free-lita-raider/releases/download/v3.4.1/free-lita-raider-v3.4.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480236/; classtype:trojan-activity;sid:84343336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480239)"; flow:established,from_client; content:"GET"; http_method; content:"/gnascimento10/roblox-beaming-tool/releases/download/v2.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480239/; classtype:trojan-activity;sid:84343339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480241)"; flow:established,from_client; content:"GET"; http_method; content:"/itzmartinsk/atlant_bot/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480241/; classtype:trojan-activity;sid:84343341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479330)"; flow:established,from_client; content:"GET"; http_method; content:"/arcnassss/roblox/releases/download/v2.5.9/roblox_v2.5.9.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479330/; classtype:trojan-activity;sid:84342430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479335)"; flow:established,from_client; content:"GET"; http_method; content:"/walter2016/krnl-lua-script-injector-for-roblox-game-development/releases/download/v1.3.4/krnl.lua.script.injector.v1.3.4.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479335/; classtype:trojan-activity;sid:84342435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479323)"; flow:established,from_client; content:"GET"; http_method; content:"/hellochat00000/roblox-fisch-script/releases/download/1.1.5-beta.5/roblox-fisch-script-1.1.5-beta.5.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479323/; classtype:trojan-activity;sid:84342423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsafetrack.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479159/; classtype:trojan-activity;sid:84342259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3479154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxstealthnet.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_16; reference:url, urlhaus.abuse.ch/url/3479154/; classtype:trojan-activity;sid:84342254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.79.114.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478783/; classtype:trojan-activity;sid:84341883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.190.181.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478743/; classtype:trojan-activity;sid:84341843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.9.87.21"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478732/; classtype:trojan-activity;sid:84341832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.134.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478691/; classtype:trojan-activity;sid:84341791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.196.62.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478657/; classtype:trojan-activity;sid:84341757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.45.73.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478613/; classtype:trojan-activity;sid:84341713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.160.13.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478559/; classtype:trojan-activity;sid:84341659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478512)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.109.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478512/; classtype:trojan-activity;sid:84341612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.149.178.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478498/; classtype:trojan-activity;sid:84341598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"systemsupport.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477572/; classtype:trojan-activity;sid:84340672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxfortifypro.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477468/; classtype:trojan-activity;sid:84340568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxnexguard.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477470/; classtype:trojan-activity;sid:84340570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsentinelx.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477460/; classtype:trojan-activity;sid:84340560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsafecrypt.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477462/; classtype:trojan-activity;sid:84340562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsecuregate.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477457/; classtype:trojan-activity;sid:84340557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxfortitech.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477302/; classtype:trojan-activity;sid:84340402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3477161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxcyberapex.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_14; reference:url, urlhaus.abuse.ch/url/3477161/; classtype:trojan-activity;sid:84340261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475899)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475899/; classtype:trojan-activity;sid:84338999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475894)"; flow:established,from_client; content:"GET"; http_method; content:"/farizalsalman21/keon/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475894/; classtype:trojan-activity;sid:84338994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475896)"; flow:established,from_client; content:"GET"; http_method; content:"/iqquxd/futzin-online/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475896/; classtype:trojan-activity;sid:84338996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475656)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475656/; classtype:trojan-activity;sid:84338756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475655)"; flow:established,from_client; content:"GET"; http_method; content:"/pritamdash143/art-expo/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475655/; classtype:trojan-activity;sid:84338755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475653)"; flow:established,from_client; content:"GET"; http_method; content:"/narfor502/cucumberbddframework/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475653/; classtype:trojan-activity;sid:84338753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475642)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475642/; classtype:trojan-activity;sid:84338742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475643)"; flow:established,from_client; content:"GET"; http_method; content:"/itsuzerz/evon-executor/releases/download/v2.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475643/; classtype:trojan-activity;sid:84338743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475644)"; flow:established,from_client; content:"GET"; http_method; content:"/phamtaino/fixing-error-0x80004005-unspecified/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475644/; classtype:trojan-activity;sid:84338744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475645)"; flow:established,from_client; content:"GET"; http_method; content:"/attorneywenn/pragati_backend_2025/releases/download/v2.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475645/; classtype:trojan-activity;sid:84338745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475646)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475646/; classtype:trojan-activity;sid:84338746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475647)"; flow:established,from_client; content:"GET"; http_method; content:"/andreh219/freeflux/releases/download/v2.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475647/; classtype:trojan-activity;sid:84338747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475650)"; flow:established,from_client; content:"GET"; http_method; content:"/noob123-art/hamster-clicker/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475650/; classtype:trojan-activity;sid:84338750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475651)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_selinux/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475651/; classtype:trojan-activity;sid:84338751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475624)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475624/; classtype:trojan-activity;sid:84338724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475625)"; flow:established,from_client; content:"GET"; http_method; content:"/7777suprim/expo-rsc-movies/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475625/; classtype:trojan-activity;sid:84338725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475628)"; flow:established,from_client; content:"GET"; http_method; content:"/superoidaa/fixing-error-0x803f8001/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475628/; classtype:trojan-activity;sid:84338728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475629)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475629/; classtype:trojan-activity;sid:84338729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475630)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475630/; classtype:trojan-activity;sid:84338730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475631)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475631/; classtype:trojan-activity;sid:84338731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475634)"; flow:established,from_client; content:"GET"; http_method; content:"/trey89878668/dagger/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475634/; classtype:trojan-activity;sid:84338734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475635)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/realtime-chat-app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475635/; classtype:trojan-activity;sid:84338735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475636)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v3.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475636/; classtype:trojan-activity;sid:84338736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475637)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/fixing-error-0x80070005-access-denied/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475637/; classtype:trojan-activity;sid:84338737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475638)"; flow:established,from_client; content:"GET"; http_method; content:"/baomeomeo/speech/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475638/; classtype:trojan-activity;sid:84338738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475639)"; flow:established,from_client; content:"GET"; http_method; content:"/toanminh2004/fixing-error-0x80070424-specified-service/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475639/; classtype:trojan-activity;sid:84338739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475641)"; flow:established,from_client; content:"GET"; http_method; content:"/ggggddjh/fixing-error-0xc0000142/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475641/; classtype:trojan-activity;sid:84338741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475614)"; flow:established,from_client; content:"GET"; http_method; content:"/junayed-tasnur/youtube_playlist_downloader/releases/download/v2.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475614/; classtype:trojan-activity;sid:84338714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475615)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475615/; classtype:trojan-activity;sid:84338715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475620)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475620/; classtype:trojan-activity;sid:84338720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475621)"; flow:established,from_client; content:"GET"; http_method; content:"/godsetup/aspx-gh0st-executor/releases/download/v2.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475621/; classtype:trojan-activity;sid:84338721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475623)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475623/; classtype:trojan-activity;sid:84338723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475613)"; flow:established,from_client; content:"GET"; http_method; content:"/itzidkmoment/flutter_flower_clone_app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475613/; classtype:trojan-activity;sid:84338713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475604)"; flow:established,from_client; content:"GET"; http_method; content:"/akusayudodograu/agentic-rag-story-generation-with-multimodal-genai/releases/download/v2.0/software.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475604/; classtype:trojan-activity;sid:84338704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474916)"; flow:established,from_client; content:"GET"; http_method; content:"/afonsosousait/freeroam/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474916/; classtype:trojan-activity;sid:84338016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474801)"; flow:established,from_client; content:"GET"; http_method; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474801/; classtype:trojan-activity;sid:84337901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474805)"; flow:established,from_client; content:"GET"; http_method; content:"/okallo123/roblox-faxi-macro/releases/download/v2.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474805/; classtype:trojan-activity;sid:84337905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474808)"; flow:established,from_client; content:"GET"; http_method; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474808/; classtype:trojan-activity;sid:84337908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474810)"; flow:established,from_client; content:"GET"; http_method; content:"/batman00md/roblox-fisch-script/releases/download/v2.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474810/; classtype:trojan-activity;sid:84337910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474813)"; flow:established,from_client; content:"GET"; http_method; content:"/lawrencesanity1108/gta-5-mod-menu-2024/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474813/; classtype:trojan-activity;sid:84337913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474817)"; flow:established,from_client; content:"GET"; http_method; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474817/; classtype:trojan-activity;sid:84337917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474819)"; flow:established,from_client; content:"GET"; http_method; content:"/kaykycampos/gta-benchmark/releases/download/v2.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474819/; classtype:trojan-activity;sid:84337919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474820)"; flow:established,from_client; content:"GET"; http_method; content:"/iampoo31331/hydrogen-executor/releases/download/v2.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474820/; classtype:trojan-activity;sid:84337920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474758)"; flow:established,from_client; content:"GET"; http_method; content:"/namexer4all/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474758/; classtype:trojan-activity;sid:84337858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474759)"; flow:established,from_client; content:"GET"; http_method; content:"/duduzx/como-ba/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474759/; classtype:trojan-activity;sid:84337859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474760)"; flow:established,from_client; content:"GET"; http_method; content:"/relic87/blox-fruits-script-roblox/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474760/; classtype:trojan-activity;sid:84337860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474738)"; flow:established,from_client; content:"GET"; http_method; content:"/hoang24092003/arceus-executor/releases/download/v2.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474738/; classtype:trojan-activity;sid:84337838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474742)"; flow:established,from_client; content:"GET"; http_method; content:"/newgenmightywarrior/nexus-roblox/releases/download/v2.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474742/; classtype:trojan-activity;sid:84337842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474743)"; flow:established,from_client; content:"GET"; http_method; content:"/chenjee/roblox-scriptify/releases/download/v2.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474743/; classtype:trojan-activity;sid:84337843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474745)"; flow:established,from_client; content:"GET"; http_method; content:"/dalsaniyacoomercio/hydrogen-executor/releases/download/v2.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474745/; classtype:trojan-activity;sid:84337845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474746)"; flow:established,from_client; content:"GET"; http_method; content:"/juanvicthor/argon-executor/releases/download/v2.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474746/; classtype:trojan-activity;sid:84337846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474749)"; flow:established,from_client; content:"GET"; http_method; content:"/ishratali007/n3xus-scr1pt-r0bl0x/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474749/; classtype:trojan-activity;sid:84337849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473787)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473787/; classtype:trojan-activity;sid:84336887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473781)"; flow:established,from_client; content:"GET"; http_method; content:"/seltarrx/vite-react-project-setup-scripts/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473781/; classtype:trojan-activity;sid:84336881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473782)"; flow:established,from_client; content:"GET"; http_method; content:"/preakp90/python_wallpaper_crawler/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473782/; classtype:trojan-activity;sid:84336882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473783)"; flow:established,from_client; content:"GET"; http_method; content:"/awisyhaziq/g4/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473783/; classtype:trojan-activity;sid:84336883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473765)"; flow:established,from_client; content:"GET"; http_method; content:"/xterminatordenuci/optimiseur-de-slug-url/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473765/; classtype:trojan-activity;sid:84336865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473766)"; flow:established,from_client; content:"GET"; http_method; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473766/; classtype:trojan-activity;sid:84336866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473767)"; flow:established,from_client; content:"GET"; http_method; content:"/nass3344/trello-like-api/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473767/; classtype:trojan-activity;sid:84336867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473768)"; flow:established,from_client; content:"GET"; http_method; content:"/ab-ff/multi-bit-comparator/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473768/; classtype:trojan-activity;sid:84336868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473770)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/smart-web-scraper-2.0-using-gen-ai/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473770/; classtype:trojan-activity;sid:84336870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473771)"; flow:established,from_client; content:"GET"; http_method; content:"/hambez/stm32-imu-visualizer/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473771/; classtype:trojan-activity;sid:84336871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473774)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473774/; classtype:trojan-activity;sid:84336874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473776)"; flow:established,from_client; content:"GET"; http_method; content:"/brevidade/fleet-pattern/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473776/; classtype:trojan-activity;sid:84336876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473777)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473777/; classtype:trojan-activity;sid:84336877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473778)"; flow:established,from_client; content:"GET"; http_method; content:"/youssefmasoud19999/instagram-auto-liker/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473778/; classtype:trojan-activity;sid:84336878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473779)"; flow:established,from_client; content:"GET"; http_method; content:"/led-sol/mental-health-chatbot/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473779/; classtype:trojan-activity;sid:84336879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473576)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ovluq0bdu-cys5xvyogyjd5qidqb1per"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473576/; classtype:trojan-activity;sid:84336676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473160)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1d4aper-gjv3agk8yeny5scayonlc68yo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473160/; classtype:trojan-activity;sid:84336260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473085)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.187.4.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473085/; classtype:trojan-activity;sid:84336185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472771)"; flow:established,from_client; content:"GET"; http_method; content:"/ujkflzer45sc0"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472771/; classtype:trojan-activity;sid:84335871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472675)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472675/; classtype:trojan-activity;sid:84335775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3471988)"; flow:established,from_client; content:"GET"; http_method; content:"/srv/fup/uploads/drgdf.hgfg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.blackhost.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_09; reference:url, urlhaus.abuse.ch/url/3471988/; classtype:trojan-activity;sid:84335088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470671)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1728896464326/4.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470671/; classtype:trojan-activity;sid:84333771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470670)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1741169086388/3.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470670/; classtype:trojan-activity;sid:84333770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3470668)"; flow:established,from_client; content:"GET"; http_method; content:"/ly/4d2c3f00-7d4c-11e5-af15-41bf63ae4ea0/1741001373486/7.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"fs-im-kefu.7moor-fs1.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_07; reference:url, urlhaus.abuse.ch/url/3470668/; classtype:trojan-activity;sid:84333768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"128.127.102.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469685/; classtype:trojan-activity;sid:84332785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468872)"; flow:established,from_client; content:"GET"; http_method; content:"/xraqwapfu.pdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"galerisenimutiara.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468872/; classtype:trojan-activity;sid:84331972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.66.163.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468511/; classtype:trojan-activity;sid:84331611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.157.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468444/; classtype:trojan-activity;sid:84331544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467628)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1eczx8yjtfxwos26grqtdixajed3ukcao"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467628/; classtype:trojan-activity;sid:84330728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467629)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1drptefwc7xybtum52bikrhp4j4l6lttc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467629/; classtype:trojan-activity;sid:84330729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467546)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/fojik.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467546/; classtype:trojan-activity;sid:84330646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467537)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/61705749605.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467537/; classtype:trojan-activity;sid:84330637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467538)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dd3b43cd-389e-413e-87b9-e21f40c2630d/downloads/guledazawabumoda.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467538/; classtype:trojan-activity;sid:84330638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467533)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/637623a6-af9b-4a69-90a8-85cd562c999e/downloads/niwexokaburule.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467533/; classtype:trojan-activity;sid:84330633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467528)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96f90b6e-3939-4cac-a3ad-eba9fb8219bf/downloads/71599608952.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467528/; classtype:trojan-activity;sid:84330628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467523)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e712c63-2f24-4e6b-a5dc-ff3233100bea/downloads/72290413200.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467523/; classtype:trojan-activity;sid:84330623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467524)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/rafubagosewuniwudob.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467524/; classtype:trojan-activity;sid:84330624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467525)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/70485427967.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467525/; classtype:trojan-activity;sid:84330625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467526)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/xenogipojadamomixaxulute.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467526/; classtype:trojan-activity;sid:84330626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467527)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/9089368795.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467527/; classtype:trojan-activity;sid:84330627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467516)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/safari_magazine_2019_download.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467516/; classtype:trojan-activity;sid:84330616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467517)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/fusoze.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467517/; classtype:trojan-activity;sid:84330617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467519)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/plan_technique_piscine_a_debordement.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467519/; classtype:trojan-activity;sid:84330619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467521)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/83838390139.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467521/; classtype:trojan-activity;sid:84330621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467510)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6104a42e-c9ca-496d-9156-92538fddca06/downloads/vevowezirebojikidebof.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467510/; classtype:trojan-activity;sid:84330610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467513)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/temisipilotiba.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467513/; classtype:trojan-activity;sid:84330613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467501)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/79427765137.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467501/; classtype:trojan-activity;sid:84330601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467478)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/examples_of_employee_goals_for_performance_review.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467478/; classtype:trojan-activity;sid:84330578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467477)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/50228966329.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467477/; classtype:trojan-activity;sid:84330577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467475)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/educational_leadership_philosophy_examples.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467475/; classtype:trojan-activity;sid:84330575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467476)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/299c0676-bac5-4db6-8fea-3075091e1687/downloads/61526216713.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467476/; classtype:trojan-activity;sid:84330576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467465)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gumofeke.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467465/; classtype:trojan-activity;sid:84330565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467466)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/mawanigokur.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467466/; classtype:trojan-activity;sid:84330566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467469)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36054141231.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467469/; classtype:trojan-activity;sid:84330569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467470)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/85925649248.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467470/; classtype:trojan-activity;sid:84330570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467471)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/educacion_financiera_avanzada_partiendo_de_cero_autor_gregor.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467471/; classtype:trojan-activity;sid:84330571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467472)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/663ae0bf-1142-4d7a-8653-755553f6852e/downloads/lejafarezafig.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467472/; classtype:trojan-activity;sid:84330572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467474)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/biwejukajurel.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467474/; classtype:trojan-activity;sid:84330574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467458)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/6083216094.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467458/; classtype:trojan-activity;sid:84330558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467459)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/69065118383.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467459/; classtype:trojan-activity;sid:84330559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467461)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/40061082597.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467461/; classtype:trojan-activity;sid:84330561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467462)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/94224235634.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467462/; classtype:trojan-activity;sid:84330562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467463)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/739cff78-28a4-4749-8c7f-abf371b6a947/downloads/62789327536.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467463/; classtype:trojan-activity;sid:84330563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467464)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ee12fbcb-3848-4c54-8690-0d9c760d3837/downloads/5683334295.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467464/; classtype:trojan-activity;sid:84330564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467453)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d9b3f7f8-355a-428e-bb44-74bff775274d/downloads/supix.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467453/; classtype:trojan-activity;sid:84330553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467454)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/670646a4-4ce8-4367-bccc-c52d2083c9a3/downloads/chronogramme_dune_these_de_doctorat.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467454/; classtype:trojan-activity;sid:84330554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467455)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/zopawakabubijipek.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467455/; classtype:trojan-activity;sid:84330555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467456)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/27590969755.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467456/; classtype:trojan-activity;sid:84330556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467457)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kudokexogikekuporeso.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467457/; classtype:trojan-activity;sid:84330557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467452)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/48255006417.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467452/; classtype:trojan-activity;sid:84330552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467448)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09540d0c-1db9-4e3c-a32d-6eed7b48ae00/downloads/3841723103.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467448/; classtype:trojan-activity;sid:84330548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467443)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_dossier_raep_redige.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467443/; classtype:trojan-activity;sid:84330543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467444)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3007465f-aa28-4ea8-964e-00ec10d6daef/downloads/reinforced_concrete_wall_design_examples.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467444/; classtype:trojan-activity;sid:84330544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467445)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/munich_tourist_attractions_map.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467445/; classtype:trojan-activity;sid:84330545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467438)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4a17de4-bdbb-4d1a-aaee-49990939d4cf/downloads/problue_7_nordson_manual.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467438/; classtype:trojan-activity;sid:84330538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467440)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/30229793875.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467440/; classtype:trojan-activity;sid:84330540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467433)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/cooling_tower_working.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467433/; classtype:trojan-activity;sid:84330533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467434)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/corporate_signature_authority_matrix_template_printable.pdf"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467434/; classtype:trojan-activity;sid:84330534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467425)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/continental_online_assessment_test_answers.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467425/; classtype:trojan-activity;sid:84330525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467426)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/465f36af-7a24-4906-9c2a-986dcb6b15f8/downloads/where_can_i_get_edo_state_of_origin_certificate_in_lagos.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467426/; classtype:trojan-activity;sid:84330526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467427)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sample_testimonials_for_employees.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467427/; classtype:trojan-activity;sid:84330527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467428)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bf8d6b31-0867-4cc2-b138-2d2dbb23ec3a/downloads/bawananulufobomoderawulen.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467428/; classtype:trojan-activity;sid:84330528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467429)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/90dc87b4-fd7e-4412-9a6a-76e20db16dbd/downloads/23425133870.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467429/; classtype:trojan-activity;sid:84330529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467422)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/86119351354.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467422/; classtype:trojan-activity;sid:84330522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467423)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kagoferoxotopelabalim.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467423/; classtype:trojan-activity;sid:84330523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467411)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/how_to_write_letter_against_show_cause_notice.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467411/; classtype:trojan-activity;sid:84330511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467412)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/bevakabopodo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467412/; classtype:trojan-activity;sid:84330512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467416)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/55669141050.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467416/; classtype:trojan-activity;sid:84330516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467417)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fb13673c-7b10-403f-be9e-1b04622101d6/downloads/61656569082.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467417/; classtype:trojan-activity;sid:84330517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467418)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/98264302577.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467418/; classtype:trojan-activity;sid:84330518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467408)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/grammar_plus_class_8.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467408/; classtype:trojan-activity;sid:84330508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467409)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/32575227287.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467409/; classtype:trojan-activity;sid:84330509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467410)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/xavibow.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467410/; classtype:trojan-activity;sid:84330510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467400)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b566d4a5-149a-4042-a2b5-fa837a998781/downloads/62246613540.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467400/; classtype:trojan-activity;sid:84330500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467401)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a5d43283-67be-4a3b-9041-1427b691166f/downloads/dotadaxokokimidupoz.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467401/; classtype:trojan-activity;sid:84330501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467403)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a19a3dcf-f832-45fe-91ff-ed566d492286/downloads/31803450103.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467403/; classtype:trojan-activity;sid:84330503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467404)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/26449761459.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467404/; classtype:trojan-activity;sid:84330504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467395)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/manual_de_uso_cummins_insite.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467395/; classtype:trojan-activity;sid:84330495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467397)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/83127272265.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467397/; classtype:trojan-activity;sid:84330497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467389)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/50013116393.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467389/; classtype:trojan-activity;sid:84330489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467391)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sowuluxoranevoxivobu.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467391/; classtype:trojan-activity;sid:84330491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467392)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jw_public_talk_outlines.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467392/; classtype:trojan-activity;sid:84330492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467386)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/muxem.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467386/; classtype:trojan-activity;sid:84330486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467381)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa930190-2e12-4ce7-8bd7-0454f2ef6721/downloads/remonstration_visum_ablehnung_muster.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467381/; classtype:trojan-activity;sid:84330481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467382)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1cd14ca4-3aaa-4349-a92b-5919cb2c71ee/downloads/37493963429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467382/; classtype:trojan-activity;sid:84330482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467383)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/26417869572.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467383/; classtype:trojan-activity;sid:84330483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467384)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zutufukatozoxogunubikok.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467384/; classtype:trojan-activity;sid:84330484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467385)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vawazu.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467385/; classtype:trojan-activity;sid:84330485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467370)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/libevisuxalozusofaze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467370/; classtype:trojan-activity;sid:84330470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467371)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/61695596025.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467371/; classtype:trojan-activity;sid:84330471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467372)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/remebemakuvomurixulat.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467372/; classtype:trojan-activity;sid:84330472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467377)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/35713869772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467377/; classtype:trojan-activity;sid:84330477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467363)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/popezefere.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467363/; classtype:trojan-activity;sid:84330463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467365)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/57373027197.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467365/; classtype:trojan-activity;sid:84330465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467367)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e00f0b9-c207-4cb1-9a9a-c11d057e31a3/downloads/request_letter_for_hold_amount_release.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467367/; classtype:trojan-activity;sid:84330467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467369)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/58650400832.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467369/; classtype:trojan-activity;sid:84330469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467358)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0684881f-11f6-455b-9188-fb070acdb368/downloads/you_too_can_be_prosperous.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467358/; classtype:trojan-activity;sid:84330458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467359)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/sizusobimemitu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467359/; classtype:trojan-activity;sid:84330459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467360)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/fosodevo.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467360/; classtype:trojan-activity;sid:84330460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467353)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467353/; classtype:trojan-activity;sid:84330453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467354)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/towedokunorazageleside.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467354/; classtype:trojan-activity;sid:84330454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467355)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/65604431763.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467355/; classtype:trojan-activity;sid:84330455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467357)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruwuxa.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467357/; classtype:trojan-activity;sid:84330457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467347)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/sulupob.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467347/; classtype:trojan-activity;sid:84330447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467348)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a2e88a7-385b-4aed-a81e-123c037cba5d/downloads/57067255053.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467348/; classtype:trojan-activity;sid:84330448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467350)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/2544897802.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467350/; classtype:trojan-activity;sid:84330450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467352)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/66812037618.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467352/; classtype:trojan-activity;sid:84330452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467344)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b4da0e1a-7caf-4ed8-aaa9-0949952990f3/downloads/49347806429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467344/; classtype:trojan-activity;sid:84330444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467339)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7399f648-106b-4174-b8c0-6d6694895ad3/downloads/vakoxumem.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467339/; classtype:trojan-activity;sid:84330439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467340)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gununemedusotojipime.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467340/; classtype:trojan-activity;sid:84330440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467334)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/92c7bb30-769c-4722-92cc-8b01b59910e0/downloads/36512394005.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467334/; classtype:trojan-activity;sid:84330434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467337)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7592d1e2-3dca-48f2-9f42-bb08c23dfb67/downloads/zutav.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467337/; classtype:trojan-activity;sid:84330437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467326)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8f97cb07-1cfa-4fca-b6d8-3f1bf47f56b3/downloads/dulerugufep.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467326/; classtype:trojan-activity;sid:84330426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467328)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nopurumonufulelu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467328/; classtype:trojan-activity;sid:84330428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467329)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b44aaa8-926a-4cbd-9774-e30385fa65ac/downloads/zexesotusipedelew.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467329/; classtype:trojan-activity;sid:84330429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467321)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/security_daily_activity_report_template.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467321/; classtype:trojan-activity;sid:84330421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467312)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a3d7189d-efc6-47e1-bbe5-dc5eeaf610a0/downloads/rtca_do-160g.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467312/; classtype:trojan-activity;sid:84330412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467313)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ac66f4da-754b-4df9-b080-4728fb201349/downloads/nimoma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467313/; classtype:trojan-activity;sid:84330413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467314)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c877865a-29ce-446f-b8f8-42c8a2318eff/downloads/personal_loan_closure_letter_format_in_word.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467314/; classtype:trojan-activity;sid:84330414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467317)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11677680583.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467317/; classtype:trojan-activity;sid:84330417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467318)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/elkonin_boxes_word_list.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467318/; classtype:trojan-activity;sid:84330418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467320)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/zudelejanegine.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467320/; classtype:trojan-activity;sid:84330420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467307)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c3d6560-d229-4015-8af2-a70ad89bde0a/downloads/80071621679.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467307/; classtype:trojan-activity;sid:84330407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467305)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lapeke.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467305/; classtype:trojan-activity;sid:84330405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467303)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/kapabemirowajuzaxadirokef.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467303/; classtype:trojan-activity;sid:84330403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467304)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/modexad.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467304/; classtype:trojan-activity;sid:84330404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467298)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0bdc9896-149c-4815-8e37-9e55432c4120/downloads/bofugesugipufibutunida.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467298/; classtype:trojan-activity;sid:84330398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467300)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/xuguxupevubitutuzoju.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467300/; classtype:trojan-activity;sid:84330400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467301)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rubejemi.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467301/; classtype:trojan-activity;sid:84330401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467286)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atividades_de_concordancia_verbal_5o_ano_com_gabarito.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467286/; classtype:trojan-activity;sid:84330386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467287)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/45524925955.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467287/; classtype:trojan-activity;sid:84330387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467292)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/cyberark_psmp_admin_guide.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467292/; classtype:trojan-activity;sid:84330392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467295)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/kitab_shams_al_maarif.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467295/; classtype:trojan-activity;sid:84330395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467283)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3298be68-ecf2-4e6e-8fa7-1bf1d7657489/downloads/xagoje.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467283/; classtype:trojan-activity;sid:84330383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467279)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/83df8ca9-16c2-4244-8f9e-8be918c4b8a3/downloads/86611585002.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467279/; classtype:trojan-activity;sid:84330379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467280)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/41138401642.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467280/; classtype:trojan-activity;sid:84330380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467281)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/hepatorenales_syndrom.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467281/; classtype:trojan-activity;sid:84330381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467271)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/53744052149.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467271/; classtype:trojan-activity;sid:84330371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467274)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/nijalox.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467274/; classtype:trojan-activity;sid:84330374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467275)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/how_to_change_font_size_in_xchange_editor.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467275/; classtype:trojan-activity;sid:84330375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467277)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/limitorque_mx_ordering_guide.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467277/; classtype:trojan-activity;sid:84330377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467266)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/timex_expedition_indiglo_wr50m_manual.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467266/; classtype:trojan-activity;sid:84330366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467269)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/hitachi_cd_sem_operation_manual.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467269/; classtype:trojan-activity;sid:84330369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467264)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/87483152555.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467264/; classtype:trojan-activity;sid:84330364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467259)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/36672004653.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467259/; classtype:trojan-activity;sid:84330359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467260)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9dc6fd8e-b629-406d-be34-231dfc94d5e9/downloads/catia_v5_simulation_tutorial.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467260/; classtype:trojan-activity;sid:84330360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467262)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/vuzabovamipavowaseke.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467262/; classtype:trojan-activity;sid:84330362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467254)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09077edc-9c07-4d95-9708-b2f62b12ca6a/downloads/jikiluwuruwewomurenix.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467254/; classtype:trojan-activity;sid:84330354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467258)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/weguma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467258/; classtype:trojan-activity;sid:84330358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467246)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/attributes_of_a_good_research_topic_ppt.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467246/; classtype:trojan-activity;sid:84330346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467249)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1663535d-289f-4a17-902d-0bb53881ce69/downloads/kurupojofuxerixutalo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467249/; classtype:trojan-activity;sid:84330349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467250)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/mizibatazikitawejubidodog.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467250/; classtype:trojan-activity;sid:84330350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467251)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/gibabasakofalulizuwa.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467251/; classtype:trojan-activity;sid:84330351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467240)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/meravinuvisudome.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467240/; classtype:trojan-activity;sid:84330340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467241)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/70815730326.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467241/; classtype:trojan-activity;sid:84330341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467235)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/86649529175.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467235/; classtype:trojan-activity;sid:84330335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467236)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nims_703_b_answers.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467236/; classtype:trojan-activity;sid:84330336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467237)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/tojanigawexulametuzuk.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467237/; classtype:trojan-activity;sid:84330337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467230)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bc2ad79b-5832-4a2d-a335-92537db54849/downloads/pinestars_choice.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467230/; classtype:trojan-activity;sid:84330330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467231)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/vupegazezo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467231/; classtype:trojan-activity;sid:84330331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467221)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/18985117210.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467221/; classtype:trojan-activity;sid:84330321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467223)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/03167ecf-a61c-49ea-b541-7a074a81e1da/downloads/6655537579.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467223/; classtype:trojan-activity;sid:84330323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467225)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/41957679215.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467225/; classtype:trojan-activity;sid:84330325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467226)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_livret_2_vae_rempli.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467226/; classtype:trojan-activity;sid:84330326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467228)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f569f34e-b7af-41eb-9a21-0f9939c54b3f/downloads/64195657437.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467228/; classtype:trojan-activity;sid:84330328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467220)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/aspen_pims_manual.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467220/; classtype:trojan-activity;sid:84330320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467219)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/fivojudu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467219/; classtype:trojan-activity;sid:84330319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467210)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/20019605198.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467210/; classtype:trojan-activity;sid:84330310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467212)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/45706940387.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467212/; classtype:trojan-activity;sid:84330312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467213)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xajuxe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467213/; classtype:trojan-activity;sid:84330313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467214)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/81f7a7ad-d4fe-4147-943f-584c2d1e9bf5/downloads/because_of_mr_terupt_online.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467214/; classtype:trojan-activity;sid:84330314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467215)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/fajupip.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467215/; classtype:trojan-activity;sid:84330315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467205)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/minetest_wiki_commands.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467205/; classtype:trojan-activity;sid:84330305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467206)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/ohanian_physics_volume_1.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467206/; classtype:trojan-activity;sid:84330306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467207)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1c97d706-1093-417b-afec-0c60fc1d8547/downloads/74906999263.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467207/; classtype:trojan-activity;sid:84330307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467208)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/900d123a-2557-4fa9-92f6-1446b602b979/downloads/deporiramuga.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467208/; classtype:trojan-activity;sid:84330308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467209)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/traffic_light_risk_assessment_template_mental_health.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467209/; classtype:trojan-activity;sid:84330309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467202)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/suritotowid.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467202/; classtype:trojan-activity;sid:84330302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467196)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/41821413009.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467196/; classtype:trojan-activity;sid:84330296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467200)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/14312384720.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467200/; classtype:trojan-activity;sid:84330300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467187)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/37654458598.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467187/; classtype:trojan-activity;sid:84330287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467188)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/23776368177.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467188/; classtype:trojan-activity;sid:84330288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467190)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/eb8ff9f7-37bb-4420-bfa0-f018b38dcfa6/downloads/17065535031.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467190/; classtype:trojan-activity;sid:84330290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467191)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/41591669011.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467191/; classtype:trojan-activity;sid:84330291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467193)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/2634956565.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467193/; classtype:trojan-activity;sid:84330293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467177)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/437a989b-0a84-4105-b8c7-1870eb56af29/downloads/sbi_disbursement_request_form.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467177/; classtype:trojan-activity;sid:84330277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467180)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/27f26436-44ad-4647-8929-a76a4ea0ea67/downloads/sample_query_letter_for_negligence_of_duty.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467180/; classtype:trojan-activity;sid:84330280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467181)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/sapebufuj.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467181/; classtype:trojan-activity;sid:84330281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467184)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4365da4a-8d29-4708-8e67-b3b566794d83/downloads/fovizijazobupukototofosop.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467184/; classtype:trojan-activity;sid:84330284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467186)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/93759555539.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467186/; classtype:trojan-activity;sid:84330286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467175)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ligitove.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467175/; classtype:trojan-activity;sid:84330275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467176)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/62404701972.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467176/; classtype:trojan-activity;sid:84330276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467171)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/069f5eef-b21d-41b6-aaa6-569b53af1c5a/downloads/rawidesukusutalunug.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467171/; classtype:trojan-activity;sid:84330271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467172)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d102a54e-7197-4308-a937-d70c58240642/downloads/26442784020.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467172/; classtype:trojan-activity;sid:84330272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467167)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/83882971503.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467167/; classtype:trojan-activity;sid:84330267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467168)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/modelo_carta_entrega_de_inmueble_word.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467168/; classtype:trojan-activity;sid:84330268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467163)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/61905f2a-55dd-4144-8c7c-fce5e91063a8/downloads/british_army_all_arms_tactical_aide_memoire.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467163/; classtype:trojan-activity;sid:84330263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467166)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rakotojifodonosanilorefa.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467166/; classtype:trojan-activity;sid:84330266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467157)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ec2f808-78a9-4c99-aa80-be96e23bf450/downloads/gewikunobapizati.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467157/; classtype:trojan-activity;sid:84330257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467158)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7dda8154-e680-4c60-8651-19cf13768d49/downloads/jadol.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467158/; classtype:trojan-activity;sid:84330258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467154)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nojivurajojirezizi.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467154/; classtype:trojan-activity;sid:84330254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467156)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98571e96-4bd9-4ee2-bb76-481ac550907e/downloads/genebugutisevijuk.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467156/; classtype:trojan-activity;sid:84330256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467148)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/jiwekonuwokesarejibezan.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467148/; classtype:trojan-activity;sid:84330248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467149)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/159e5f7b-5078-45c9-9b36-63f21684101f/downloads/94962104148.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467149/; classtype:trojan-activity;sid:84330249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467150)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9483bc30-bb1c-4c04-9cf3-38d205924dab/downloads/jugilususosu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467150/; classtype:trojan-activity;sid:84330250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467151)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/virapajoridubibakoxofa.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467151/; classtype:trojan-activity;sid:84330251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467152)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/319984769.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467152/; classtype:trojan-activity;sid:84330252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467142)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/makusikarubikowaxosop.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467142/; classtype:trojan-activity;sid:84330242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467143)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/gikuxuze.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467143/; classtype:trojan-activity;sid:84330243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467146)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/voxuba.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467146/; classtype:trojan-activity;sid:84330246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467147)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/wokaselu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467147/; classtype:trojan-activity;sid:84330247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467135)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/velafeke.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467135/; classtype:trojan-activity;sid:84330235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467137)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/97fcff61-ad1b-4591-bfda-ed7d6d6690f0/downloads/49593663309.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467137/; classtype:trojan-activity;sid:84330237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467138)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/49103789197.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467138/; classtype:trojan-activity;sid:84330238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467132)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zafekupegagasaza.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467132/; classtype:trojan-activity;sid:84330232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467133)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/55585429936.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467133/; classtype:trojan-activity;sid:84330233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467125)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/siwevewedelo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467125/; classtype:trojan-activity;sid:84330225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467126)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fedex_air_waybill_form.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467126/; classtype:trojan-activity;sid:84330226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467127)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d567d1b9-5a9f-4b97-a387-65a7c02f8ff4/downloads/barapinawowaja.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467127/; classtype:trojan-activity;sid:84330227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467114)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/44443741873.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467114/; classtype:trojan-activity;sid:84330214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467115)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/ravibopegaxipodek.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467115/; classtype:trojan-activity;sid:84330215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467116)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/haojue_chopper_road_150_manual.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467116/; classtype:trojan-activity;sid:84330216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467117)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/23c146af-6c5b-426f-944d-9bf55106e4d8/downloads/de_quien_es_hija_elisa_salinas.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467117/; classtype:trojan-activity;sid:84330217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467118)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rewekawejujawidubekafebur.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467118/; classtype:trojan-activity;sid:84330218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467121)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3425f1f9-2741-4cdd-9a85-f51cd8a77838/downloads/pyidaungsu_font_keyboard_layout.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467121/; classtype:trojan-activity;sid:84330221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467123)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/carte_du_voyage_d_ulysse.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467123/; classtype:trojan-activity;sid:84330223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467109)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/livro_domain_driven_design_portugues.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467109/; classtype:trojan-activity;sid:84330209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467110)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kulefenev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467110/; classtype:trojan-activity;sid:84330210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467111)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/lobola_letter_example.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467111/; classtype:trojan-activity;sid:84330211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467108)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/acquisition_value_negative_in_area_01_aa617.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467108/; classtype:trojan-activity;sid:84330208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467101)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/widavizuxorig.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467101/; classtype:trojan-activity;sid:84330201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467102)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/chris_mccandless_travel_route.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467102/; classtype:trojan-activity;sid:84330202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467103)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/17ef1a7d-be6f-43bc-ac3a-a9c4fb65005e/downloads/powejavatunepoxaj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467103/; classtype:trojan-activity;sid:84330203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467106)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/937a3a5d-28a9-4a6d-983b-63f9d4fe1460/downloads/90328489234.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467106/; classtype:trojan-activity;sid:84330206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467098)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/wurowujezodabod.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467098/; classtype:trojan-activity;sid:84330198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467099)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pubobagawu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467099/; classtype:trojan-activity;sid:84330199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467100)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/forest_fire_causes_and_effects.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467100/; classtype:trojan-activity;sid:84330200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467086)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6b07c7a9-24ea-41b4-835a-7daa4871c250/downloads/16_personality_factors_by_cattell.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467086/; classtype:trojan-activity;sid:84330186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467087)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/725aea16-586d-4b26-8216-cd50b4981a76/downloads/wiley_organic_chemistry_solutions_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467087/; classtype:trojan-activity;sid:84330187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467088)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/psicoweb_respuestas_2019.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467088/; classtype:trojan-activity;sid:84330188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467091)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8e32f5a5-6a1a-4ade-b57e-fa54871724ef/downloads/2040244551.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467091/; classtype:trojan-activity;sid:84330191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467092)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/koxisiranarigavod.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467092/; classtype:trojan-activity;sid:84330192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467093)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59d4bc6c-1e33-45d9-a430-f89e52f3f795/downloads/subazituwa.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467093/; classtype:trojan-activity;sid:84330193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467094)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/lettre_promesse_dembauche.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467094/; classtype:trojan-activity;sid:84330194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467080)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/971e893d-d96e-4c35-b8d0-897850ea3ce6/downloads/ice_quarterly_development_report_example.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467080/; classtype:trojan-activity;sid:84330180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467081)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/testigos_tablero_foton.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467081/; classtype:trojan-activity;sid:84330181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467082)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/how_to_get_gst_invoice_for_amazon_purchase.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467082/; classtype:trojan-activity;sid:84330182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467083)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/24365322622.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467083/; classtype:trojan-activity;sid:84330183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467085)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/91284214985.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467085/; classtype:trojan-activity;sid:84330185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467078)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c5dd25fc-7740-402b-aa70-862b15f3342c/downloads/8958005659.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467078/; classtype:trojan-activity;sid:84330178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467079)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wewofolivofometu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467079/; classtype:trojan-activity;sid:84330179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467072)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/9665669589.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467072/; classtype:trojan-activity;sid:84330172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467073)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/konibaxixim.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467073/; classtype:trojan-activity;sid:84330173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467074)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/self_introduction_during_interview_example.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467074/; classtype:trojan-activity;sid:84330174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467075)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ff494cbe-9d2a-4ae4-802e-f50cfad48f0a/downloads/74334894285.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467075/; classtype:trojan-activity;sid:84330175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467077)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/55534301355.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467077/; classtype:trojan-activity;sid:84330177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467065)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/tevolutirasuvujivol.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467065/; classtype:trojan-activity;sid:84330165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467066)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/73100246338.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467066/; classtype:trojan-activity;sid:84330166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467067)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/earth_making_of_a_planet_national_geographic_worksheet.pdf"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467067/; classtype:trojan-activity;sid:84330167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467068)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exercice_vitesse_6eme_physique.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467068/; classtype:trojan-activity;sid:84330168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467069)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rapport_de_stage_3eme_agence_immobiliere.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467069/; classtype:trojan-activity;sid:84330169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467070)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/bisebinalujivefiwugagabu.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467070/; classtype:trojan-activity;sid:84330170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467064)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/miludafat.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467064/; classtype:trojan-activity;sid:84330164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467061)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ea6e6a77-ad86-47ad-bec1-a500695628d4/downloads/66906319004.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467061/; classtype:trojan-activity;sid:84330161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467062)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b77102f9-1066-4a92-8a14-af011902d081/downloads/75162502331.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467062/; classtype:trojan-activity;sid:84330162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467063)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mapisirukuw.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467063/; classtype:trojan-activity;sid:84330163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467058)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/guzupuzuradadutov.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467058/; classtype:trojan-activity;sid:84330158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467059)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/teks_ratib_al_attas.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467059/; classtype:trojan-activity;sid:84330159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467060)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/49693757117.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467060/; classtype:trojan-activity;sid:84330160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467050)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/sabre_red_workspace_commands.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467050/; classtype:trojan-activity;sid:84330150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467051)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6702c9de-d943-4d22-b78e-7985c91f7713/downloads/84525111813.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467051/; classtype:trojan-activity;sid:84330151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467052)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/26bbb7e6-2f83-462e-b1a0-c9b7b5a50d38/downloads/training_needs_assessment_questionnaire_for_sales.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467052/; classtype:trojan-activity;sid:84330152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467053)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/najovozulubameto.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467053/; classtype:trojan-activity;sid:84330153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467054)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/225bb15f-2915-4639-a3a1-bcedb142b1ef/downloads/letter_format_for_reply_to_show_cause_notice.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467054/; classtype:trojan-activity;sid:84330154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467055)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c718f9e1-28ba-4c02-b434-4456f7af09a8/downloads/masizaz.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467055/; classtype:trojan-activity;sid:84330155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467049)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/51274200809.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467049/; classtype:trojan-activity;sid:84330149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467044)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/rolinejagogid.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467044/; classtype:trojan-activity;sid:84330144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467042)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/buxam.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467042/; classtype:trojan-activity;sid:84330142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467032)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/nokura.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467032/; classtype:trojan-activity;sid:84330132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467033)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/69da2f53-c229-4dc7-a889-7b67b52b1a78/downloads/nokejafowikazuvojoj.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467033/; classtype:trojan-activity;sid:84330133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467035)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e43067a0-6374-4a70-a00d-00ee3b01ce8d/downloads/93917384180.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467035/; classtype:trojan-activity;sid:84330135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467037)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0336533-680f-4ead-a55e-7e292796b70a/downloads/veteluruxoge.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467037/; classtype:trojan-activity;sid:84330137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467024)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sirijega.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467024/; classtype:trojan-activity;sid:84330124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467025)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5c2804a6-aa9c-48a0-92fa-b4e2830d3e94/downloads/ladakh_tourist_map.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467025/; classtype:trojan-activity;sid:84330125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467027)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cc5e3c0a-70ce-48cf-a48d-87f83c6b3256/downloads/major_problems_in_african_american_history.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467027/; classtype:trojan-activity;sid:84330127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467029)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d38d43db-37ad-45ec-b237-63ac8c84a196/downloads/latovin.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467029/; classtype:trojan-activity;sid:84330129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467018)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c10f3982-2d8c-41ef-9c88-95b9c7e0984b/downloads/exagrid_admin_guide.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467018/; classtype:trojan-activity;sid:84330118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467019)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/2880955338.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467019/; classtype:trojan-activity;sid:84330119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467020)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f4350e3-635b-45ba-b69f-b1a7e95f309e/downloads/24638138520.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467020/; classtype:trojan-activity;sid:84330120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467022)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/54349718441.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467022/; classtype:trojan-activity;sid:84330122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467023)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/satyanarayan_puja_vidhi_in_sanskrit.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467023/; classtype:trojan-activity;sid:84330123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467016)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/sample_letter_to_be_excused_from_jury_service.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467016/; classtype:trojan-activity;sid:84330116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467011)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/vumemaxexepemetesa.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467011/; classtype:trojan-activity;sid:84330111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467012)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/95493308607.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467012/; classtype:trojan-activity;sid:84330112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467013)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/91589198920.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467013/; classtype:trojan-activity;sid:84330113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467014)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/learn_korean_language_in_30_days.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467014/; classtype:trojan-activity;sid:84330114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467015)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/right_to_information_act_application_form_malayalam.pdf"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467015/; classtype:trojan-activity;sid:84330115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467006)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zesowafasunufezef.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467006/; classtype:trojan-activity;sid:84330106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467008)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8e46fb0c-8d21-4b8c-82fc-88315c96ddde/downloads/bevurusip.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467008/; classtype:trojan-activity;sid:84330108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467002)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/zanozibiwakixubunifelok.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467002/; classtype:trojan-activity;sid:84330102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467003)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/hbc_radiomatic_fse_727_manual.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467003/; classtype:trojan-activity;sid:84330103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466999)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e4335d81-d2e5-4638-9638-30640b1be91f/downloads/sofipidegib.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466999/; classtype:trojan-activity;sid:84330099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467000)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/54040f30-acd4-4a4c-a314-5c4c261b537d/downloads/printable_foods_high_in_uric_acid_chart.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467000/; classtype:trojan-activity;sid:84330100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466992)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/15318963311.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466992/; classtype:trojan-activity;sid:84330092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466993)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0f7f4ed-2d7c-4134-aa94-503b1eb6600b/downloads/pagulabomezex.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466993/; classtype:trojan-activity;sid:84330093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466996)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/katisugenifikipevas.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466996/; classtype:trojan-activity;sid:84330096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466997)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/xowawetavudazinomo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466997/; classtype:trojan-activity;sid:84330097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466985)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7662afb9-5d02-4eb9-bd3b-6426a66215ee/downloads/2312138967.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466985/; classtype:trojan-activity;sid:84330085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466986)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/evaluation_geographie_6eme_habiter_une_metropole.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466986/; classtype:trojan-activity;sid:84330086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466987)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/kobumedigudopixemevuwef.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466987/; classtype:trojan-activity;sid:84330087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466989)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/vadigoxevujo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466989/; classtype:trojan-activity;sid:84330089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466991)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/64414313920.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466991/; classtype:trojan-activity;sid:84330091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466979)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/mizoxuloniwi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466979/; classtype:trojan-activity;sid:84330079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466984)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/66244318284.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466984/; classtype:trojan-activity;sid:84330084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466971)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/15247939327.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466971/; classtype:trojan-activity;sid:84330071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466972)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/example_of_a_lobola_letter_in_zulu.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466972/; classtype:trojan-activity;sid:84330072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466973)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ea25ddad-ebb0-4880-b714-a3f2cdadcbd9/downloads/notas_de_dinheiro_para_imprimir.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466973/; classtype:trojan-activity;sid:84330073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466975)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/606585da-2917-4da6-a9df-810ae6e7fbc1/downloads/asme_sec_8_div_1_appendix_8.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466975/; classtype:trojan-activity;sid:84330075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466976)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/segaxifalawanevake.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466976/; classtype:trojan-activity;sid:84330076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466968)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/3d_converter_for_autodesk_navisworks.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466968/; classtype:trojan-activity;sid:84330068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466969)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2c827e54-9a2c-449a-9d97-e20f9555c87a/downloads/pearson_iit_foundation_class_9_maths.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466969/; classtype:trojan-activity;sid:84330069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466970)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d2c6212-591e-450b-b673-947709e569a9/downloads/jidikegegudafipi.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466970/; classtype:trojan-activity;sid:84330070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466966)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/gupira.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466966/; classtype:trojan-activity;sid:84330066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466958)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/79599984772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466958/; classtype:trojan-activity;sid:84330058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466957)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/actaris_meter_manual.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466957/; classtype:trojan-activity;sid:84330057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466946)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/passaic_county_technical_institute_salary_guide.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466946/; classtype:trojan-activity;sid:84330046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466950)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0c2227e9-a807-4022-9307-9c68c8629142/downloads/59021495355.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466950/; classtype:trojan-activity;sid:84330050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466951)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3abea8f6-1776-4586-b4e6-47b414d29e30/downloads/mozosadoboligemuwisuwet.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466951/; classtype:trojan-activity;sid:84330051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466952)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/malaysia_company_employee_handbook.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466952/; classtype:trojan-activity;sid:84330052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466937)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/988c0021-e131-496b-8725-ae310052894b/downloads/berakigevep.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466937/; classtype:trojan-activity;sid:84330037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466938)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/87631223928.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466938/; classtype:trojan-activity;sid:84330038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466941)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/majisumilorenanevivo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466941/; classtype:trojan-activity;sid:84330041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466944)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/risukepidupapa.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466944/; classtype:trojan-activity;sid:84330044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466933)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c272bee0-a4e4-45f4-a8ce-0b066973e0cb/downloads/gateman_wk_20_english_manual.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466933/; classtype:trojan-activity;sid:84330033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466934)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/koxid.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466934/; classtype:trojan-activity;sid:84330034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466935)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/sasufazovosonufowam.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466935/; classtype:trojan-activity;sid:84330035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466929)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6554737977.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466929/; classtype:trojan-activity;sid:84330029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466931)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/42942412664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466931/; classtype:trojan-activity;sid:84330031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466928)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/43589756342.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466928/; classtype:trojan-activity;sid:84330028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466923)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/juporuko.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466923/; classtype:trojan-activity;sid:84330023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466924)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1d231bc1-15b8-4d3d-b451-c05909392126/downloads/71014366481.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466924/; classtype:trojan-activity;sid:84330024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466920)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/29389545569.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466920/; classtype:trojan-activity;sid:84330020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466915)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/jebagokapinezax.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466915/; classtype:trojan-activity;sid:84330015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466916)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/85747587751.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466916/; classtype:trojan-activity;sid:84330016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466919)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/ending_a_lease_letter_to_landlord.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466919/; classtype:trojan-activity;sid:84330019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466909)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/possession_letter_format_from_builder.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466909/; classtype:trojan-activity;sid:84330009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466910)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/mopuma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466910/; classtype:trojan-activity;sid:84330010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466911)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a618ca0f-2608-47c2-ab22-bbc2ca127bb7/downloads/saziva.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466911/; classtype:trojan-activity;sid:84330011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466912)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/229e00b6-6232-4273-bd27-55f919ca28b8/downloads/financas_corporativas_teoria_e_pratica.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466912/; classtype:trojan-activity;sid:84330012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466913)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/76c40511-888a-4b14-bb65-87429974a9ff/downloads/gemotukuwitawusagulobez.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466913/; classtype:trojan-activity;sid:84330013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466903)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vupenamubow.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466903/; classtype:trojan-activity;sid:84330003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466904)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/10269055308.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466904/; classtype:trojan-activity;sid:84330004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466905)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/21711123451.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466905/; classtype:trojan-activity;sid:84330005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466900)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/14203617612.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466900/; classtype:trojan-activity;sid:84330000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466902)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e4ad6e04-69d1-4aa9-ba9f-c194e0ac5eef/downloads/lotavawofasopupe.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466902/; classtype:trojan-activity;sid:84330002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466898)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/mental_state_examination_checklist.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466898/; classtype:trojan-activity;sid:84329998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466893)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e5728c18-e5b3-4c69-bf59-a4be42aea8ac/downloads/22515332125.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466893/; classtype:trojan-activity;sid:84329993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466894)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/metso_neles_positioner_manual.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466894/; classtype:trojan-activity;sid:84329994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466895)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/9840498620.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466895/; classtype:trojan-activity;sid:84329995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466897)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3fffd8a4-4d1d-42f8-a3e8-f124f6724c06/downloads/kejawisenukasi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466897/; classtype:trojan-activity;sid:84329997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466885)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72065953692.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466885/; classtype:trojan-activity;sid:84329985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466890)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ecb10a4-49e9-4fe5-a6bc-f0f227949dd2/downloads/60627448414.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466890/; classtype:trojan-activity;sid:84329990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466881)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/ramevedasap.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466881/; classtype:trojan-activity;sid:84329981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466882)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/67882203250.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466882/; classtype:trojan-activity;sid:84329982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466877)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/df312c7d-f650-4c0e-a98f-02aee1a43694/downloads/77125885812.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466877/; classtype:trojan-activity;sid:84329977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466864)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/27721436213.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466864/; classtype:trojan-activity;sid:84329964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466866)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6abf7f7e-d12c-48f3-aa9a-703f4ccff8d7/downloads/81403469667.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466866/; classtype:trojan-activity;sid:84329966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466869)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zikirifusotuxusomel.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466869/; classtype:trojan-activity;sid:84329969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466870)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/antibiotic_sensitivity_chart_sanford_guide.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466870/; classtype:trojan-activity;sid:84329970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466872)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c8a6489-894f-4446-8722-19ef31b6a173/downloads/26803015720.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466872/; classtype:trojan-activity;sid:84329972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466873)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4d2b55bf-cda3-4071-bf2e-8c27282b789f/downloads/chambre_de_tirage_telecom.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466873/; classtype:trojan-activity;sid:84329973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466875)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/10387443769.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466875/; classtype:trojan-activity;sid:84329975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466876)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zasuporuxumuza.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466876/; classtype:trojan-activity;sid:84329976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466861)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/77235011630.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466861/; classtype:trojan-activity;sid:84329961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466863)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/luvuges.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466863/; classtype:trojan-activity;sid:84329963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466858)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tovidesukowoxam.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466858/; classtype:trojan-activity;sid:84329958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466859)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a5a93100-d349-4291-8bce-18547efeb268/downloads/14773335318.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466859/; classtype:trojan-activity;sid:84329959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466845)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/xijawef.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466845/; classtype:trojan-activity;sid:84329945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466846)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a6301bc9-fbf1-4861-936b-8ce401d46d09/downloads/non_renewal_of_contract_letter_sample.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466846/; classtype:trojan-activity;sid:84329946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466847)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/75925905792.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466847/; classtype:trojan-activity;sid:84329947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466848)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/561eb1da-cbac-4811-84b8-e841d63e56cb/downloads/fomogivazugararux.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466848/; classtype:trojan-activity;sid:84329948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466849)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3ccd9234-721c-480b-91a1-84bae34c2069/downloads/votudomafuze.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466849/; classtype:trojan-activity;sid:84329949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466851)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ed3e7e73-6deb-4ec1-95e4-868a6659fe93/downloads/manning_guide_hotel_sample.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466851/; classtype:trojan-activity;sid:84329951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466852)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/45596981954.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466852/; classtype:trojan-activity;sid:84329952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466853)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tilovapexof.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466853/; classtype:trojan-activity;sid:84329953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466838)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/najufijirubedejalu.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466838/; classtype:trojan-activity;sid:84329938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466839)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/ludejawirusoxodofe.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466839/; classtype:trojan-activity;sid:84329939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466843)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/4959938645.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466843/; classtype:trojan-activity;sid:84329943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466832)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/98085965001.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466832/; classtype:trojan-activity;sid:84329932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466833)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dasuxugolod.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466833/; classtype:trojan-activity;sid:84329933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466827)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/attestation_de_non_affiliation_cnas_algerie.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466827/; classtype:trojan-activity;sid:84329927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466828)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/vw_gehaltstabelle_2022.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466828/; classtype:trojan-activity;sid:84329928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466830)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nidugapageru.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466830/; classtype:trojan-activity;sid:84329930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466831)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6f33080-7dde-4e51-88ef-59c9fd931fca/downloads/latoletevuwogerovug.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466831/; classtype:trojan-activity;sid:84329931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466818)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/40119004199.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466818/; classtype:trojan-activity;sid:84329918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466822)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/talivejo.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466822/; classtype:trojan-activity;sid:84329922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466824)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/ansul_piranha_system_installation_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466824/; classtype:trojan-activity;sid:84329924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466813)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/scada_system_architecture.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466813/; classtype:trojan-activity;sid:84329913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466814)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/63541235931.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466814/; classtype:trojan-activity;sid:84329914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466802)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/gaylord_texan_hotel_map.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466802/; classtype:trojan-activity;sid:84329902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466803)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/laxokuzigurebudisinatonu.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466803/; classtype:trojan-activity;sid:84329903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466805)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/kojutaz.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466805/; classtype:trojan-activity;sid:84329905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466808)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/civil_engineer_experience_certificate_word_format.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466808/; classtype:trojan-activity;sid:84329908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466799)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/55d28ff0-9d0b-42b4-8190-887f90038148/downloads/gimisomogaro.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466799/; classtype:trojan-activity;sid:84329899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466800)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/how_to_write_a_letter_to_society_for_car_parking.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466800/; classtype:trojan-activity;sid:84329900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466801)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78dac1c1-e6f9-4066-ad39-7cbcdc39e651/downloads/93448099882.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466801/; classtype:trojan-activity;sid:84329901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466794)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/payment_under_protest_letter_sample.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466794/; classtype:trojan-activity;sid:84329894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466797)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/43447829480.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466797/; classtype:trojan-activity;sid:84329897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466798)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/97374790135.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466798/; classtype:trojan-activity;sid:84329898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466788)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/71423402684.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466788/; classtype:trojan-activity;sid:84329888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466790)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5c9ed0ab-abf7-4895-9a79-d81e87aed60a/downloads/nezumizegorazulamalit.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466790/; classtype:trojan-activity;sid:84329890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466791)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a4c519f1-5301-485e-9e9c-56d1397df289/downloads/79371210580.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466791/; classtype:trojan-activity;sid:84329891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466792)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kekososiwixokaz.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466792/; classtype:trojan-activity;sid:84329892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466778)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/14889765830.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466778/; classtype:trojan-activity;sid:84329878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466779)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rikisiwudepelapopazi.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466779/; classtype:trojan-activity;sid:84329879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466781)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/boriwivamafegujiser.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466781/; classtype:trojan-activity;sid:84329881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466782)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/seaworld_donation_request_orlando.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466782/; classtype:trojan-activity;sid:84329882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466786)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/schumacher_battery_charger_parts_se-4022.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466786/; classtype:trojan-activity;sid:84329886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466787)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d83328cf-50de-409a-9bf6-de7a48f66ed6/downloads/40650293844.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466787/; classtype:trojan-activity;sid:84329887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466777)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/ap_cm_relief_fund_application_process.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466777/; classtype:trojan-activity;sid:84329877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466768)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/narigokukeminozitema.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466768/; classtype:trojan-activity;sid:84329868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466770)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/32231114245.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466770/; classtype:trojan-activity;sid:84329870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466771)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa0b65d5-8cfc-4875-922a-b490488b42be/downloads/schmersal_de-_42279_datasheet.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466771/; classtype:trojan-activity;sid:84329871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466772)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/checklist_format_for_housekeeping_in_hospital.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466772/; classtype:trojan-activity;sid:84329872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466773)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/91812224211.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466773/; classtype:trojan-activity;sid:84329873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466774)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/rizepigarebovubugebo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466774/; classtype:trojan-activity;sid:84329874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466775)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/kawopixar.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466775/; classtype:trojan-activity;sid:84329875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466767)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/58311665155.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466767/; classtype:trojan-activity;sid:84329867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466763)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/93503353547.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466763/; classtype:trojan-activity;sid:84329863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466764)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6974f1eb-71bf-4f90-8572-d8ac4e4f765d/downloads/wazakovefonetak.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466764/; classtype:trojan-activity;sid:84329864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466758)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9978fe41-dbcb-4b88-8a80-a839de3f86b5/downloads/42576721881.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466758/; classtype:trojan-activity;sid:84329858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466759)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/73769466656.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466759/; classtype:trojan-activity;sid:84329859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466761)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/suvuraxelikubok.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466761/; classtype:trojan-activity;sid:84329861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466762)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e09336e-0817-489c-96db-d43d5fd51fc4/downloads/i9_birth_certificate_example.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466762/; classtype:trojan-activity;sid:84329862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466750)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/stromer_st1_owners_manual.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466750/; classtype:trojan-activity;sid:84329850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466753)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/7215421885.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466753/; classtype:trojan-activity;sid:84329853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466754)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/37979647215.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466754/; classtype:trojan-activity;sid:84329854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466755)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/tejovejujepotobafoba.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466755/; classtype:trojan-activity;sid:84329855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466756)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/43947647531.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466756/; classtype:trojan-activity;sid:84329856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466747)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/97640682614.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466747/; classtype:trojan-activity;sid:84329847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466748)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ec5b631-127b-4a5e-84ff-7de19674a208/downloads/daxukipavibipukoj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466748/; classtype:trojan-activity;sid:84329848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466740)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/66a9f463-0ae0-4403-bef2-3061bb9e36ef/downloads/rate_list_of_test_in_dr.lal_pathlabs.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466740/; classtype:trojan-activity;sid:84329840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466742)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c8939508-8a93-4f90-8b11-ddca3342e83a/downloads/4803379677.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466742/; classtype:trojan-activity;sid:84329842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466745)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/taski_procarpet_45_manual.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466745/; classtype:trojan-activity;sid:84329845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466738)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gomik.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466738/; classtype:trojan-activity;sid:84329838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466736)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ef27ce0e-c911-4d37-baad-bea065e796b8/downloads/kirekafusofo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466736/; classtype:trojan-activity;sid:84329836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466732)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wiremabodopigotaf.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466732/; classtype:trojan-activity;sid:84329832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466733)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/67856105857.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466733/; classtype:trojan-activity;sid:84329833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466734)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/rubetugetafapojopodibom.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466734/; classtype:trojan-activity;sid:84329834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466724)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/3048437595.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466724/; classtype:trojan-activity;sid:84329824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466726)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cc370600-8080-4216-8e6c-52a7f34eeccf/downloads/iso_weld_symbols_chart.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466726/; classtype:trojan-activity;sid:84329826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466728)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/47b969d8-0664-43a5-a1cb-4ec8411e9eef/downloads/powerflex_755_user_manual_espanol.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466728/; classtype:trojan-activity;sid:84329828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466729)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7539d3e4-198a-4c91-addc-38e6066bfe55/downloads/2305786492.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466729/; classtype:trojan-activity;sid:84329829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466730)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/kangwon_land_inc_annual_report.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466730/; classtype:trojan-activity;sid:84329830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466731)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/wanigukanewalew.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466731/; classtype:trojan-activity;sid:84329831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466715)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/watiwime.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466715/; classtype:trojan-activity;sid:84329815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466716)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/638993752.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466716/; classtype:trojan-activity;sid:84329816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466717)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/milagetuxinofu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466717/; classtype:trojan-activity;sid:84329817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466719)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/51295545026.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466719/; classtype:trojan-activity;sid:84329819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466720)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xezumiriruko.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466720/; classtype:trojan-activity;sid:84329820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466721)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/cleavage_front_row_amy_measurements.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466721/; classtype:trojan-activity;sid:84329821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466708)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/diamond_sieve_chart.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466708/; classtype:trojan-activity;sid:84329808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466710)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09b152c4-bf66-44a7-8224-2992cea3ed0a/downloads/sample_indian_renunciation_form.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466710/; classtype:trojan-activity;sid:84329810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466711)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/pelebesepasirokirefukew.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466711/; classtype:trojan-activity;sid:84329811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466712)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/455fd801-8453-4cfe-b6ee-1af9e2a627f6/downloads/7558215776.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466712/; classtype:trojan-activity;sid:84329812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466713)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/50787175728.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466713/; classtype:trojan-activity;sid:84329813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466706)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/rotem_sigma_user_manual.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466706/; classtype:trojan-activity;sid:84329806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466705)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/lista_de_verbos_em_italiano.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466705/; classtype:trojan-activity;sid:84329805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466702)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a580c741-29a0-435a-a011-6aa538a5edae/downloads/25870917787.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466702/; classtype:trojan-activity;sid:84329802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466694)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/siwetofulugo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466694/; classtype:trojan-activity;sid:84329794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466695)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0739216d-b619-42bb-83b4-7432b4331862/downloads/26798739628.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466695/; classtype:trojan-activity;sid:84329795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466696)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/23513409250.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466696/; classtype:trojan-activity;sid:84329796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466697)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/the_long_dark_crumbling_highway_map.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466697/; classtype:trojan-activity;sid:84329797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466698)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/92332863676.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466698/; classtype:trojan-activity;sid:84329798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466682)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c633c3b-7c73-43a9-a161-0e7459f617b4/downloads/popajuzokovuluboz.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466682/; classtype:trojan-activity;sid:84329782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466684)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/6759358871.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466684/; classtype:trojan-activity;sid:84329784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466686)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/gelumoxosudasikaxo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466686/; classtype:trojan-activity;sid:84329786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466687)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/47722224691.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466687/; classtype:trojan-activity;sid:84329787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466689)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/57326063662.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466689/; classtype:trojan-activity;sid:84329789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466690)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8aa13dbf-c0c5-4fe7-ae15-62e5c33a20e4/downloads/hewlett-packard_18e7_motherboard_specs.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466690/; classtype:trojan-activity;sid:84329790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466691)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/porebejotenojudud.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466691/; classtype:trojan-activity;sid:84329791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466681)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/duff_and_phelps_size_premium_2022.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466681/; classtype:trojan-activity;sid:84329781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466674)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pass_the_pigs_scoring_sheet.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466674/; classtype:trojan-activity;sid:84329774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466679)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ae40ccb-f0fa-4b6b-bfcc-06032a30498c/downloads/logical_thinking_worksheets_for_kindergarten.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466679/; classtype:trojan-activity;sid:84329779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466670)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/151743582.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466670/; classtype:trojan-activity;sid:84329770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466671)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/13792310994.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466671/; classtype:trojan-activity;sid:84329771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466666)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/cessna_172_instrument_panel_layout.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466666/; classtype:trojan-activity;sid:84329766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466667)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/24459864622.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466667/; classtype:trojan-activity;sid:84329767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466658)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/10451479360.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466658/; classtype:trojan-activity;sid:84329758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466659)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/sap_fico_cutover_activities.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466659/; classtype:trojan-activity;sid:84329759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466662)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/98444125074.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466662/; classtype:trojan-activity;sid:84329762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466663)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/686c0a2e-9a90-4936-9f96-7d72f3c65f03/downloads/54960661120.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466663/; classtype:trojan-activity;sid:84329763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466664)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/3262231356.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466664/; classtype:trojan-activity;sid:84329764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466648)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/livro_pesquisa_bibliografica.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466648/; classtype:trojan-activity;sid:84329748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466650)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/37ff6e83-e399-4f09-b7f3-13b9438039c2/downloads/54456550535.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466650/; classtype:trojan-activity;sid:84329750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466652)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/request_letter_format_in_marathi_language.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466652/; classtype:trojan-activity;sid:84329752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466645)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5809a244-7d90-46f4-9de4-ee86dda3a2de/downloads/evaluation_emc_6eme_devenir_collegien.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466645/; classtype:trojan-activity;sid:84329745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466640)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dd809168-aa55-4437-9a0e-42447fbc16fd/downloads/22731947285.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466640/; classtype:trojan-activity;sid:84329740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466641)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/hypothecation_cancellation_request_letter_format.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466641/; classtype:trojan-activity;sid:84329741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466642)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/182ae1b8-0b64-4790-be7b-698d5e8b3d57/downloads/gidatigexapufalumiwolagad.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466642/; classtype:trojan-activity;sid:84329742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466634)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/aocs_official_method_ce_1b_89.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466634/; classtype:trojan-activity;sid:84329734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466635)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pigogini.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466635/; classtype:trojan-activity;sid:84329735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466639)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ab158387-fd14-4136-be83-18d2feafd209/downloads/regonadafufosofujerijasur.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466639/; classtype:trojan-activity;sid:84329739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466625)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xewegemodigu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466625/; classtype:trojan-activity;sid:84329725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466626)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f9b61407-e9a0-4bfb-ac42-6ba811f07eed/downloads/daycare_reference_letter_template.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466626/; classtype:trojan-activity;sid:84329726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466629)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/displayport_1.4_spec.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466629/; classtype:trojan-activity;sid:84329729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466632)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a49e03e-1cf9-44ed-ac44-c378f90fa5f8/downloads/63521883486.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466632/; classtype:trojan-activity;sid:84329732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466633)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/262ea410-a887-458b-b5ec-65748ef01e57/downloads/75258476975.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466633/; classtype:trojan-activity;sid:84329733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466619)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/dajagunowe.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466619/; classtype:trojan-activity;sid:84329719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466620)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/hypochondria_ielts_reading_answers.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466620/; classtype:trojan-activity;sid:84329720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466622)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/migolijidawononavez.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466622/; classtype:trojan-activity;sid:84329722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466623)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6286d8b4-6ffa-4d84-aeea-f2a9bc58a594/downloads/hotel_courtesy_call_template.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466623/; classtype:trojan-activity;sid:84329723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466617)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48cf8ef6-fe89-47b6-9b8e-43119a3d3833/downloads/89759746182.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466617/; classtype:trojan-activity;sid:84329717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466613)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/poquito_mas_nutrition_facts.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466613/; classtype:trojan-activity;sid:84329713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466610)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/luxutevosevuke.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466610/; classtype:trojan-activity;sid:84329710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466611)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vamiralu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466611/; classtype:trojan-activity;sid:84329711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466605)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bonunorovekofa.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466605/; classtype:trojan-activity;sid:84329705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466606)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/36407415595.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466606/; classtype:trojan-activity;sid:84329706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466607)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/82707682561.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466607/; classtype:trojan-activity;sid:84329707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466608)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0620227-6f33-427f-8ac7-1fb80d24bd78/downloads/loxabafefomukewizirefa.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466608/; classtype:trojan-activity;sid:84329708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466609)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/metric_bolt_specification_chart.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466609/; classtype:trojan-activity;sid:84329709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466597)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/22305465780.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466597/; classtype:trojan-activity;sid:84329697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466598)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/efeaa59e-2423-41d8-b482-9a37e80979c7/downloads/ge_disconnect_switch.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466598/; classtype:trojan-activity;sid:84329698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466600)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7518eff6-349e-4445-8380-e1c43aacea7b/downloads/gemudewefedevovep.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466600/; classtype:trojan-activity;sid:84329700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466601)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/tugojokuru.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466601/; classtype:trojan-activity;sid:84329701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466602)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/hadoop_notes_by_durgasoft_ramakrishna.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466602/; classtype:trojan-activity;sid:84329702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466603)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/compassionate_leave_letter_examples.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466603/; classtype:trojan-activity;sid:84329703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466604)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2294c0f6-d737-4b16-8fca-94076227dda5/downloads/garrison_carbon_monoxide_and_gas_detector_manual.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466604/; classtype:trojan-activity;sid:84329704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466593)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/kuradorug.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466593/; classtype:trojan-activity;sid:84329693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466594)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/38053692779.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466594/; classtype:trojan-activity;sid:84329694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466595)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/26107131918.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466595/; classtype:trojan-activity;sid:84329695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466587)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tozivagal.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466587/; classtype:trojan-activity;sid:84329687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466591)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1b026e03-5af6-461d-a832-b5e23f93b19f/downloads/rojumedevunez.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466591/; classtype:trojan-activity;sid:84329691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466585)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nefusajoxepisajejod.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466585/; classtype:trojan-activity;sid:84329685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466581)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tubewerapip.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466581/; classtype:trojan-activity;sid:84329681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466583)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/18645484853.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466583/; classtype:trojan-activity;sid:84329683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466584)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/4850921377.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466584/; classtype:trojan-activity;sid:84329684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466567)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/basimonuje.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466567/; classtype:trojan-activity;sid:84329667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466568)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4490da21-0774-43c2-8f10-26fe1384ffab/downloads/convention_collective_ucanss_mutatio.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466568/; classtype:trojan-activity;sid:84329668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466569)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2f6bcf3c-4b23-42e7-95db-7e5e3070b630/downloads/29680644903.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466569/; classtype:trojan-activity;sid:84329669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466571)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e297ab99-26f3-4763-8aa9-4b5ba8336826/downloads/61556440139.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466571/; classtype:trojan-activity;sid:84329671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466572)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/rikeleneliteta.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466572/; classtype:trojan-activity;sid:84329672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466559)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dupibutemuxubezukexe.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466559/; classtype:trojan-activity;sid:84329659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466561)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/58f82e37-5723-4fc5-be87-1ca34da7fc9c/downloads/ladovarudugusujo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466561/; classtype:trojan-activity;sid:84329661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466562)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/93623530863.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466562/; classtype:trojan-activity;sid:84329662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466563)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/31982364803.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466563/; classtype:trojan-activity;sid:84329663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466564)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/manually_update_officescan_server.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466564/; classtype:trojan-activity;sid:84329664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466565)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/meligofat.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466565/; classtype:trojan-activity;sid:84329665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466566)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pibajusapasadasizuvabo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466566/; classtype:trojan-activity;sid:84329666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466552)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/vuguvukopipokimukunoju.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466552/; classtype:trojan-activity;sid:84329652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466553)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/vmware_horizon_not_loading.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466553/; classtype:trojan-activity;sid:84329653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466556)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/gekepozokenaxaketojakoj.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466556/; classtype:trojan-activity;sid:84329656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466557)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xekinozu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466557/; classtype:trojan-activity;sid:84329657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466558)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/tanaber.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466558/; classtype:trojan-activity;sid:84329658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466546)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lokodemerukezabakexa.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466546/; classtype:trojan-activity;sid:84329646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466547)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wijigezafububofelib.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466547/; classtype:trojan-activity;sid:84329647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466548)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1a64ed17-85a2-4cee-b266-878ed957a17a/downloads/wezixipusafa.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466548/; classtype:trojan-activity;sid:84329648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466551)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ed9a7df-8325-4b88-b206-4975011bd8d3/downloads/73303046927.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466551/; classtype:trojan-activity;sid:84329651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466544)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vafibezesixura.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466544/; classtype:trojan-activity;sid:84329644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466542)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdf9b72e-240a-4a41-ac28-e187be75db3e/downloads/10008295817.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466542/; classtype:trojan-activity;sid:84329642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466539)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/35017680871.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466539/; classtype:trojan-activity;sid:84329639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466534)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b5346c1d-c474-4a92-9b4c-cbf0eee37189/downloads/jamupipenimewuroveg.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466534/; classtype:trojan-activity;sid:84329634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466523)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/ritiwuga.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466523/; classtype:trojan-activity;sid:84329623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466524)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/98558988287.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466524/; classtype:trojan-activity;sid:84329624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466525)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d8c405e-d09a-43e6-b2b9-f8bbfe0e4b05/downloads/japifitakudisudupuweb.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466525/; classtype:trojan-activity;sid:84329625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466527)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b7519557-5091-4de7-b104-8e86c3953c5d/downloads/66697702965.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466527/; classtype:trojan-activity;sid:84329627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466528)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4d8863b-da23-437d-86ed-df2351a23265/downloads/sazodaxorega.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466528/; classtype:trojan-activity;sid:84329628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466512)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/36655168913.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466512/; classtype:trojan-activity;sid:84329612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466513)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wevularaboxurewugawe.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466513/; classtype:trojan-activity;sid:84329613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466514)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/rubizegelolulagexarunup.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466514/; classtype:trojan-activity;sid:84329614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466515)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/pipe_fittings_surface_area_chart.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466515/; classtype:trojan-activity;sid:84329615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466517)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/ludirov.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466517/; classtype:trojan-activity;sid:84329617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466521)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/jedibam.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466521/; classtype:trojan-activity;sid:84329621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466522)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c2f5ec0b-52d8-40cb-8fa6-a66f6f891fa9/downloads/64630520522.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466522/; classtype:trojan-activity;sid:84329622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466506)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/19f0e93a-8f01-4f21-8964-dcc990dea571/downloads/honeywell_dc3002_manual.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466506/; classtype:trojan-activity;sid:84329606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466507)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30963207670.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466507/; classtype:trojan-activity;sid:84329607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466508)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/36202936872.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466508/; classtype:trojan-activity;sid:84329608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466509)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/738cd3ca-10f0-4f1e-865e-c0932904fbb2/downloads/28412734415.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466509/; classtype:trojan-activity;sid:84329609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466510)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/wepepuv.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466510/; classtype:trojan-activity;sid:84329610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466503)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atpco_fare_filing_manual_s.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466503/; classtype:trojan-activity;sid:84329603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466504)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gartner_magic_quadrant_ips.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466504/; classtype:trojan-activity;sid:84329604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466505)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/xawegifurixikinixi.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466505/; classtype:trojan-activity;sid:84329605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466501)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nolovafitavire.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466501/; classtype:trojan-activity;sid:84329601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466495)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/mojijodexiv.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466495/; classtype:trojan-activity;sid:84329595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466497)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/xipefodefanotare.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466497/; classtype:trojan-activity;sid:84329597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466498)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gekulafemidafalijuw.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466498/; classtype:trojan-activity;sid:84329598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466489)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/types_of_lines_in_construction_drawings.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466489/; classtype:trojan-activity;sid:84329589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466490)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/psa_birth_certificate_authorization_letter.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466490/; classtype:trojan-activity;sid:84329590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466492)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/libububodanusakamarad.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466492/; classtype:trojan-activity;sid:84329592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466480)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/41202776349.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466480/; classtype:trojan-activity;sid:84329580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466481)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dc583f51-62de-45fb-b9c6-f152dd4c2594/downloads/combining_like_terms_pyramid_worksheet_answers.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466481/; classtype:trojan-activity;sid:84329581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466482)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1dc2c198-09f6-4966-96bb-2e160c7d78e2/downloads/55840145977.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466482/; classtype:trojan-activity;sid:84329582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466484)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/puzenesariwalez.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466484/; classtype:trojan-activity;sid:84329584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466485)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0eb552d-3ccf-4b3e-a340-0e3717106147/downloads/kalozarisi.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466485/; classtype:trojan-activity;sid:84329585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466486)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/wilikof.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466486/; classtype:trojan-activity;sid:84329586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466487)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/geruzirejexexani.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466487/; classtype:trojan-activity;sid:84329587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466476)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de9d9f96-a289-4877-85d4-e6d2d4cc419c/downloads/minerva_t2000_manual.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466476/; classtype:trojan-activity;sid:84329576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466474)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/siemens_pcs_7_full_training_manual.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466474/; classtype:trojan-activity;sid:84329574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466472)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sojawamiluredowad.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466472/; classtype:trojan-activity;sid:84329572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466462)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/add57eeb-0480-4d3e-871c-79d9b8fe2772/downloads/lozataroziwukurejigax.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466462/; classtype:trojan-activity;sid:84329562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466463)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/capacitor_bank_preventive_maintenance_checklist.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466463/; classtype:trojan-activity;sid:84329563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466464)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/jesafi.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466464/; classtype:trojan-activity;sid:84329564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466465)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wofewipawo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466465/; classtype:trojan-activity;sid:84329565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466468)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/58423586845.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466468/; classtype:trojan-activity;sid:84329568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466469)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89849145142.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466469/; classtype:trojan-activity;sid:84329569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466460)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c26a93a-50bb-4104-895b-059e3fc9a02c/downloads/zoxinigexozojadidara.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466460/; classtype:trojan-activity;sid:84329560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466454)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/demande_d_allocation_chomage_pole_emploi.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466454/; classtype:trojan-activity;sid:84329554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466459)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tutorialspoint_sap_pp.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466459/; classtype:trojan-activity;sid:84329559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466449)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/lafebokoz.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466449/; classtype:trojan-activity;sid:84329549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466450)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/advance_payment_request_letter_format_word.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466450/; classtype:trojan-activity;sid:84329550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466452)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/boilermaker_drawings_and_developments.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466452/; classtype:trojan-activity;sid:84329552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466453)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8532eb1d-13c2-4756-9d41-225750b056f4/downloads/litimuwabu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466453/; classtype:trojan-activity;sid:84329553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466444)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/telcordia_sr_332_issue_4.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466444/; classtype:trojan-activity;sid:84329544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466445)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/stopaq_application_manual_2018.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466445/; classtype:trojan-activity;sid:84329545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466447)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3daad7b2-98c5-4dc1-b37a-5570afcba267/downloads/40472163846.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466447/; classtype:trojan-activity;sid:84329547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466439)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89247847196.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466439/; classtype:trojan-activity;sid:84329539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466440)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/72993487295.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466440/; classtype:trojan-activity;sid:84329540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466441)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de9155fa-7173-4766-94c3-9e400d4aed58/downloads/def_stan_91-91.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466441/; classtype:trojan-activity;sid:84329541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466443)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/42d6a3b4-bbc0-47ab-bf86-c3ddb806b2ed/downloads/rafadaduveputev.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466443/; classtype:trojan-activity;sid:84329543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466429)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3924d65b-e08d-4f21-8d71-a0b15eb654bb/downloads/63720952596.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466429/; classtype:trojan-activity;sid:84329529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466417)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/woleb.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466417/; classtype:trojan-activity;sid:84329517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466418)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dururotilonid.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466418/; classtype:trojan-activity;sid:84329518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466419)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/150_dialogues_en_francais.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466419/; classtype:trojan-activity;sid:84329519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466420)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/88031585580.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466420/; classtype:trojan-activity;sid:84329520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466423)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/dollar_general_cbl_answers_robbery_prevention.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466423/; classtype:trojan-activity;sid:84329523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466424)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4e8158-a082-4b1f-960e-1d82a946a72b/downloads/76239393989.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466424/; classtype:trojan-activity;sid:84329524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466414)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51c1105d-a687-468d-b1aa-293ca9578a34/downloads/giwuroganapedokozijave.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466414/; classtype:trojan-activity;sid:84329514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466406)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50e5aae7-a15c-4d74-a4ed-a8edfca980c4/downloads/atividades_adaptadas_de_ingles_para_deficientes_intelectuais.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466406/; classtype:trojan-activity;sid:84329506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466407)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/24465842333.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466407/; classtype:trojan-activity;sid:84329507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466409)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2d664301-7b5e-474d-97a1-1305c7ece601/downloads/35905190672.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466409/; classtype:trojan-activity;sid:84329509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466410)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/12922543008.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466410/; classtype:trojan-activity;sid:84329510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466412)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/20643132370.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466412/; classtype:trojan-activity;sid:84329512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466413)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/95435099570.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466413/; classtype:trojan-activity;sid:84329513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466401)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2bb4e8cb-ec7e-44c1-a645-d94d4534f3a4/downloads/far_from_you_tess_sharpe.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466401/; classtype:trojan-activity;sid:84329501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466403)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87076889980.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466403/; classtype:trojan-activity;sid:84329503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466396)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/40331451843.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466396/; classtype:trojan-activity;sid:84329496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466397)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/sumitomo_f50_compressor_manual.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466397/; classtype:trojan-activity;sid:84329497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466398)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tusosexukitut.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466398/; classtype:trojan-activity;sid:84329498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466387)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/chambre_de_tirage_telecom.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466387/; classtype:trojan-activity;sid:84329487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466389)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d45c0d9d-8581-471d-bee0-51d1b9891f05/downloads/nisisot.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466389/; classtype:trojan-activity;sid:84329489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466390)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tojabuka.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466390/; classtype:trojan-activity;sid:84329490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466391)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/16219919996.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466391/; classtype:trojan-activity;sid:84329491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466392)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/famous_athletes_banned_for_drug_use.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466392/; classtype:trojan-activity;sid:84329492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466393)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/31075581028.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466393/; classtype:trojan-activity;sid:84329493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466394)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/table_trigonometrique_complet.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466394/; classtype:trojan-activity;sid:84329494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466385)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f20719e2-319c-4f10-aabc-5dffb4a98912/downloads/45233279752.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466385/; classtype:trojan-activity;sid:84329485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466376)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/10e01255-b324-4a54-ae63-f4e28a319147/downloads/how_to_make_authorization_letter_to_claim_money_in_palawan.pdf"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466376/; classtype:trojan-activity;sid:84329476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466378)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/baropuzijavalerivotenujop.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466378/; classtype:trojan-activity;sid:84329478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466379)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15135097712.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466379/; classtype:trojan-activity;sid:84329479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466366)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/demag_ac_350_dwg.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466366/; classtype:trojan-activity;sid:84329466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466370)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6479094-5bf7-4b46-9ced-d0f3d0d49751/downloads/63982701040.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466370/; classtype:trojan-activity;sid:84329470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466371)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e35dded4-68df-49bc-a9b0-aad8c63628c2/downloads/polipuzikiwelines.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466371/; classtype:trojan-activity;sid:84329471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466372)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/jakirezimukixinirivuvizuw.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466372/; classtype:trojan-activity;sid:84329472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466373)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4bf44b4-a39c-49f8-89f5-4b487ef61751/downloads/safety_precautions_during_rainy_season_ppt.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466373/; classtype:trojan-activity;sid:84329473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466358)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gasanon.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466358/; classtype:trojan-activity;sid:84329458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466359)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87218120165.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466359/; classtype:trojan-activity;sid:84329459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466364)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6c9fdcec-b167-4620-b064-54b8917c32b8/downloads/57211354597.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466364/; classtype:trojan-activity;sid:84329464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466355)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/2687436544.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466355/; classtype:trojan-activity;sid:84329455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466356)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/astonishment_report_example_template_free.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466356/; classtype:trojan-activity;sid:84329456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466353)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4454ad30-3f6f-488a-b5e6-19e7bcca2146/downloads/duzinijilufixikedaluw.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466353/; classtype:trojan-activity;sid:84329453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466340)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/47a03532-4838-4d3f-b185-a29c87fa882c/downloads/24511080679.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466340/; classtype:trojan-activity;sid:84329440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466341)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/35512569741.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466341/; classtype:trojan-activity;sid:84329441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466344)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/fiselarodinolapin.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466344/; classtype:trojan-activity;sid:84329444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466348)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/fonuferin.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466348/; classtype:trojan-activity;sid:84329448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466349)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/59681288373.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466349/; classtype:trojan-activity;sid:84329449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466350)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9db526fb-d62a-447a-9766-8665158ad47a/downloads/skf_linear_bearing_catalogue.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466350/; classtype:trojan-activity;sid:84329450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466351)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/45838770375.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466351/; classtype:trojan-activity;sid:84329451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466336)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98a1791f-f3a9-4ef2-ac34-41b3393c3d1d/downloads/original_documents_handover_letter_format.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466336/; classtype:trojan-activity;sid:84329436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466337)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/60272662631.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466337/; classtype:trojan-activity;sid:84329437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466338)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa44ab49-4d64-4d64-8bfd-2dfce545052f/downloads/limitations_act_2004_nigeria.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466338/; classtype:trojan-activity;sid:84329438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466331)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72cc53f9-3bf4-447c-963a-353f48ad8500/downloads/puwutokok.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466331/; classtype:trojan-activity;sid:84329431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466333)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/emdr_cognitive_interweaves.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466333/; classtype:trojan-activity;sid:84329433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466325)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/15715958975.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466325/; classtype:trojan-activity;sid:84329425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466326)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sanugesijeviwo.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466326/; classtype:trojan-activity;sid:84329426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466327)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/167862b3-31e9-4984-90e5-30766e3a7fa8/downloads/20740408467.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466327/; classtype:trojan-activity;sid:84329427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466316)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/22914289512.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466316/; classtype:trojan-activity;sid:84329416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466317)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f842cd9f-c67c-4749-ba01-22d7c1ea502c/downloads/93070455772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466317/; classtype:trojan-activity;sid:84329417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466319)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/61240910211.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466319/; classtype:trojan-activity;sid:84329419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466320)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/33251318472.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466320/; classtype:trojan-activity;sid:84329420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466321)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/84098559127.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466321/; classtype:trojan-activity;sid:84329421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466322)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kaxajopisojurivo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466322/; classtype:trojan-activity;sid:84329422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466324)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vehicle_sale_agreement_format_in_word_kerala_online_applicat.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466324/; classtype:trojan-activity;sid:84329424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466312)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/everstart_750_amp_jump_starter_manual.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466312/; classtype:trojan-activity;sid:84329412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466313)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/manual_ppap_4_edicao.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466313/; classtype:trojan-activity;sid:84329413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466314)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/3703775959.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466314/; classtype:trojan-activity;sid:84329414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466305)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/womirojepu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466305/; classtype:trojan-activity;sid:84329405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466307)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/lord_of_the_flies_script.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466307/; classtype:trojan-activity;sid:84329407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466309)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/38102271043.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466309/; classtype:trojan-activity;sid:84329409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466304)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/depo_provera_osteoporosis_guidelines.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466304/; classtype:trojan-activity;sid:84329404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466301)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/397fbc33-145f-44ec-a774-e1fa1b866d82/downloads/fekesijurada.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466301/; classtype:trojan-activity;sid:84329401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466293)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/78299826683.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466293/; classtype:trojan-activity;sid:84329393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466294)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bc2da57a-5cad-4b1e-b658-8efa7e30bee5/downloads/como_transferir_saldo_de_dados_unitel.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466294/; classtype:trojan-activity;sid:84329394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466283)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/billetes_didacticos_mexicanos_para_imprimir.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466283/; classtype:trojan-activity;sid:84329383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466284)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/xutodorimalibavexididoson.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466284/; classtype:trojan-activity;sid:84329384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466285)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/vatalikuxigepiwu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466285/; classtype:trojan-activity;sid:84329385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466286)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2fda8269-9b7e-4008-b093-ed7dc0bde9d7/downloads/zinivegosejuriwevagowu.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466286/; classtype:trojan-activity;sid:84329386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466288)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/dotuxomolomorapitome.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466288/; classtype:trojan-activity;sid:84329388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466289)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/541a1d8b-7a21-4c1f-8013-03406bd1a8ad/downloads/mevuxurike.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466289/; classtype:trojan-activity;sid:84329389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466291)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/jubomumifekomu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466291/; classtype:trojan-activity;sid:84329391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466279)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa25c895-a966-4265-aeb1-bc094284554e/downloads/jifig.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466279/; classtype:trojan-activity;sid:84329379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466280)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/90378982159.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466280/; classtype:trojan-activity;sid:84329380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466282)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jodegemotekuseve.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466282/; classtype:trojan-activity;sid:84329382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466268)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/46578941429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466268/; classtype:trojan-activity;sid:84329368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466269)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/elenco_corsi_vam_viterbo.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466269/; classtype:trojan-activity;sid:84329369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466259)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/17714436684.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466259/; classtype:trojan-activity;sid:84329359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466260)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/planet_fitness_membership_cancellation_letter.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466260/; classtype:trojan-activity;sid:84329360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466261)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/61105974714.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466261/; classtype:trojan-activity;sid:84329361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466266)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/933c3405-1572-4648-b39e-d98567eb5bee/downloads/for_your_kind_perusal_and_necessary_action_meaning.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466266/; classtype:trojan-activity;sid:84329366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466267)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/scrubber_design_calculation_excel.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466267/; classtype:trojan-activity;sid:84329367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466249)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6787db73-833d-4393-867e-1b786eb5e101/downloads/60859753638.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466249/; classtype:trojan-activity;sid:84329349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466252)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/why_is_annexure_d_required_for_minor_passport.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466252/; classtype:trojan-activity;sid:84329352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466253)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/574284889.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466253/; classtype:trojan-activity;sid:84329353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466254)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/xikapataxofako.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466254/; classtype:trojan-activity;sid:84329354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466255)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lobigexapi.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466255/; classtype:trojan-activity;sid:84329355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466256)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2470d53e-fef7-4646-9c8b-919894e66d18/downloads/72646482584.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466256/; classtype:trojan-activity;sid:84329356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466257)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/46429707192.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466257/; classtype:trojan-activity;sid:84329357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466245)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7153ec40-cd7f-411a-a08b-66d173a33455/downloads/standards_australia_handbook_197.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466245/; classtype:trojan-activity;sid:84329345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466247)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/55745505506.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466247/; classtype:trojan-activity;sid:84329347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466241)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/43311556781.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466241/; classtype:trojan-activity;sid:84329341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466244)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/80691091889.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466244/; classtype:trojan-activity;sid:84329344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466238)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sewuxazomuwara.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466238/; classtype:trojan-activity;sid:84329338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466231)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ce549e8-3051-428a-a71b-b48f204ac3cd/downloads/rapid_router_level_43_solution.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466231/; classtype:trojan-activity;sid:84329331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466232)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0620bed2-a9d8-4f06-ab8c-173ea1a60a70/downloads/jijegarazomimubusawogam.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466232/; classtype:trojan-activity;sid:84329332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466233)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/matunekuv.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466233/; classtype:trojan-activity;sid:84329333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466230)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/statsafe_3000_msds.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466230/; classtype:trojan-activity;sid:84329330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466221)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/82647770508.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466221/; classtype:trojan-activity;sid:84329321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466222)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ee3e2894-0337-41f6-9371-caecf7034a22/downloads/26991821255.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466222/; classtype:trojan-activity;sid:84329322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466226)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/gesuzodekutiz.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466226/; classtype:trojan-activity;sid:84329326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466227)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/how_to_register_in_upstox.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466227/; classtype:trojan-activity;sid:84329327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466228)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/exercises_for_trigger_thumb.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466228/; classtype:trojan-activity;sid:84329328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466229)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/132d13c5-3f89-41bf-85b4-d1a24ddcf61c/downloads/nosiwevixina.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466229/; classtype:trojan-activity;sid:84329329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466215)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a56a106f-21b9-46c2-b5bc-12461919334c/downloads/vurarufa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466215/; classtype:trojan-activity;sid:84329315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466217)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_get_a_wire_transfer_receipt_chase.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466217/; classtype:trojan-activity;sid:84329317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466219)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/3175972790.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466219/; classtype:trojan-activity;sid:84329319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466213)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/apex_sl_vibration_controller_manual.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466213/; classtype:trojan-activity;sid:84329313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466214)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nakozixuwelafi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466214/; classtype:trojan-activity;sid:84329314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466205)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mobesapovasag.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466205/; classtype:trojan-activity;sid:84329305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466206)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/imperial_vernier_caliper_worksheet.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466206/; classtype:trojan-activity;sid:84329306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466207)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e2ab423c-1813-4cd0-becb-6a8adbf01641/downloads/ribafimimeriledok.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466207/; classtype:trojan-activity;sid:84329307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466208)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/62228929609.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466208/; classtype:trojan-activity;sid:84329308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466209)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/91a706e9-d066-47d7-89af-69535d865c3d/downloads/carteirinha_de_estudante_falsa_em.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466209/; classtype:trojan-activity;sid:84329309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466196)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/35740879646.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466196/; classtype:trojan-activity;sid:84329296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466201)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/zeneliginuboripiriza.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466201/; classtype:trojan-activity;sid:84329301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466202)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6bb5c8cf-e89d-49c0-aeeb-7278d39f6b32/downloads/fiche_grcf_bts_gpme.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466202/; classtype:trojan-activity;sid:84329302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466193)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/77724997403.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466193/; classtype:trojan-activity;sid:84329293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466181)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/xinunivigaxelifujukedo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466181/; classtype:trojan-activity;sid:84329281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466182)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/pidipaxiworoguvosifap.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466182/; classtype:trojan-activity;sid:84329282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466183)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rent_receipt_format_in_ms_word.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466183/; classtype:trojan-activity;sid:84329283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466184)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nipipuk.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466184/; classtype:trojan-activity;sid:84329284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466185)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/67271829455.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466185/; classtype:trojan-activity;sid:84329285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466186)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/57390845107.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466186/; classtype:trojan-activity;sid:84329286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466187)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/45659404876.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466187/; classtype:trojan-activity;sid:84329287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466189)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/80200009732.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466189/; classtype:trojan-activity;sid:84329289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466190)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3a657e0c-a872-4028-94b8-811aea249c49/downloads/shl_general_ability_test_answers_reddit.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466190/; classtype:trojan-activity;sid:84329290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466175)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06823f9b-45c4-43cb-a44f-1f9f645cebcf/downloads/32406777299.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466175/; classtype:trojan-activity;sid:84329275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466177)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/7694747911.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466177/; classtype:trojan-activity;sid:84329277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466178)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/danokubiwen.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466178/; classtype:trojan-activity;sid:84329278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466179)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/xibuvajuxaluvotom.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466179/; classtype:trojan-activity;sid:84329279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466180)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/8393439781.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466180/; classtype:trojan-activity;sid:84329280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466170)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/redoripedigi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466170/; classtype:trojan-activity;sid:84329270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466172)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_cancel_print_job_on_zebra_gk420d.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466172/; classtype:trojan-activity;sid:84329272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466169)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b83dcfc0-bbe6-4498-b356-e365ec2ed396/downloads/zofafiba.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466169/; classtype:trojan-activity;sid:84329269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466161)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/les_jours_de_la_semaine_exercices.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466161/; classtype:trojan-activity;sid:84329261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466162)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/90213521835.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466162/; classtype:trojan-activity;sid:84329262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466154)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/28725733968.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466154/; classtype:trojan-activity;sid:84329254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466149)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7aa15cc-b2d1-4fef-8a47-8d7810090a9c/downloads/jenuwegipujodunoj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466149/; classtype:trojan-activity;sid:84329249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466151)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dowuvibatekijutajuvavu.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466151/; classtype:trojan-activity;sid:84329251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466152)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/14196656823.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466152/; classtype:trojan-activity;sid:84329252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466153)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/44a9091e-2134-47ec-8037-250483142ad3/downloads/kenmore_elite_665.12783_k311_service_manual.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466153/; classtype:trojan-activity;sid:84329253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466144)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/50362295282.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466144/; classtype:trojan-activity;sid:84329244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466145)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/navy_uic_code_list.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466145/; classtype:trojan-activity;sid:84329245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466147)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f2acd38-413e-47a5-ac42-d6305581bfab/downloads/logerafanekox.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466147/; classtype:trojan-activity;sid:84329247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466140)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/zakojamoderuvovu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466140/; classtype:trojan-activity;sid:84329240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466133)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/successfactors_recruiting_implementation_guide.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466133/; classtype:trojan-activity;sid:84329233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466134)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/97474238027.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466134/; classtype:trojan-activity;sid:84329234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466135)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddcbbbab-f8a6-4067-a450-a2f971a66e79/downloads/daikin_ac_remote_control_guide.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466135/; classtype:trojan-activity;sid:84329235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466138)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/lebuk.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466138/; classtype:trojan-activity;sid:84329238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466139)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/71642361311.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466139/; classtype:trojan-activity;sid:84329239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466128)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kumujadirifokekikivexe.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466128/; classtype:trojan-activity;sid:84329228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466130)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/2818265442.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466130/; classtype:trojan-activity;sid:84329230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466132)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/examenes_psicometricos_pruebas_psicometricas_gratis_para_imp.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466132/; classtype:trojan-activity;sid:84329232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466122)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4252a31f-7a57-4ac8-a31e-ee71b2361194/downloads/61162239689.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466122/; classtype:trojan-activity;sid:84329222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466125)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/43b3ecff-25d4-4371-99a8-6df485cf4fd5/downloads/amoeba_sisters_classification_worksheet.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466125/; classtype:trojan-activity;sid:84329225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466115)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/fundamentals_of_power_supply_design_book.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466115/; classtype:trojan-activity;sid:84329215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466116)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466116/; classtype:trojan-activity;sid:84329216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466117)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15938565950.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466117/; classtype:trojan-activity;sid:84329217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466107)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5271715-d4c2-447f-bd8c-804dbc17722c/downloads/experience_certificate_format_for_quality_control_engineer.pdf"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466107/; classtype:trojan-activity;sid:84329207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466109)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1b7f80b5-fb34-497d-8072-447feb44da09/downloads/lewamagoromizesa.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466109/; classtype:trojan-activity;sid:84329209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466110)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/courier_declaration_format.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466110/; classtype:trojan-activity;sid:84329210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466104)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruripumefenezalizaf.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466104/; classtype:trojan-activity;sid:84329204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466101)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/32a18e69-8d9d-488c-b50f-45023ca24343/downloads/87353354077.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466101/; classtype:trojan-activity;sid:84329201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466092)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20305303180.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466092/; classtype:trojan-activity;sid:84329192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466099)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/kutapodisub.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466099/; classtype:trojan-activity;sid:84329199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466100)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0919b7e4-2541-44dd-b945-9d5e6d22eaf1/downloads/xibegakibojonabawaz.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466100/; classtype:trojan-activity;sid:84329200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466083)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/doxuwiponubagexotabos.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466083/; classtype:trojan-activity;sid:84329183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466084)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/54308720858.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466084/; classtype:trojan-activity;sid:84329184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466085)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/gomanelakog.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466085/; classtype:trojan-activity;sid:84329185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466089)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/nx_nastran_element_library_reference_manual.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466089/; classtype:trojan-activity;sid:84329189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466074)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/collibra_expert_i_certification_answers_sheet_download_2017.pdf"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466074/; classtype:trojan-activity;sid:84329174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466075)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4ec11559-69c0-4903-84a6-3240babfcfe7/downloads/lapagikevipewijumodoru.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466075/; classtype:trojan-activity;sid:84329175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466076)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/formulaire_virement_international_banque_postale.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466076/; classtype:trojan-activity;sid:84329176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466078)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/96273346643.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466078/; classtype:trojan-activity;sid:84329178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466079)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1feaf4a2-3a85-48bd-b975-ab8d5bcee640/downloads/30816276176.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466079/; classtype:trojan-activity;sid:84329179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466070)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/rent_brokerage_receipt_format_word.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466070/; classtype:trojan-activity;sid:84329170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466071)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8439ca10-a5ac-4299-aa09-54ab615a2090/downloads/bozagororaxurivir.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466071/; classtype:trojan-activity;sid:84329171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466072)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/54016191818.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466072/; classtype:trojan-activity;sid:84329172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466073)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f0d27cad-ce96-47a4-a6b6-d00149677212/downloads/87562723190.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466073/; classtype:trojan-activity;sid:84329173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466066)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/swot_analysis_for_poultry_farming.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466066/; classtype:trojan-activity;sid:84329166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466067)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/bosokoxa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466067/; classtype:trojan-activity;sid:84329167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466063)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/69034861186.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466063/; classtype:trojan-activity;sid:84329163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466065)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/14962502915.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466065/; classtype:trojan-activity;sid:84329165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466060)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/42589334771.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466060/; classtype:trojan-activity;sid:84329160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466054)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/banksman_hand_signals.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466054/; classtype:trojan-activity;sid:84329154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466055)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/5985868832.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466055/; classtype:trojan-activity;sid:84329155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466056)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/voter_list_delhi_2018.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466056/; classtype:trojan-activity;sid:84329156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466058)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99737319160.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466058/; classtype:trojan-activity;sid:84329158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466045)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/71653623394.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466045/; classtype:trojan-activity;sid:84329145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466047)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/testing_and_commissioning_of_electrical_equipment.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466047/; classtype:trojan-activity;sid:84329147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466048)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ffc09a0-c9a4-4762-8145-43798f2fda71/downloads/back_to_work_from_maternity_leave_email.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466048/; classtype:trojan-activity;sid:84329148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466049)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/xepaxijaniwitofoxipoja.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466049/; classtype:trojan-activity;sid:84329149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466051)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de43da9e-bc77-4e56-a909-0e72ba746cf9/downloads/electricity_bill_name_change_noc_format.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466051/; classtype:trojan-activity;sid:84329151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466052)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/formulaire_ordre_de_virement_banque_postale.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466052/; classtype:trojan-activity;sid:84329152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466053)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/76135669664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466053/; classtype:trojan-activity;sid:84329153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466039)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/23ec0b56-0ae7-4e41-8565-08e517b0b386/downloads/gatamalepuberik.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466039/; classtype:trojan-activity;sid:84329139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466040)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/97106569323.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466040/; classtype:trojan-activity;sid:84329140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466041)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e3d230e-4918-4f4b-8a10-8ee933aabcaf/downloads/99772344048.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466041/; classtype:trojan-activity;sid:84329141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466037)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/wapurexep.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466037/; classtype:trojan-activity;sid:84329137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466032)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/19668bf7-0111-4cbb-8050-06562ac08bba/downloads/steps_to_create_template_instance_in_tosca.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466032/; classtype:trojan-activity;sid:84329132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466033)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/bidoxefemoduxunirez.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466033/; classtype:trojan-activity;sid:84329133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466034)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/88817028453.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466034/; classtype:trojan-activity;sid:84329134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466027)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/job_work_challan_format_in_excel.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466027/; classtype:trojan-activity;sid:84329127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466028)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34794329-fa5b-49f8-8f60-fb0720b1e556/downloads/14476765670.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466028/; classtype:trojan-activity;sid:84329128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466015)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/resignation_letter_template_family_reasons.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466015/; classtype:trojan-activity;sid:84329115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466016)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/14431999044.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466016/; classtype:trojan-activity;sid:84329116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466017)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/21303726077.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466017/; classtype:trojan-activity;sid:84329117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466018)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/minupawuferogu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466018/; classtype:trojan-activity;sid:84329118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466020)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b071d266-376f-40c9-bb70-11ca77d8051b/downloads/36008974689.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466020/; classtype:trojan-activity;sid:84329120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466021)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/60919645191.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466021/; classtype:trojan-activity;sid:84329121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466022)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/audit_professional_clearance_letter_template.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466022/; classtype:trojan-activity;sid:84329122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466023)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30072850819.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466023/; classtype:trojan-activity;sid:84329123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466024)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/75213021290.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466024/; classtype:trojan-activity;sid:84329124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466025)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/law-making_process_in_zimbabwe.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466025/; classtype:trojan-activity;sid:84329125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466011)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/363b8b8c-bdd6-4ad7-ac6c-ba65cd60171b/downloads/abaqus_user_subroutine_reference_guide.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466011/; classtype:trojan-activity;sid:84329111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466014)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/85845004614.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466014/; classtype:trojan-activity;sid:84329114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466005)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/genuwafazapibiwinowafal.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466005/; classtype:trojan-activity;sid:84329105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466006)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20322886839.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466006/; classtype:trojan-activity;sid:84329106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466008)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gagibipawuzepakan.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466008/; classtype:trojan-activity;sid:84329108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466002)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/sample_authorization_letter_to_get_psa_marriage_certificate.pdf"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466002/; classtype:trojan-activity;sid:84329102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465993)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/8517821794.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465993/; classtype:trojan-activity;sid:84329093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465994)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/padanad.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465994/; classtype:trojan-activity;sid:84329094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465995)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9971747c-d991-46ae-b932-5ba73958e604/downloads/fojajexuretimototatoles.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465995/; classtype:trojan-activity;sid:84329095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465996)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mosodekasaxozebopajebibe.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465996/; classtype:trojan-activity;sid:84329096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465997)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/30164245456.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465997/; classtype:trojan-activity;sid:84329097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465999)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f264223f-22e7-47f1-947d-9e365a75e217/downloads/96358679127.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465999/; classtype:trojan-activity;sid:84329099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466000)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f65856df-6ee2-426f-901a-fbcb5106e767/downloads/22057173676.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466000/; classtype:trojan-activity;sid:84329100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465984)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/butterfly_roof_construction_detail.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465984/; classtype:trojan-activity;sid:84329084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465985)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/baxejatoxenidomixidedax.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465985/; classtype:trojan-activity;sid:84329085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465986)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/17465496427.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465986/; classtype:trojan-activity;sid:84329086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465989)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/zabefenakozevopesomewazi.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465989/; classtype:trojan-activity;sid:84329089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465990)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/zoromipubadijivonexon.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465990/; classtype:trojan-activity;sid:84329090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465991)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/jaladimurefasetuzukiwaxit.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465991/; classtype:trojan-activity;sid:84329091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465992)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wofalobomosotanavuze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465992/; classtype:trojan-activity;sid:84329092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465980)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0d21a9d5-01df-4a9e-9327-883996b2f71d/downloads/ansi_electrical_symbols_standards.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465980/; classtype:trojan-activity;sid:84329080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465974)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a435afa7-bc93-481f-8a35-ce503cc8a972/downloads/sri_rudram_namakam_chamakam_tamil.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465974/; classtype:trojan-activity;sid:84329074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465975)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/tumiwujuluxuwaxi.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465975/; classtype:trojan-activity;sid:84329075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465977)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/denutetoraditut.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465977/; classtype:trojan-activity;sid:84329077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465961)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/bifidetogatovotuwideki.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465961/; classtype:trojan-activity;sid:84329061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465962)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/baroque_guitar_tab.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465962/; classtype:trojan-activity;sid:84329062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465963)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7f34267e-2563-449a-82e3-60f19988c45d/downloads/lic_jeevan_saral_plan_165_chart.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465963/; classtype:trojan-activity;sid:84329063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465965)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/69187265192.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465965/; classtype:trojan-activity;sid:84329065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465968)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d551812a-3c47-48f1-bc1d-3ac42c3f246c/downloads/rigumudusogepivana.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465968/; classtype:trojan-activity;sid:84329068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465969)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/5528845131.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465969/; classtype:trojan-activity;sid:84329069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465971)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/74129229699.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465971/; classtype:trojan-activity;sid:84329071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465972)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/cancionero_catolico_jesed.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465972/; classtype:trojan-activity;sid:84329072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465957)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/historietas_del_medio_ambiente_largas.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465957/; classtype:trojan-activity;sid:84329057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465955)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/62049175170.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465955/; classtype:trojan-activity;sid:84329055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465949)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/10908647555.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465949/; classtype:trojan-activity;sid:84329049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465951)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/maxabamuxixotabevifutiw.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465951/; classtype:trojan-activity;sid:84329051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465953)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/downgrade_oracle_database_from_19c_to_11g.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465953/; classtype:trojan-activity;sid:84329053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465942)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ba9b549d-a804-4d13-a818-3c55b3524acd/downloads/75189909272.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465942/; classtype:trojan-activity;sid:84329042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465945)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/individual_development_plan_powerpoint_template.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465945/; classtype:trojan-activity;sid:84329045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465946)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/64954946228.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465946/; classtype:trojan-activity;sid:84329046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465939)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/bapozujipo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465939/; classtype:trojan-activity;sid:84329039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465931)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4872c6d8-aa46-4e32-b809-43d741337793/downloads/74841624584.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465931/; classtype:trojan-activity;sid:84329031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465932)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3a90d4c9-f215-49ec-8178-8e50febf5250/downloads/tedutogonisijetinikiw.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465932/; classtype:trojan-activity;sid:84329032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465933)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/wipofuta.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465933/; classtype:trojan-activity;sid:84329033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465935)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4cb1e8a7-0f1a-4c3a-ae4d-65ac09f78b80/downloads/fenekipejivatoxeni.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465935/; classtype:trojan-activity;sid:84329035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465937)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/wolarodipuxusisug.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465937/; classtype:trojan-activity;sid:84329037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465938)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c3be0091-4534-4191-a72e-570acc745d3e/downloads/attestation_de_prise_en_charge_tlscontact.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465938/; classtype:trojan-activity;sid:84329038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465924)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa4295b9-8c98-4187-bbf8-91c9d7ce5f9e/downloads/89606848887.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465924/; classtype:trojan-activity;sid:84329024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465926)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/44d0963d-ba71-4620-abdb-e3c6631b392b/downloads/balance_confirmation_letter_format_in_word.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465926/; classtype:trojan-activity;sid:84329026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465912)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/rollo_tomassi_the_rational_male_turkce.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465912/; classtype:trojan-activity;sid:84329012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465914)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800bda9c-ed1b-45a1-a7d5-702e4e14f980/downloads/pmp_42_processes_chart.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465914/; classtype:trojan-activity;sid:84329014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465915)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/86917927693.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465915/; classtype:trojan-activity;sid:84329015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465916)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/methodologie_du_commentaire_compose_francais.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465916/; classtype:trojan-activity;sid:84329016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465919)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gauss_elimination_method_example_with_solution.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465919/; classtype:trojan-activity;sid:84329019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465910)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5f03ee03-a319-4a1e-a052-a99710c59365/downloads/bujulodipesotixugakujup.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465910/; classtype:trojan-activity;sid:84329010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465906)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/hsbc_bank_statement.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465906/; classtype:trojan-activity;sid:84329006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465909)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/94e1955e-c7d2-4e11-a6ac-7a5ec652d6cd/downloads/suzuki_dt4_owners_manual.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465909/; classtype:trojan-activity;sid:84329009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465903)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8f5eeb54-04ec-4a30-bb55-41e413d1f3ed/downloads/open_pit_mine_planning_and_design.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465903/; classtype:trojan-activity;sid:84329003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465904)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ceb9a026-f6c4-4e26-a968-d8e0e8d06aaa/downloads/tevedowopalugafaxoro.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465904/; classtype:trojan-activity;sid:84329004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465905)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/adb32098-1c7a-4519-9e53-ced990fc5d88/downloads/kuniwuzujujurejovewo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465905/; classtype:trojan-activity;sid:84329005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465896)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/76236294804.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465896/; classtype:trojan-activity;sid:84328996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465897)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/pamolitix.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465897/; classtype:trojan-activity;sid:84328997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465898)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/42508658220.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465898/; classtype:trojan-activity;sid:84328998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465885)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sotax_at_xtend_user_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465885/; classtype:trojan-activity;sid:84328985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465886)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/wovivesapo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465886/; classtype:trojan-activity;sid:84328986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465888)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sample_consent_letter_from_husband_for_wife_to_travel.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465888/; classtype:trojan-activity;sid:84328988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465889)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/formulaire_renouvellement_titre_de_sejour_yvelines.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465889/; classtype:trojan-activity;sid:84328989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465891)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/98599689697.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465891/; classtype:trojan-activity;sid:84328991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465892)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/92007305293.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465892/; classtype:trojan-activity;sid:84328992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465893)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/duff_phelps_size_premium.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465893/; classtype:trojan-activity;sid:84328993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465881)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9213334f-b8c6-41b2-903d-dc8cc5791a0a/downloads/49429599069.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465881/; classtype:trojan-activity;sid:84328981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465882)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/22187922858.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465882/; classtype:trojan-activity;sid:84328982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465876)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/nafexasu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465876/; classtype:trojan-activity;sid:84328976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465878)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99401481523.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465878/; classtype:trojan-activity;sid:84328978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465879)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/harry_potter_ea_camara_secreta_ilustrado.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465879/; classtype:trojan-activity;sid:84328979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465870)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/all_gujarati_magazine.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465870/; classtype:trojan-activity;sid:84328970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465871)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/34103705134.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465871/; classtype:trojan-activity;sid:84328971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465872)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/nagpur_metro_phase_2_dpr.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465872/; classtype:trojan-activity;sid:84328972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465873)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/99406712648.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465873/; classtype:trojan-activity;sid:84328973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465874)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96d7062c-715f-4c9e-82c2-ac322bf04d1a/downloads/fawafep.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465874/; classtype:trojan-activity;sid:84328974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465875)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/28185631859.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465875/; classtype:trojan-activity;sid:84328975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465865)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/renamotoxuxesike.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465865/; classtype:trojan-activity;sid:84328965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465866)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/wixutazavadupiruzani.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465866/; classtype:trojan-activity;sid:84328966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465864)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/vixodamev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465864/; classtype:trojan-activity;sid:84328964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465852)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pulse_secure_network_error_1329.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465852/; classtype:trojan-activity;sid:84328952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465853)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/cibse_psychrometric_chart.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465853/; classtype:trojan-activity;sid:84328953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465857)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/citrix_adc_vpx_datasheet.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465857/; classtype:trojan-activity;sid:84328957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465847)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cac64821-2205-4248-abd9-55e775312c94/downloads/rosigamosusen.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465847/; classtype:trojan-activity;sid:84328947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465848)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/fosofiboma.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465848/; classtype:trojan-activity;sid:84328948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465850)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/600b6853-9b14-40c4-b9d1-c0a10f9ad1eb/downloads/mathematics_core_topics_sl.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465850/; classtype:trojan-activity;sid:84328950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465843)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6e0acf5f-e652-447e-8a3a-90dcb81c48ee/downloads/loan_cancellation_letter.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465843/; classtype:trojan-activity;sid:84328943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465844)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/workplace_printable_hurt_feelings_report.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465844/; classtype:trojan-activity;sid:84328944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465845)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zalekebi.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465845/; classtype:trojan-activity;sid:84328945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465833)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/58616986475.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465833/; classtype:trojan-activity;sid:84328933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465835)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/one_of_us_is_lying_character_quotes.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465835/; classtype:trojan-activity;sid:84328935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465839)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/jewuzikilodejosowar.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465839/; classtype:trojan-activity;sid:84328939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465825)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72fc6eb8-20de-4439-bced-6bfc7eecaa8e/downloads/bogev.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465825/; classtype:trojan-activity;sid:84328925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465826)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/58b13a51-176b-4b7e-ab1e-a0c84e7a5487/downloads/currency_market_mechanics_bmc_answers.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465826/; classtype:trojan-activity;sid:84328926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465827)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/018aefd4-3541-4598-a5c3-d0911ca60a82/downloads/asce_7-05_espanol_gratis.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465827/; classtype:trojan-activity;sid:84328927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465828)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tifunakarexefeguwitoda.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465828/; classtype:trojan-activity;sid:84328928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465829)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06a2cc2e-f4bb-4ca4-a0d9-71e2fc8b7812/downloads/molaxoxekex.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465829/; classtype:trojan-activity;sid:84328929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465830)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/iata_airport_handling_manual_2019_full.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465830/; classtype:trojan-activity;sid:84328930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465831)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c1bf3ae2-f6cc-4078-b639-2ff1ca0b62be/downloads/1172286111.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465831/; classtype:trojan-activity;sid:84328931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465832)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/euchre_score_sheets_for_16_players.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465832/; classtype:trojan-activity;sid:84328932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465820)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dungeon_crawl_classics.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465820/; classtype:trojan-activity;sid:84328920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465804)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/69904656893.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465804/; classtype:trojan-activity;sid:84328904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465806)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/emmaus_walk_letters_of_encouragement.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465806/; classtype:trojan-activity;sid:84328906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465809)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fc635392-61de-40bc-86f0-c9844fcf30fd/downloads/gramatica_portugues_brasil.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465809/; classtype:trojan-activity;sid:84328909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465814)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/647bfca3-c5f6-48a0-9ec3-35afde17c6e3/downloads/gamokul.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465814/; classtype:trojan-activity;sid:84328914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465815)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa284320-69aa-45db-92e2-86468d4beaf0/downloads/53174458267.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465815/; classtype:trojan-activity;sid:84328915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465795)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/nike_employee_benefits.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465795/; classtype:trojan-activity;sid:84328895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465798)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/97767745983.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465798/; classtype:trojan-activity;sid:84328898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465799)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/country_of_origin_letter_template.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465799/; classtype:trojan-activity;sid:84328899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465802)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/39834772333.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465802/; classtype:trojan-activity;sid:84328902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465790)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rofaruzev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465790/; classtype:trojan-activity;sid:84328890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465791)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/verismo_701_service_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465791/; classtype:trojan-activity;sid:84328891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465792)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rodudiniruzawame.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465792/; classtype:trojan-activity;sid:84328892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465785)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3c8f7a45-f68c-4369-8f63-be6429599400/downloads/butulanimirovubeve.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465785/; classtype:trojan-activity;sid:84328885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465786)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/gisewonivikamadoliwozuv.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465786/; classtype:trojan-activity;sid:84328886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465787)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d1335ae9-6401-4997-a89d-ffce5d766eb7/downloads/44332900662.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465787/; classtype:trojan-activity;sid:84328887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465779)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/nagano_keiki_km10.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465779/; classtype:trojan-activity;sid:84328879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465781)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/76488986948.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465781/; classtype:trojan-activity;sid:84328881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465782)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ac62f849-5623-435a-93ad-86e4d8edc83e/downloads/90625111849.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465782/; classtype:trojan-activity;sid:84328882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465772)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72445144906.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465772/; classtype:trojan-activity;sid:84328872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465773)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/wrightbus_streetlite_manual.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465773/; classtype:trojan-activity;sid:84328873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465776)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/waste_management_in_dubai.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465776/; classtype:trojan-activity;sid:84328876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465777)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/chevening_scholarship_reference_letter_sample.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465777/; classtype:trojan-activity;sid:84328877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465778)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/14409296375.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465778/; classtype:trojan-activity;sid:84328878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465766)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/unit_conversion_practice_problems.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465766/; classtype:trojan-activity;sid:84328866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465768)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/11197801286.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465768/; classtype:trojan-activity;sid:84328868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465769)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/41229957036.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465769/; classtype:trojan-activity;sid:84328869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465771)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/konujidav.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465771/; classtype:trojan-activity;sid:84328871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465760)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/burijuterapudupelirebi.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465760/; classtype:trojan-activity;sid:84328860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465761)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a85f54ee-11f7-4ab3-9970-dabd8f52d583/downloads/vowivovabafases.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465761/; classtype:trojan-activity;sid:84328861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465762)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/acb19439-02ad-48ae-a6e4-8c3bfce04694/downloads/32470708569.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465762/; classtype:trojan-activity;sid:84328862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465763)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xikesoxabafubuwepof.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465763/; classtype:trojan-activity;sid:84328863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465764)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/2251478862.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465764/; classtype:trojan-activity;sid:84328864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465765)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9d0d7648-4006-4e9a-bf4e-cd4f5c534844/downloads/socomec_ups_service_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465765/; classtype:trojan-activity;sid:84328865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465757)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6098867423.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465757/; classtype:trojan-activity;sid:84328857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465758)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_write_an_introduction_letter_to_an_embassy.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465758/; classtype:trojan-activity;sid:84328858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465755)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/38265042738.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465755/; classtype:trojan-activity;sid:84328855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465747)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/183feb73-c001-4172-a9c4-8aedcbb9c085/downloads/nosasasoxanuxoxazefuz.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465747/; classtype:trojan-activity;sid:84328847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465749)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gibekewelodi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465749/; classtype:trojan-activity;sid:84328849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465752)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/16395777837.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465752/; classtype:trojan-activity;sid:84328852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465753)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/jspdf_autotable_x_position.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465753/; classtype:trojan-activity;sid:84328853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465739)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/cerere_demisie_fara_preaviz.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465739/; classtype:trojan-activity;sid:84328839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465740)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0fde6049-38a2-402e-8604-5a56fc977486/downloads/request_letter_for_construction_bond_refund.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465740/; classtype:trojan-activity;sid:84328840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465741)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdd5ea6e-1f6b-4417-9fad-928f6d1c8a68/downloads/50_verbes_irreguliers_en_anglais.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465741/; classtype:trojan-activity;sid:84328841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465742)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/molecular_mass_of_elements_list.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465742/; classtype:trojan-activity;sid:84328842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465744)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/69278806631.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465744/; classtype:trojan-activity;sid:84328844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465735)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/nonisenokedevesuxumuk.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465735/; classtype:trojan-activity;sid:84328835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465729)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/mesoduwegotujowokikurixo.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465729/; classtype:trojan-activity;sid:84328829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465731)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_fill_up_deed_of_sale_of_motor_vehicle.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465731/; classtype:trojan-activity;sid:84328831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465724)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/33d2c907-2bf6-4426-875f-30dcfdd2ea6c/downloads/takeshi_amemiya_advanced_econometrics.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465724/; classtype:trojan-activity;sid:84328824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465725)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/paxakuvenu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465725/; classtype:trojan-activity;sid:84328825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465715)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51d0d552-51a2-4187-835e-597cbad426c9/downloads/astm_e2500.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465715/; classtype:trojan-activity;sid:84328815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465716)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/16407212514.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465716/; classtype:trojan-activity;sid:84328816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465717)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/mewivisonixapolivifit.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465717/; classtype:trojan-activity;sid:84328817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465718)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5778216d-14df-4dd7-ac4c-aefbb7c07c24/downloads/kugaduvekujewotaz.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465718/; classtype:trojan-activity;sid:84328818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465719)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tafanavevimewom.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465719/; classtype:trojan-activity;sid:84328819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465721)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lemowegigusazisalelupo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465721/; classtype:trojan-activity;sid:84328821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465722)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5add4dbc-ec7d-4010-9077-0d95eef82ba1/downloads/64293794102.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465722/; classtype:trojan-activity;sid:84328822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465723)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a7c970be-6487-407b-ae67-0318aa6bed96/downloads/19932307165.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465723/; classtype:trojan-activity;sid:84328823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465709)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/lowasa.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465709/; classtype:trojan-activity;sid:84328809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465710)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/19999334835.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465710/; classtype:trojan-activity;sid:84328810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465711)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/921a43a6-1495-4d95-bdb1-69b79162b826/downloads/13397059696.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465711/; classtype:trojan-activity;sid:84328811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465714)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b3cb2fd2-80cf-4497-9966-46f7699e136d/downloads/kovajive.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465714/; classtype:trojan-activity;sid:84328814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465707)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/49bbfdeb-576f-4f20-b756-96ff9c705013/downloads/96422280236.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465707/; classtype:trojan-activity;sid:84328807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465708)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/imo_dangerous_goods_declaration_example.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465708/; classtype:trojan-activity;sid:84328808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465703)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/88847399269.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465703/; classtype:trojan-activity;sid:84328803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465704)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdb9e382-acbe-48dd-9722-c531572d81a1/downloads/pugalisamelifakebage.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465704/; classtype:trojan-activity;sid:84328804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465697)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/89463890604.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465697/; classtype:trojan-activity;sid:84328797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465699)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/lotumajufinunixine.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465699/; classtype:trojan-activity;sid:84328799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465701)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d9951c46-77aa-4ac5-b843-be02d4be2067/downloads/50826134191.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465701/; classtype:trojan-activity;sid:84328801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465702)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kasupobuwomubafujos.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465702/; classtype:trojan-activity;sid:84328802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465691)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/jotepebuzixulelomizo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465691/; classtype:trojan-activity;sid:84328791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465692)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/83320615193.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465692/; classtype:trojan-activity;sid:84328792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465693)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/radix_temperature_controller_x_48_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465693/; classtype:trojan-activity;sid:84328793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465694)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/24a9af23-a9c8-45b6-80f8-335651f17510/downloads/96094090900.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465694/; classtype:trojan-activity;sid:84328794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465695)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/22a15b49-22b8-4edf-a855-4e76194b4aaf/downloads/97812412729.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465695/; classtype:trojan-activity;sid:84328795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465685)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/lizaputasu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465685/; classtype:trojan-activity;sid:84328785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465679)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/boxikijefedajexufesibul.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465679/; classtype:trojan-activity;sid:84328779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465680)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11012613986.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465680/; classtype:trojan-activity;sid:84328780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465682)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bucharest_grill_nutrition_information.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465682/; classtype:trojan-activity;sid:84328782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465683)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3844a76d-a274-4a3a-ad7f-2943a29e37b3/downloads/lezopidigusaraten.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465683/; classtype:trojan-activity;sid:84328783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465675)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/guia_para_ingresar_al_bachillerato_conamat.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465675/; classtype:trojan-activity;sid:84328775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465678)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/robaziromumeborumapix.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465678/; classtype:trojan-activity;sid:84328778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465671)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/5252998215.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465671/; classtype:trojan-activity;sid:84328771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465672)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/36758652154.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465672/; classtype:trojan-activity;sid:84328772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465673)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/73577237968.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465673/; classtype:trojan-activity;sid:84328773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465657)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/louison_et_monsieur_moliere_resume.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465657/; classtype:trojan-activity;sid:84328757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465660)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a03fd264-622c-49da-819e-92c49cdd5e2b/downloads/xovifubakuforij.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465660/; classtype:trojan-activity;sid:84328760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465663)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rupesiduvunimekesozo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465663/; classtype:trojan-activity;sid:84328763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465664)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/special_forces_knife_techniques.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465664/; classtype:trojan-activity;sid:84328764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465665)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/90645579432.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465665/; classtype:trojan-activity;sid:84328765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465666)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/6130931006.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465666/; classtype:trojan-activity;sid:84328766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465667)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/camp_green_lake.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465667/; classtype:trojan-activity;sid:84328767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465668)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/478a916a-56a8-445d-9eb0-b1a280ba537b/downloads/27628335796.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465668/; classtype:trojan-activity;sid:84328768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465655)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/eating_questionnaire-_a_ede-a_scoring.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465655/; classtype:trojan-activity;sid:84328755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465652)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/myer_victor_sewing_machine_manual.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465652/; classtype:trojan-activity;sid:84328752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465647)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/jorejujavupu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465647/; classtype:trojan-activity;sid:84328747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465648)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41fa09f3-79bd-43c0-909a-d1a20c3cb7f6/downloads/attestation_sur_l_honneur_de_non_ressources.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465648/; classtype:trojan-activity;sid:84328748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465649)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/eb7f2f0c-e896-4e47-abeb-a05a47b6dcff/downloads/37569138292.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465649/; classtype:trojan-activity;sid:84328749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465630)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/98482064700.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465630/; classtype:trojan-activity;sid:84328730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465631)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/83364999300.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465631/; classtype:trojan-activity;sid:84328731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465632)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/records_of_declaration_disbursements_division.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465632/; classtype:trojan-activity;sid:84328732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465633)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6084bd9-50ce-4d5f-82c5-bb685cd57a0d/downloads/mdsap_audit_checklist.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465633/; classtype:trojan-activity;sid:84328733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465635)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/jaziz.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465635/; classtype:trojan-activity;sid:84328735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465636)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a74441e7-424c-4454-9bc5-28c3682f6c16/downloads/jupifevaperoziput.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465636/; classtype:trojan-activity;sid:84328736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465637)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f778edfd-e481-47d7-9553-9364d433dcaf/downloads/morningstar_andex_chart_2022.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465637/; classtype:trojan-activity;sid:84328737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465638)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cabcb3ce-a861-487f-a172-56f4b47cbc63/downloads/nilefovidigutozezosanuz.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465638/; classtype:trojan-activity;sid:84328738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465640)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/39892598323.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465640/; classtype:trojan-activity;sid:84328740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465641)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/00810c7d-a901-42bd-b2e3-20945a4ad8cb/downloads/wimorawezabizu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465641/; classtype:trojan-activity;sid:84328741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465642)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/viduwe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465642/; classtype:trojan-activity;sid:84328742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465643)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a1b48068-f219-4487-b633-0ea4f25dfa5f/downloads/57025089155.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465643/; classtype:trojan-activity;sid:84328743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465625)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/00490ec0-0f24-4e25-91e3-8e5bedec5e60/downloads/woxudinawonetunogidubi.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465625/; classtype:trojan-activity;sid:84328725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465626)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/16984198490.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465626/; classtype:trojan-activity;sid:84328726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465622)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/33bb6cfc-294d-4317-8afb-5d34ed60ffe6/downloads/20222176664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465622/; classtype:trojan-activity;sid:84328722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465618)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/72454635563.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465618/; classtype:trojan-activity;sid:84328718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465621)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pisaxafubavofi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465621/; classtype:trojan-activity;sid:84328721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465613)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/catastrophic_disaster_area_property_inspection_report.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465613/; classtype:trojan-activity;sid:84328713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465615)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/citadel_document_solutions_lawsuit.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465615/; classtype:trojan-activity;sid:84328715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465607)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fumaxogufav.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465607/; classtype:trojan-activity;sid:84328707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465610)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kigepobesewizijipakusafal.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465610/; classtype:trojan-activity;sid:84328710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465600)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tabuas_sumerias_traduzidas.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465600/; classtype:trojan-activity;sid:84328700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465603)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/17054728623.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465603/; classtype:trojan-activity;sid:84328703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465604)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/678cd2ef-32fa-4621-9c35-e4f34096b4ea/downloads/airbus_cml.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465604/; classtype:trojan-activity;sid:84328704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465605)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/3730146334.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465605/; classtype:trojan-activity;sid:84328705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465606)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36770579775.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465606/; classtype:trojan-activity;sid:84328706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465594)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/luxodebapiruwuneragomugef.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465594/; classtype:trojan-activity;sid:84328694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465598)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/87554570559.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465598/; classtype:trojan-activity;sid:84328698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465599)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fff11fc4-91ee-4c26-ab94-6b71630d2bb1/downloads/resignation_letter_sample_for_bpo_company.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465599/; classtype:trojan-activity;sid:84328699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465586)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/84675915071.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465586/; classtype:trojan-activity;sid:84328686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465588)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/17a8127f-1a20-4f1c-a234-ba1b1a8873f5/downloads/90572854820.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465588/; classtype:trojan-activity;sid:84328688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465589)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/78534035283.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465589/; classtype:trojan-activity;sid:84328689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465590)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wudofe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465590/; classtype:trojan-activity;sid:84328690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465592)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/glassman_high_voltage_series_eq_manual.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465592/; classtype:trojan-activity;sid:84328692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465593)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/57653563602.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465593/; classtype:trojan-activity;sid:84328693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465585)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/343166b6-b38d-45a3-a768-806295759a1d/downloads/vatemunubiserotogurozem.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465585/; classtype:trojan-activity;sid:84328685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465582)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/simamutozudolejezeze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465582/; classtype:trojan-activity;sid:84328682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465583)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a8a7b266-73df-492a-af50-f7d9f90e0e6d/downloads/salesforce_community_developer_guide.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465583/; classtype:trojan-activity;sid:84328683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465572)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/zepojekowokevi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465572/; classtype:trojan-activity;sid:84328672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465573)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2cd8ef37-3f02-4d83-b132-5400b0b21173/downloads/can_sins_be_forgiven_in_hinduism.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465573/; classtype:trojan-activity;sid:84328673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465574)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9390f2de-e8f5-48e5-8f1b-3aa5affb2913/downloads/ra_to_surface_finish.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465574/; classtype:trojan-activity;sid:84328674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465577)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/holman_enterprises_annual_report.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465577/; classtype:trojan-activity;sid:84328677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465551)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/chiller_factory_acceptance_test_checklist_template.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465551/; classtype:trojan-activity;sid:84328651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465552)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7913e2d4-0776-44f0-af91-53eb35e22f50/downloads/broken_sous_ta_peau_2_ekladata.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465552/; classtype:trojan-activity;sid:84328652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465553)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/lujipipatemajipurozurile.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465553/; classtype:trojan-activity;sid:84328653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465554)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/sottoindicato_o_sotto_indicato_treccani.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465554/; classtype:trojan-activity;sid:84328654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465555)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62fde782-5483-4905-a6da-12e04ab1250b/downloads/38559734752.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465555/; classtype:trojan-activity;sid:84328655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465556)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dfa50dfd-b675-4866-b542-d79684ac1045/downloads/28769720040.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465556/; classtype:trojan-activity;sid:84328656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465557)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/formato_st-4_imss_para_imprimir.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465557/; classtype:trojan-activity;sid:84328657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465558)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/adfd48e6-08dc-41dd-a2a1-45489e329c75/downloads/attestation_de_non_affiliation_cnas.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465558/; classtype:trojan-activity;sid:84328658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465559)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tosca_automation_specialist_level_2_certification_questions_.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465559/; classtype:trojan-activity;sid:84328659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465560)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/how_to_factory_reset_verifone_mx915.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465560/; classtype:trojan-activity;sid:84328660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465561)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/frm_part_2_schweser_quicksheet.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465561/; classtype:trojan-activity;sid:84328661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465562)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/incucyte_s3_user_guide.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465562/; classtype:trojan-activity;sid:84328662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465563)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/lean_visual_management_board_examples.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465563/; classtype:trojan-activity;sid:84328663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465564)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/1567746722.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465564/; classtype:trojan-activity;sid:84328664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465565)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/xujudodavudejeb.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465565/; classtype:trojan-activity;sid:84328665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465566)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/situation_denonciation_coupe_ou_ancre_exercices_corriges.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465566/; classtype:trojan-activity;sid:84328666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465567)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wikuzidip.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465567/; classtype:trojan-activity;sid:84328667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465568)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/87185669225.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465568/; classtype:trojan-activity;sid:84328668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465569)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/likibixeve.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465569/; classtype:trojan-activity;sid:84328669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465570)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/exsilentia_4._0_user_guide.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465570/; classtype:trojan-activity;sid:84328670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465571)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/586b3ef6-c9db-4d1a-a9eb-303f942e21fa/downloads/55359157176.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465571/; classtype:trojan-activity;sid:84328671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465210)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kjjvh1muhjrkrzbajjlzjfawyi0zvxc1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465210/; classtype:trojan-activity;sid:84328310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464706)"; flow:established,from_client; content:"GET"; http_method; content:"/down/wupiao.3987.com.rar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"forspeed.onlinedown.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464706/; classtype:trojan-activity;sid:84327806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.151.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464361/; classtype:trojan-activity;sid:84327461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.52.36.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463546/; classtype:trojan-activity;sid:84326646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463509)"; flow:established,from_client; content:"GET"; http_method; content:"/up/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"blessdayservices.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463509/; classtype:trojan-activity;sid:84326609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463480)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"admin.gestroom.it"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463480/; classtype:trojan-activity;sid:84326580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463481)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"test.peperoncinochepassione.it"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463481/; classtype:trojan-activity;sid:84326581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463482)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"first-security-verden.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463482/; classtype:trojan-activity;sid:84326582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463470)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.first-security-verden.de"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463470/; classtype:trojan-activity;sid:84326570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463472)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"zamilgroups.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463472/; classtype:trojan-activity;sid:84326572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463459)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.website.mypetapp.co.za"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463459/; classtype:trojan-activity;sid:84326559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463446)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.bratusferramentas.grupomoltz.com.br"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463446/; classtype:trojan-activity;sid:84326546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463437)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"website.mypetapp.co.za"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463437/; classtype:trojan-activity;sid:84326537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463426)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"bmdcompany.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463426/; classtype:trojan-activity;sid:84326526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463430)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.zamilgroups.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463430/; classtype:trojan-activity;sid:84326530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463422)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.test.peperoncinochepassione.it"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463422/; classtype:trojan-activity;sid:84326522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463367)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.146.62.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463367/; classtype:trojan-activity;sid:84326467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463364)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.146.62.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463364/; classtype:trojan-activity;sid:84326464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462395)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64n32"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462395/; classtype:trojan-activity;sid:84325495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462396)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpce500mc"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462396/; classtype:trojan-activity;sid:84325496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462397)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462397/; classtype:trojan-activity;sid:84325497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462398)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc440fp"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462398/; classtype:trojan-activity;sid:84325498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arcle750d"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462399/; classtype:trojan-activity;sid:84325499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64e5500"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462400/; classtype:trojan-activity;sid:84325500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpce300c3"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462401/; classtype:trojan-activity;sid:84325501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arclehs38"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462402/; classtype:trojan-activity;sid:84325502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462403/; classtype:trojan-activity;sid:84325503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.riscv32"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462404/; classtype:trojan-activity;sid:84325504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64power8"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462405/; classtype:trojan-activity;sid:84325505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64lepower8"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462406/; classtype:trojan-activity;sid:84325506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462407/; classtype:trojan-activity;sid:84325507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sparc64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462408/; classtype:trojan-activity;sid:84325508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.aarch64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462409/; classtype:trojan-activity;sid:84325509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.riscv64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462410/; classtype:trojan-activity;sid:84325510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462411)"; flow:established,from_client; content:"GET"; http_method; content:"/dl1001"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462411/; classtype:trojan-activity;sid:84325511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.sparc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462412/; classtype:trojan-activity;sid:84325512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462413/; classtype:trojan-activity;sid:84325513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462414/; classtype:trojan-activity;sid:84325514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462415)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.powerpc64e6500"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462415/; classtype:trojan-activity;sid:84325515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462416)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.aarch64be"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462416/; classtype:trojan-activity;sid:84325516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64len32"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462417/; classtype:trojan-activity;sid:84325517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462418)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462418/; classtype:trojan-activity;sid:84325518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462419)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.armv5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462419/; classtype:trojan-activity;sid:84325519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461771)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin2.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461771/; classtype:trojan-activity;sid:84324871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461769)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin1.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461769/; classtype:trojan-activity;sid:84324869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461770)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin2.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461770/; classtype:trojan-activity;sid:84324870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461768)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin3.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461768/; classtype:trojan-activity;sid:84324868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461767)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin1.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461767/; classtype:trojan-activity;sid:84324867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461763)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin3.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461763/; classtype:trojan-activity;sid:84324863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461663)"; flow:established,from_client; content:"GET"; http_method; content:"/robertdavidgraham/masscan/zip/refs/heads/master"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461663/; classtype:trojan-activity;sid:84324763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461661)"; flow:established,from_client; content:"GET"; http_method; content:"/robertdavidgraham/masscan/archive/refs/heads/master.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461661/; classtype:trojan-activity;sid:84324761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461597)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461597/; classtype:trojan-activity;sid:84324697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461595)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461595/; classtype:trojan-activity;sid:84324695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461596)"; flow:established,from_client; content:"GET"; http_method; content:"/x/irq1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461596/; classtype:trojan-activity;sid:84324696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461590)"; flow:established,from_client; content:"GET"; http_method; content:"/x/2sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461590/; classtype:trojan-activity;sid:84324690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461591)"; flow:established,from_client; content:"GET"; http_method; content:"/x/pty"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461591/; classtype:trojan-activity;sid:84324691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461592)"; flow:established,from_client; content:"GET"; http_method; content:"/x/1sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461592/; classtype:trojan-activity;sid:84324692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461593)"; flow:established,from_client; content:"GET"; http_method; content:"/x/3sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"61.215.151.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461593/; classtype:trojan-activity;sid:84324693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460167)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460167/; classtype:trojan-activity;sid:84323267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.62.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460149/; classtype:trojan-activity;sid:84323249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460000)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uxmu02r04iaslsrsh9quahzfsvq3tozm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460000/; classtype:trojan-activity;sid:84323100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3459513)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"8.217.202.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3459513/; classtype:trojan-activity;sid:84322613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452200)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.62.202.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452200/; classtype:trojan-activity;sid:84315300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451985)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/a147182cc7fab317ca1d96d380f536cb/skidmore1987.pdf"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3451985/; classtype:trojan-activity;sid:84315085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.132.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_24; reference:url, urlhaus.abuse.ch/url/3451116/; classtype:trojan-activity;sid:84314216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450176)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/putty.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"book.rollingvideogames.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450176/; classtype:trojan-activity;sid:84313276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450147)"; flow:established,from_client; content:"GET"; http_method; content:"/loveryajenja/lwafmwoafmw11/raw/refs/heads/main/install.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450147/; classtype:trojan-activity;sid:84313247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.248.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449986/; classtype:trojan-activity;sid:84313086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449955)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.162.206.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449955/; classtype:trojan-activity;sid:84313055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.236.133.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448910/; classtype:trojan-activity;sid:84312010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3448167)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/a4a27c4e516fb1d80cd91f413c7599f3/soravit2012.pdf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_22; reference:url, urlhaus.abuse.ch/url/3448167/; classtype:trojan-activity;sid:84311267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64le"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447679/; classtype:trojan-activity;sid:84310779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.42.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447681/; classtype:trojan-activity;sid:84310781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.i586"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447670/; classtype:trojan-activity;sid:84310770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm8x64_be"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447671/; classtype:trojan-activity;sid:84310771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447672/; classtype:trojan-activity;sid:84310772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.arm8x64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447673/; classtype:trojan-activity;sid:84310773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mipsle"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447674/; classtype:trojan-activity;sid:84310774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447675/; classtype:trojan-activity;sid:84310775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.mips64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447676/; classtype:trojan-activity;sid:84310776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/whisper.x64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447677/; classtype:trojan-activity;sid:84310777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447466)"; flow:established,from_client; content:"GET"; http_method; content:"/laurenxss/36b18f37163aaa04654bd21e98d1b842/raw/dca82ba88fae8788a48ffb529f9610a0cc209781/x"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447466/; classtype:trojan-activity;sid:84310566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447458)"; flow:established,from_client; content:"GET"; http_method; content:"/sena1.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447458/; classtype:trojan-activity;sid:84310558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447456)"; flow:established,from_client; content:"GET"; http_method; content:"/manga1.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447456/; classtype:trojan-activity;sid:84310556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447457)"; flow:established,from_client; content:"GET"; http_method; content:"/colheita1.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447457/; classtype:trojan-activity;sid:84310557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447444)"; flow:established,from_client; content:"GET"; http_method; content:"/imnddhs/rainbow.jpg"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"parmisbuilding.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447444/; classtype:trojan-activity;sid:84310544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446661)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446661/; classtype:trojan-activity;sid:84309761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446653)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446653/; classtype:trojan-activity;sid:84309753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446649)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446649/; classtype:trojan-activity;sid:84309749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446449)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.206.188.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446449/; classtype:trojan-activity;sid:84309549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.44.75.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446416/; classtype:trojan-activity;sid:84309516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445854)"; flow:established,from_client; content:"GET"; http_method; content:"/coracion1.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vaamsmgfreocmroe-1342087530.cos.sa-saopaulo.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3445854/; classtype:trojan-activity;sid:84308954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445431)"; flow:established,from_client; content:"GET"; http_method; content:"/data/df4a3196-accc-423a-a43b-6768f1aafd3e.pdf"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"hotelembuguacu.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445431/; classtype:trojan-activity;sid:84308531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445438)"; flow:established,from_client; content:"GET"; http_method; content:"/data/f6416fd0-71f3-45de-8c79-3d0e7281f124.pdf"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"hotelembuguacu.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445438/; classtype:trojan-activity;sid:84308538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445423)"; flow:established,from_client; content:"GET"; http_method; content:"/documento.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"detail-booking.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445423/; classtype:trojan-activity;sid:84308523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.91.204.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445302/; classtype:trojan-activity;sid:84308402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444519)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444519/; classtype:trojan-activity;sid:84307619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444509)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444509/; classtype:trojan-activity;sid:84307609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444510)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444510/; classtype:trojan-activity;sid:84307610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444511)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444511/; classtype:trojan-activity;sid:84307611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444512)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444512/; classtype:trojan-activity;sid:84307612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444513)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444513/; classtype:trojan-activity;sid:84307613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444514)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444514/; classtype:trojan-activity;sid:84307614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444515)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444515/; classtype:trojan-activity;sid:84307615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444516)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444516/; classtype:trojan-activity;sid:84307616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444517)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444517/; classtype:trojan-activity;sid:84307617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444518)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444518/; classtype:trojan-activity;sid:84307618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444508)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444508/; classtype:trojan-activity;sid:84307608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444506)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"205.185.115.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444506/; classtype:trojan-activity;sid:84307606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444507)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/refs/heads/main/d.msi"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444507/; classtype:trojan-activity;sid:84307607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444326)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.115.236.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444326/; classtype:trojan-activity;sid:84307426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444279)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.206.188.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444279/; classtype:trojan-activity;sid:84307379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444267)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/raw/refs/heads/main/d.msi"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444267/; classtype:trojan-activity;sid:84307367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443831)"; flow:established,from_client; content:"GET"; http_method; content:"/okfgjrg5d8gt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3443831/; classtype:trojan-activity;sid:84306931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443410)"; flow:established,from_client; content:"GET"; http_method; content:"/hkuu/down.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hkuu.oss-cn-hongkong.aliyuncs.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443410/; classtype:trojan-activity;sid:84306510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443408)"; flow:established,from_client; content:"GET"; http_method; content:"/hkuu/tasloginbase.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"hkuu.oss-cn-hongkong.aliyuncs.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443408/; classtype:trojan-activity;sid:84306508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443355)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.248.3.202.ll.sta.mana.pf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443355/; classtype:trojan-activity;sid:84306455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443354)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.248.3.202.ll.sta.mana.pf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443354/; classtype:trojan-activity;sid:84306454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99-118-215-24.lightspeed.irvnca.sbcglobal.net"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443353/; classtype:trojan-activity;sid:84306453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443350)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"host-95-230-215-65.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443350/; classtype:trojan-activity;sid:84306450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.159.152.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443221/; classtype:trojan-activity;sid:84306321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443193)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"172.250.238.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443193/; classtype:trojan-activity;sid:84306293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442712)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/cabalmain.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442712/; classtype:trojan-activity;sid:84305812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442703)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/update.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442703/; classtype:trojan-activity;sid:84305803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442701)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/cabal.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442701/; classtype:trojan-activity;sid:84305801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442616)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/cabalmain.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442616/; classtype:trojan-activity;sid:84305716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442232)"; flow:established,from_client; content:"GET"; http_method; content:"/build.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442232/; classtype:trojan-activity;sid:84305332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442233)"; flow:established,from_client; content:"GET"; http_method; content:"/build.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442233/; classtype:trojan-activity;sid:84305333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442198)"; flow:established,from_client; content:"GET"; http_method; content:"/xxxx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442198/; classtype:trojan-activity;sid:84305298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442196)"; flow:established,from_client; content:"GET"; http_method; content:"/ffff"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442196/; classtype:trojan-activity;sid:84305296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442197)"; flow:established,from_client; content:"GET"; http_method; content:"/asdf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442197/; classtype:trojan-activity;sid:84305297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442195)"; flow:established,from_client; content:"GET"; http_method; content:"/libmod_hellocpp_42.so"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442195/; classtype:trojan-activity;sid:84305295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442091)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/c8ab945ac1a0ab1d3c22616f6babff1a/sorahan1984.pdf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442091/; classtype:trojan-activity;sid:84305191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.122.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441890/; classtype:trojan-activity;sid:84304990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.200.25.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441868/; classtype:trojan-activity;sid:84304968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.194.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441869/; classtype:trojan-activity;sid:84304969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441864/; classtype:trojan-activity;sid:84304964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441724)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/cabal.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441724/; classtype:trojan-activity;sid:84304824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.184.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440604/; classtype:trojan-activity;sid:84303704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.140.113.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439965/; classtype:trojan-activity;sid:84303065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3439088)"; flow:established,from_client; content:"GET"; http_method; content:"/6107/8404c3d00d8aee946bdf1c140c904799/sorandaru2016.pdf"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_02_14; reference:url, urlhaus.abuse.ch/url/3439088/; classtype:trojan-activity;sid:84302188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438640)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.24.64.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438640/; classtype:trojan-activity;sid:84301740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438591)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438591/; classtype:trojan-activity;sid:84301691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438594)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438594/; classtype:trojan-activity;sid:84301694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.9.25.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438572/; classtype:trojan-activity;sid:84301672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.44.174.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437561/; classtype:trojan-activity;sid:84300661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437118)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/adonis/pure_adonis"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437118/; classtype:trojan-activity;sid:84300218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437119)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/jnd/pure_jnd"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437119/; classtype:trojan-activity;sid:84300219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437116)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/adonis/all_adonis"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437116/; classtype:trojan-activity;sid:84300216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437117)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/pure_bean"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437117/; classtype:trojan-activity;sid:84300217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437115)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/all_bean"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437115/; classtype:trojan-activity;sid:84300215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437114)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/jnd/jnd_all"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437114/; classtype:trojan-activity;sid:84300214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435167)"; flow:established,from_client; content:"GET"; http_method; content:"/iluxa94/-3-/refs/heads/main/%d0%a4%d0%be%d1%80%d0%bc%d0%b0%203%d0%9e%d0%a8%d0%91%d0%a0.exe"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435167/; classtype:trojan-activity;sid:84298267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435170)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435170/; classtype:trojan-activity;sid:84298270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435143)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"101.32.40.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435143/; classtype:trojan-activity;sid:84298243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435084/; classtype:trojan-activity;sid:84298184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.122.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433363/; classtype:trojan-activity;sid:84296463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.31.8.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433357/; classtype:trojan-activity;sid:84296457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.168.9.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433346/; classtype:trojan-activity;sid:84296446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432311)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.204.104.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432311/; classtype:trojan-activity;sid:84295411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432127)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432127/; classtype:trojan-activity;sid:84295227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431851)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/all_bean"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431851/; classtype:trojan-activity;sid:84294951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431850)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/pure_bean"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431850/; classtype:trojan-activity;sid:84294950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431687)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431687/; classtype:trojan-activity;sid:84294787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431686)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431686/; classtype:trojan-activity;sid:84294786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431452)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.201.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431452/; classtype:trojan-activity;sid:84294552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431386)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.236.175.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431386/; classtype:trojan-activity;sid:84294486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431377)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.94.61"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431377/; classtype:trojan-activity;sid:84294477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431378)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431378/; classtype:trojan-activity;sid:84294478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3430225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.54.47.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3430225/; classtype:trojan-activity;sid:84293325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429885)"; flow:established,from_client; content:"GET"; http_method; content:"/1/test.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ofice365.github.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429885/; classtype:trojan-activity;sid:84292985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429793)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"d2314eac.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429793/; classtype:trojan-activity;sid:84292893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429404)"; flow:established,from_client; content:"GET"; http_method; content:"/earm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429404/; classtype:trojan-activity;sid:84292504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429405)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/emips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429405/; classtype:trojan-activity;sid:84292505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429406)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429406/; classtype:trojan-activity;sid:84292506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429402)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429402/; classtype:trojan-activity;sid:84292502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429403)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429403/; classtype:trojan-activity;sid:84292503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429401)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/emips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429401/; classtype:trojan-activity;sid:84292501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429398)"; flow:established,from_client; content:"GET"; http_method; content:"/earm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429398/; classtype:trojan-activity;sid:84292498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429399)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429399/; classtype:trojan-activity;sid:84292499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429400)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/ex86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429400/; classtype:trojan-activity;sid:84292500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429390)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/empsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429390/; classtype:trojan-activity;sid:84292490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429391)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/empsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429391/; classtype:trojan-activity;sid:84292491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429392)"; flow:established,from_client; content:"GET"; http_method; content:"/ex86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429392/; classtype:trojan-activity;sid:84292492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429393)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429393/; classtype:trojan-activity;sid:84292493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429395)"; flow:established,from_client; content:"GET"; http_method; content:"/earm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429395/; classtype:trojan-activity;sid:84292495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429396)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429396/; classtype:trojan-activity;sid:84292496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429397)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/earm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429397/; classtype:trojan-activity;sid:84292497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429386)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/earm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429386/; classtype:trojan-activity;sid:84292486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429387)"; flow:established,from_client; content:"GET"; http_method; content:"/emips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429387/; classtype:trojan-activity;sid:84292487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429388)"; flow:established,from_client; content:"GET"; http_method; content:"/earm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429388/; classtype:trojan-activity;sid:84292488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429389)"; flow:established,from_client; content:"GET"; http_method; content:"/dvrlocker"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429389/; classtype:trojan-activity;sid:84292489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429384)"; flow:established,from_client; content:"GET"; http_method; content:"/empsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429384/; classtype:trojan-activity;sid:84292484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429385)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor/ex86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"81.70.85.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429385/; classtype:trojan-activity;sid:84292485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.160.234.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429312/; classtype:trojan-activity;sid:84292412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.72.2.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428055/; classtype:trojan-activity;sid:84291155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.100.115.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425847/; classtype:trojan-activity;sid:84288947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3425829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.168.123.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_03; reference:url, urlhaus.abuse.ch/url/3425829/; classtype:trojan-activity;sid:84288929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.175.139.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424483/; classtype:trojan-activity;sid:84287583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.41.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423102/; classtype:trojan-activity;sid:84286202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421183)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/xsh.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421183/; classtype:trojan-activity;sid:84284283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421027)"; flow:established,from_client; content:"GET"; http_method; content:"/sigmaplus/4.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421027/; classtype:trojan-activity;sid:84284127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421026)"; flow:established,from_client; content:"GET"; http_method; content:"/tylermt99/zzzaaa/refs/heads/main/built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421026/; classtype:trojan-activity;sid:84284126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421014)"; flow:established,from_client; content:"GET"; http_method; content:"/assignment.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421014/; classtype:trojan-activity;sid:84284114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421020)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/emmetprod.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.147.43.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421020/; classtype:trojan-activity;sid:84284120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.119.133.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420539/; classtype:trojan-activity;sid:84283639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419575)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/raw/refs/heads/main/server1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419575/; classtype:trojan-activity;sid:84282675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419559)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/raw/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419559/; classtype:trojan-activity;sid:84282659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419560)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419560/; classtype:trojan-activity;sid:84282660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419566)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419566/; classtype:trojan-activity;sid:84282666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419570)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419570/; classtype:trojan-activity;sid:84282670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419487)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/raw/refs/heads/main/testingfile.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419487/; classtype:trojan-activity;sid:84282587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419474)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/raw/refs/heads/main/client-built.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419474/; classtype:trojan-activity;sid:84282574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419477)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419477/; classtype:trojan-activity;sid:84282577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419464)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/raw/refs/heads/main/sentil.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419464/; classtype:trojan-activity;sid:84282564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419368)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419368/; classtype:trojan-activity;sid:84282468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418042)"; flow:established,from_client; content:"GET"; http_method; content:"/cab/launcherloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.newkey.co.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418042/; classtype:trojan-activity;sid:84281142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.141.166.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417860/; classtype:trojan-activity;sid:84280960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417840)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.109.0.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417840/; classtype:trojan-activity;sid:84280940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417826)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.250.173.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417826/; classtype:trojan-activity;sid:84280926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417095)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1t9mwfr1azhmksosp19tomch5dyi3hb2n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417095/; classtype:trojan-activity;sid:84280195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417085)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417085/; classtype:trojan-activity;sid:84280185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416672/; classtype:trojan-activity;sid:84279772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416673/; classtype:trojan-activity;sid:84279773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416674/; classtype:trojan-activity;sid:84279774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.222.178.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415318/; classtype:trojan-activity;sid:84278418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415308/; classtype:trojan-activity;sid:84278408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415209)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415209/; classtype:trojan-activity;sid:84278309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415207)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat4.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415207/; classtype:trojan-activity;sid:84278307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415206)"; flow:established,from_client; content:"GET"; http_method; content:"/gmex.dll"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415206/; classtype:trojan-activity;sid:84278306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.155.92.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414036/; classtype:trojan-activity;sid:84277136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.206.216.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412918/; classtype:trojan-activity;sid:84276018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.102.166.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411900/; classtype:trojan-activity;sid:84275000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3411863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.39.139.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3411863/; classtype:trojan-activity;sid:84274963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410868)"; flow:established,from_client; content:"GET"; http_method; content:"/helps/helphelp1207/helps.hta"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"tests.yjzj.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410868/; classtype:trojan-activity;sid:84273968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410864)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/blob/master/access.exe|3f|raw=true"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410864/; classtype:trojan-activity;sid:84273964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410865)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/raw/refs/heads/master/access.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410865/; classtype:trojan-activity;sid:84273965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410718)"; flow:established,from_client; content:"GET"; http_method; content:"/cos"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ah-scanning.oss-cn-hongkong.aliyuncs.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410718/; classtype:trojan-activity;sid:84273818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410375)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410375/; classtype:trojan-activity;sid:84273475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409838)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/refs/heads/master/access.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409838/; classtype:trojan-activity;sid:84272938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.196.45.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407395/; classtype:trojan-activity;sid:84270495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3407386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.44.77.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3407386/; classtype:trojan-activity;sid:84270486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406818)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%a7%ac%ec%9b%a8%ec%96%b4.hta"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406818/; classtype:trojan-activity;sid:84269918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406822)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%b9%8c%ec%96%b4%20%eb%a8%b9%ec%9d%84.hta"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406822/; classtype:trojan-activity;sid:84269922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406468)"; flow:established,from_client; content:"GET"; http_method; content:"/journal-article/30343922aca0fb8e53340406c2d9339d/sora2012.pdf"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406468/; classtype:trojan-activity;sid:84269568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405423)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.141.166.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_19; reference:url, urlhaus.abuse.ch/url/3405423/; classtype:trojan-activity;sid:84268523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405341)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"14.29.160.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405341/; classtype:trojan-activity;sid:84268441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405330)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.109.0.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405330/; classtype:trojan-activity;sid:84268430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405320)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405320/; classtype:trojan-activity;sid:84268420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405323/; classtype:trojan-activity;sid:84268423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405324)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405324/; classtype:trojan-activity;sid:84268424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405329)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.54.96.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405329/; classtype:trojan-activity;sid:84268429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405319)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405319/; classtype:trojan-activity;sid:84268419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405140)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.215.129.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405140/; classtype:trojan-activity;sid:84268240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405120)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.20.19.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405120/; classtype:trojan-activity;sid:84268220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403380)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/refs/heads/main/payload.bin"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403380/; classtype:trojan-activity;sid:84266480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402741)"; flow:established,from_client; content:"GET"; http_method; content:"/adobepdf-reader/pdf-reader/raw/refs/heads/main/pdf%20reader.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402741/; classtype:trojan-activity;sid:84265841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.86.182.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402157/; classtype:trojan-activity;sid:84265257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.6.203"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402154/; classtype:trojan-activity;sid:84265254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.152.45.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402136/; classtype:trojan-activity;sid:84265236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.252.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402128/; classtype:trojan-activity;sid:84265228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401644)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/wpr-addons/forms/code1.png"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"107.180.89.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401644/; classtype:trojan-activity;sid:84264744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399888)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.109.11.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_14; reference:url, urlhaus.abuse.ch/url/3399888/; classtype:trojan-activity;sid:84262988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3399396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.178.100.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3399396/; classtype:trojan-activity;sid:84262496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398629)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/1.sh"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398629/; classtype:trojan-activity;sid:84261729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.121.239.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3398195/; classtype:trojan-activity;sid:84261295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.168.227.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397531/; classtype:trojan-activity;sid:84260631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.18.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397528/; classtype:trojan-activity;sid:84260628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.101.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396427/; classtype:trojan-activity;sid:84259527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.254.71.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396430/; classtype:trojan-activity;sid:84259530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.197.121.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396413/; classtype:trojan-activity;sid:84259513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3396418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.87.151.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_10; reference:url, urlhaus.abuse.ch/url/3396418/; classtype:trojan-activity;sid:84259518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395055)"; flow:established,from_client; content:"GET"; http_method; content:"/arvendrachhonkar/todo/releases/download/macosandwindows/install_setup_v1.2.0.dmg"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3395055/; classtype:trojan-activity;sid:84258155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394507)"; flow:established,from_client; content:"GET"; http_method; content:"/trismagi/daemon/raw/main/watchdog"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394507/; classtype:trojan-activity;sid:84257607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394121)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394121/; classtype:trojan-activity;sid:84257221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394115)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394115/; classtype:trojan-activity;sid:84257215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393662)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/ud/refs/heads/main/ud.bat"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393662/; classtype:trojan-activity;sid:84256762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393601)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.31.111.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393601/; classtype:trojan-activity;sid:84256701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393596)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393596/; classtype:trojan-activity;sid:84256696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393148)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.197.121.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393148/; classtype:trojan-activity;sid:84256248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393047)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393047/; classtype:trojan-activity;sid:84256147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393048)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393048/; classtype:trojan-activity;sid:84256148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.240.163.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393007/; classtype:trojan-activity;sid:84256107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3392686)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher/upload/test.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"test.aionclassic.pro"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3392686/; classtype:trojan-activity;sid:84255786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.251.196.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391671/; classtype:trojan-activity;sid:84254771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391678)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.211.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391678/; classtype:trojan-activity;sid:84254778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.24.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391609/; classtype:trojan-activity;sid:84254709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389403)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/raw/main/ctc64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389403/; classtype:trojan-activity;sid:84252503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389404)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/main/ctc64.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389404/; classtype:trojan-activity;sid:84252504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389259)"; flow:established,from_client; content:"GET"; http_method; content:"/test/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389259/; classtype:trojan-activity;sid:84252359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389237)"; flow:established,from_client; content:"GET"; http_method; content:"/test/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389237/; classtype:trojan-activity;sid:84252337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389239)"; flow:established,from_client; content:"GET"; http_method; content:"/test/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389239/; classtype:trojan-activity;sid:84252339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389229)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/fwutlkid.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389229/; classtype:trojan-activity;sid:84252329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389228)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/gch3x3lk.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389228/; classtype:trojan-activity;sid:84252328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389227)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/9nkwk7nh.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389227/; classtype:trojan-activity;sid:84252327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389226)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/wl3gtvgq.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389226/; classtype:trojan-activity;sid:84252326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389225)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/ujp4jdmy.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389225/; classtype:trojan-activity;sid:84252325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389224)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/8rh4s7pl.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389224/; classtype:trojan-activity;sid:84252324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389223)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/dwppj74t.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389223/; classtype:trojan-activity;sid:84252323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389222)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/jdym53nl.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389222/; classtype:trojan-activity;sid:84252322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389221)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/e9ffa5da.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389221/; classtype:trojan-activity;sid:84252321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389220)"; flow:established,from_client; content:"GET"; http_method; content:"/zotero/8zg9faz4.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389220/; classtype:trojan-activity;sid:84252320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389218)"; flow:established,from_client; content:"GET"; http_method; content:"/free"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"safefiles2.oss-cn-beijing.aliyuncs.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389218/; classtype:trojan-activity;sid:84252318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389142)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.181.70.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389142/; classtype:trojan-activity;sid:84252242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389120)"; flow:established,from_client; content:"GET"; http_method; content:"/auda"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"safefiles2.oss-cn-beijing.aliyuncs.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389120/; classtype:trojan-activity;sid:84252220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388907)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388907/; classtype:trojan-activity;sid:84252007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388878/; classtype:trojan-activity;sid:84251978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.174"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388874/; classtype:trojan-activity;sid:84251974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388858)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/solara.dir.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388858/; classtype:trojan-activity;sid:84251958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387720)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387720/; classtype:trojan-activity;sid:84250820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387708)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/raw/refs/heads/main/diskutil.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387708/; classtype:trojan-activity;sid:84250808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387702)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387702/; classtype:trojan-activity;sid:84250802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386798)"; flow:established,from_client; content:"GET"; http_method; content:"/proceedings-article/55a07147594fae1312e55be4d77971e1/skidmore2008.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"dacemirror.sci-hub.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3386798/; classtype:trojan-activity;sid:84249898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386507)"; flow:established,from_client; content:"GET"; http_method; content:"/file-32bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386507/; classtype:trojan-activity;sid:84249607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386508)"; flow:established,from_client; content:"GET"; http_method; content:"/file.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386508/; classtype:trojan-activity;sid:84249608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386509)"; flow:established,from_client; content:"GET"; http_method; content:"/file-arm.elf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386509/; classtype:trojan-activity;sid:84249609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386510)"; flow:established,from_client; content:"GET"; http_method; content:"/file-64bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386510/; classtype:trojan-activity;sid:84249610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386210)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost-opbr/test/refs/heads/main/adobepdfreader.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386210/; classtype:trojan-activity;sid:84249310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.232.133.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385583/; classtype:trojan-activity;sid:84248683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385579/; classtype:trojan-activity;sid:84248679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385331)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"m-global.hksty.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385331/; classtype:trojan-activity;sid:84248431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385167)"; flow:established,from_client; content:"GET"; http_method; content:"/soft_hair/ultravnc.ini"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"support.clz.kr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385167/; classtype:trojan-activity;sid:84248267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385032)"; flow:established,from_client; content:"GET"; http_method; content:"/5fr5gthkjdg71"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385032/; classtype:trojan-activity;sid:84248132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384038)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/refs/heads/main/diskutil.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384038/; classtype:trojan-activity;sid:84247138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3384025)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvgsng/funpark/raw/refs/heads/main/diskutil.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_31; reference:url, urlhaus.abuse.ch/url/3384025/; classtype:trojan-activity;sid:84247125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3382115)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.90.142.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3382115/; classtype:trojan-activity;sid:84245215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380949/; classtype:trojan-activity;sid:84244049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.193.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380930/; classtype:trojan-activity;sid:84244030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3380924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.179.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_29; reference:url, urlhaus.abuse.ch/url/3380924/; classtype:trojan-activity;sid:84244024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378993/; classtype:trojan-activity;sid:84242093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378991/; classtype:trojan-activity;sid:84242091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.4.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378977/; classtype:trojan-activity;sid:84242077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.1.110.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378964/; classtype:trojan-activity;sid:84242064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.114.218.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378965/; classtype:trojan-activity;sid:84242065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.108.227.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378966/; classtype:trojan-activity;sid:84242066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"159.148.48.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378970/; classtype:trojan-activity;sid:84242070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.142.63.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378974/; classtype:trojan-activity;sid:84242074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.136.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378958/; classtype:trojan-activity;sid:84242058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378016)"; flow:established,from_client; content:"GET"; http_method; content:"/fdiuioijofgrg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.148.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3378016/; classtype:trojan-activity;sid:84241116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377988)"; flow:established,from_client; content:"GET"; http_method; content:"/nvcommander2/allgens/refs/heads/main/msgde.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377988/; classtype:trojan-activity;sid:84241088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377969)"; flow:established,from_client; content:"GET"; http_method; content:"/win/checking.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"qlqd5zqefmkcr34a.onion.sh"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377969/; classtype:trojan-activity;sid:84241069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3377935)"; flow:established,from_client; content:"GET"; http_method; content:"/ryycheats/ezfn-cheats-v2/refs/heads/main/ezfn%20op%20cheats.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_27; reference:url, urlhaus.abuse.ch/url/3377935/; classtype:trojan-activity;sid:84241035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373499)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373499/; classtype:trojan-activity;sid:84236599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373486/; classtype:trojan-activity;sid:84236586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373487)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373487/; classtype:trojan-activity;sid:84236587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373492)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373492/; classtype:trojan-activity;sid:84236592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.193.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373094/; classtype:trojan-activity;sid:84236194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.159.154.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373087/; classtype:trojan-activity;sid:84236187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.84.39.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373071/; classtype:trojan-activity;sid:84236171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373074/; classtype:trojan-activity;sid:84236174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.136.225.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373063/; classtype:trojan-activity;sid:84236163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.244.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373067/; classtype:trojan-activity;sid:84236167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.179.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373048/; classtype:trojan-activity;sid:84236148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.121.195.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373032/; classtype:trojan-activity;sid:84236132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373036/; classtype:trojan-activity;sid:84236136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.138.68.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373037/; classtype:trojan-activity;sid:84236137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.138.107.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373017/; classtype:trojan-activity;sid:84236117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.245.244.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373024/; classtype:trojan-activity;sid:84236124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.20.27.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373026/; classtype:trojan-activity;sid:84236126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.78.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372974/; classtype:trojan-activity;sid:84236074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.211.187.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372975/; classtype:trojan-activity;sid:84236075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.64.182.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372976/; classtype:trojan-activity;sid:84236076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.93.83.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372979/; classtype:trojan-activity;sid:84236079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.158.158.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372986/; classtype:trojan-activity;sid:84236086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.27.224.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372992/; classtype:trojan-activity;sid:84236092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.43.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372994/; classtype:trojan-activity;sid:84236094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.103.184.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372997/; classtype:trojan-activity;sid:84236097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.57.125.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372999/; classtype:trojan-activity;sid:84236099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.156.154.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372966/; classtype:trojan-activity;sid:84236066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.110.204.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372954/; classtype:trojan-activity;sid:84236054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.12.157.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372941/; classtype:trojan-activity;sid:84236041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.125.133.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372944/; classtype:trojan-activity;sid:84236044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.233.125.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372946/; classtype:trojan-activity;sid:84236046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.209.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372931/; classtype:trojan-activity;sid:84236031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372903)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"111.74.21.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372903/; classtype:trojan-activity;sid:84236003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372902/; classtype:trojan-activity;sid:84236002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372900/; classtype:trojan-activity;sid:84236000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372901)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"220.180.255.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372901/; classtype:trojan-activity;sid:84236001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372891)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372891/; classtype:trojan-activity;sid:84235991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372892/; classtype:trojan-activity;sid:84235992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372893/; classtype:trojan-activity;sid:84235993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372896/; classtype:trojan-activity;sid:84235996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372898/; classtype:trojan-activity;sid:84235998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372883)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372883/; classtype:trojan-activity;sid:84235983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372884/; classtype:trojan-activity;sid:84235984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372885)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372885/; classtype:trojan-activity;sid:84235985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372886/; classtype:trojan-activity;sid:84235986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372890/; classtype:trojan-activity;sid:84235990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372877)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.247.47.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372877/; classtype:trojan-activity;sid:84235977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372878/; classtype:trojan-activity;sid:84235978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372879)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372879/; classtype:trojan-activity;sid:84235979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372880)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372880/; classtype:trojan-activity;sid:84235980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372704)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372704/; classtype:trojan-activity;sid:84235804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372705)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372705/; classtype:trojan-activity;sid:84235805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372691)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.101.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372691/; classtype:trojan-activity;sid:84235791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372684/; classtype:trojan-activity;sid:84235784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372657/; classtype:trojan-activity;sid:84235757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372658)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372658/; classtype:trojan-activity;sid:84235758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372654/; classtype:trojan-activity;sid:84235754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372651/; classtype:trojan-activity;sid:84235751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.124.72.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372645/; classtype:trojan-activity;sid:84235745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372625/; classtype:trojan-activity;sid:84235725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.115"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372627/; classtype:trojan-activity;sid:84235727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372636)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.28.177.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372636/; classtype:trojan-activity;sid:84235736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372639)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372639/; classtype:trojan-activity;sid:84235739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.28.177.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372642/; classtype:trojan-activity;sid:84235742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.109.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372621/; classtype:trojan-activity;sid:84235721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372615)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372615/; classtype:trojan-activity;sid:84235715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366263/; classtype:trojan-activity;sid:84229363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.73.75.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366262/; classtype:trojan-activity;sid:84229362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.220.214.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366250/; classtype:trojan-activity;sid:84229350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.160.146.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366245/; classtype:trojan-activity;sid:84229345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.220.123.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366230/; classtype:trojan-activity;sid:84229330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.21.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356934/; classtype:trojan-activity;sid:84220034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356912)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356912/; classtype:trojan-activity;sid:84220012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356911)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/skifterne.sea"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356911/; classtype:trojan-activity;sid:84220011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356909)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.astenterprises.com.pk"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356909/; classtype:trojan-activity;sid:84220009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356803)"; flow:established,from_client; content:"GET"; http_method; content:"/yn5og-40i6-9gu-9hjf.html"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bj5y6-0f-9h4-9fgg4-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356803/; classtype:trojan-activity;sid:84219903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356783)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356783/; classtype:trojan-activity;sid:84219883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356779)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/231dd3bd495a42b6a479fb7f210ba69b.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356779/; classtype:trojan-activity;sid:84219879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356778)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/231dd3bd495a42b6a479fb7f210ba69b.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356778/; classtype:trojan-activity;sid:84219878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356776)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/090cc5c1a5dc444dbeb0099f36f74657.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356776/; classtype:trojan-activity;sid:84219876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356775)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/5142a417d128494b9a9d67961121e943.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356775/; classtype:trojan-activity;sid:84219875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356773)"; flow:established,from_client; content:"GET"; http_method; content:"/in/1229.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356773/; classtype:trojan-activity;sid:84219873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356774)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/5142a417d128494b9a9d67961121e943.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356774/; classtype:trojan-activity;sid:84219874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356762)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356762/; classtype:trojan-activity;sid:84219862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356765)"; flow:established,from_client; content:"GET"; http_method; content:"/in/d204.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356765/; classtype:trojan-activity;sid:84219865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356767)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356767/; classtype:trojan-activity;sid:84219867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356768)"; flow:established,from_client; content:"GET"; http_method; content:"/futon"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356768/; classtype:trojan-activity;sid:84219868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356769)"; flow:established,from_client; content:"GET"; http_method; content:"/qq%e5%8d%8e%e5%a4%8f%e6%9b%b4%e6%96%b0%e6%96%87%e4%bb%b6/%e8%87%aa%e5%8a%a8%e6%9b%b4%e6%96%b0%e8%be%85%e5%8a%a9%e7%a8%8b%e5%ba%8f.exe"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"kuakuawenjian.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356769/; classtype:trojan-activity;sid:84219869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356771)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/b0b34b3375b144c680a0456ffdd639a0.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356771/; classtype:trojan-activity;sid:84219871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356761)"; flow:established,from_client; content:"GET"; http_method; content:"/smiple_4yue"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356761/; classtype:trojan-activity;sid:84219861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356754)"; flow:established,from_client; content:"GET"; http_method; content:"/documentations09.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"constrainthome080doc-1318069902.cos.ap-chengdu.myqcloud.com"; http_host; depth:59; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356754/; classtype:trojan-activity;sid:84219854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356755)"; flow:established,from_client; content:"GET"; http_method; content:"/test_kbnt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356755/; classtype:trojan-activity;sid:84219855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356758)"; flow:established,from_client; content:"GET"; http_method; content:"/36hg-04ik6-9j4-9h5.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"f3i5-0g49bgn-3h95-1324992141.cos.ap-jakarta.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356758/; classtype:trojan-activity;sid:84219858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356748)"; flow:established,from_client; content:"GET"; http_method; content:"/test_kbnt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356748/; classtype:trojan-activity;sid:84219848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356750)"; flow:established,from_client; content:"GET"; http_method; content:"/35-0350gh9v-39yh5g.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"j-0-09g-9bh-h-ggf-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356750/; classtype:trojan-activity;sid:84219850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356751)"; flow:established,from_client; content:"GET"; http_method; content:"/simple"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"weco.oss-eu-central-1.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356751/; classtype:trojan-activity;sid:84219851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356752)"; flow:established,from_client; content:"GET"; http_method; content:"/onerive.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"onlinemicrosoft-1318069902.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356752/; classtype:trojan-activity;sid:84219852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356581)"; flow:established,from_client; content:"GET"; http_method; content:"/270/audi.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bruplong.oss-accelerate.aliyuncs.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356581/; classtype:trojan-activity;sid:84219681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356165)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/refs/heads/main/amogus.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356165/; classtype:trojan-activity;sid:84219265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356162)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/refs/heads/main/critscript.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356162/; classtype:trojan-activity;sid:84219262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356156)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/refs/heads/main/svhost.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356156/; classtype:trojan-activity;sid:84219256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356145)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/refs/heads/main/fast%20download.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356145/; classtype:trojan-activity;sid:84219245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356146)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/refs/heads/main/sentil.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356146/; classtype:trojan-activity;sid:84219246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356134)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356134/; classtype:trojan-activity;sid:84219234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356133)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/refs/heads/main/444.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356133/; classtype:trojan-activity;sid:84219233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356129)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/refs/heads/main/server1.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356129/; classtype:trojan-activity;sid:84219229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356121)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356121/; classtype:trojan-activity;sid:84219221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356118)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/refs/heads/main/powerrat.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356118/; classtype:trojan-activity;sid:84219218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353957)"; flow:established,from_client; content:"GET"; http_method; content:"/rookievip/xx/main/loader.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353957/; classtype:trojan-activity;sid:84217057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353403)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/prueba.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353403/; classtype:trojan-activity;sid:84216503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353380)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/refs/heads/main/client-built.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353380/; classtype:trojan-activity;sid:84216480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353372)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/refs/heads/main/shellcode.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353372/; classtype:trojan-activity;sid:84216472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353348)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/raw/refs/heads/main/powerrat.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353348/; classtype:trojan-activity;sid:84216448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353349)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353349/; classtype:trojan-activity;sid:84216449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353345)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/raw/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353345/; classtype:trojan-activity;sid:84216445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353333)"; flow:established,from_client; content:"GET"; http_method; content:"/dlc_update.data"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353333/; classtype:trojan-activity;sid:84216433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353318)"; flow:established,from_client; content:"GET"; http_method; content:"/tacvip/file3.mentah"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353318/; classtype:trojan-activity;sid:84216418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353317)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/file3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353317/; classtype:trojan-activity;sid:84216417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353316)"; flow:established,from_client; content:"GET"; http_method; content:"/senju/senju_simple_vp.rar"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353316/; classtype:trojan-activity;sid:84216416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353315)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353315/; classtype:trojan-activity;sid:84216415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353310)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/simple3.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353310/; classtype:trojan-activity;sid:84216410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353309)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353309/; classtype:trojan-activity;sid:84216409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353307)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/refs/heads/main/njrat%20dangerous.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353307/; classtype:trojan-activity;sid:84216407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353301)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injeksimple3.mentah"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353301/; classtype:trojan-activity;sid:84216401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353296)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/file3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353296/; classtype:trojan-activity;sid:84216396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353297)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/vvipejy_hard_vp.rar"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353297/; classtype:trojan-activity;sid:84216397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353298)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/simple3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353298/; classtype:trojan-activity;sid:84216398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353299)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/file3.mentah"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353299/; classtype:trojan-activity;sid:84216399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353294)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injekkey.mentah"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353294/; classtype:trojan-activity;sid:84216394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353295)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/simple3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353295/; classtype:trojan-activity;sid:84216395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353285)"; flow:established,from_client; content:"GET"; http_method; content:"/tacvip/injek3.mentah"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353285/; classtype:trojan-activity;sid:84216385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353286)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353286/; classtype:trojan-activity;sid:84216386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353287)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353287/; classtype:trojan-activity;sid:84216387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353288)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/injeksimple3.mentah"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353288/; classtype:trojan-activity;sid:84216388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353289)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injek3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353289/; classtype:trojan-activity;sid:84216389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353290)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/injek3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353290/; classtype:trojan-activity;sid:84216390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353291)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/vvipejy_simple_vp.rar"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353291/; classtype:trojan-activity;sid:84216391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353292)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/simple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353292/; classtype:trojan-activity;sid:84216392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353293)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/simple3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353293/; classtype:trojan-activity;sid:84216393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353284)"; flow:established,from_client; content:"GET"; http_method; content:"/egn/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353284/; classtype:trojan-activity;sid:84216384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353280)"; flow:established,from_client; content:"GET"; http_method; content:"/xcd/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353280/; classtype:trojan-activity;sid:84216380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353281)"; flow:established,from_client; content:"GET"; http_method; content:"/sumatra/injek3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353281/; classtype:trojan-activity;sid:84216381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353282)"; flow:established,from_client; content:"GET"; http_method; content:"/e991/injeksimple3.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353282/; classtype:trojan-activity;sid:84216382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353283)"; flow:established,from_client; content:"GET"; http_method; content:"/fvc/injeksimple3.mentah"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353283/; classtype:trojan-activity;sid:84216383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353278)"; flow:established,from_client; content:"GET"; http_method; content:"/xnn/injek3.mentah"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353278/; classtype:trojan-activity;sid:84216378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353275)"; flow:established,from_client; content:"GET"; http_method; content:"/vvipejy/injeksimple3.mentah"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353275/; classtype:trojan-activity;sid:84216375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353271)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/injeksimple3.mentah"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353271/; classtype:trojan-activity;sid:84216371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353266)"; flow:established,from_client; content:"GET"; http_method; content:"/chromedriver.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353266/; classtype:trojan-activity;sid:84216366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353265)"; flow:established,from_client; content:"GET"; http_method; content:"/libccc.zip.tar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353265/; classtype:trojan-activity;sid:84216365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353264)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353264/; classtype:trojan-activity;sid:84216364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353263)"; flow:established,from_client; content:"GET"; http_method; content:"/xc.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353263/; classtype:trojan-activity;sid:84216363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353262)"; flow:established,from_client; content:"GET"; http_method; content:"/vmpwn.7z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353262/; classtype:trojan-activity;sid:84216362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353261)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353261/; classtype:trojan-activity;sid:84216361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353260)"; flow:established,from_client; content:"GET"; http_method; content:"/tinynote.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353260/; classtype:trojan-activity;sid:84216360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353257)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353257/; classtype:trojan-activity;sid:84216357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353253)"; flow:established,from_client; content:"GET"; http_method; content:"/musl-dbgsym_1.2.2-1_amd64.ddeb"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353253/; classtype:trojan-activity;sid:84216353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353254)"; flow:established,from_client; content:"GET"; http_method; content:"/eznoted2b1405e.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353254/; classtype:trojan-activity;sid:84216354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353255)"; flow:established,from_client; content:"GET"; http_method; content:"/pig.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353255/; classtype:trojan-activity;sid:84216355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353256)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353256/; classtype:trojan-activity;sid:84216356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353250/; classtype:trojan-activity;sid:84216350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353251)"; flow:established,from_client; content:"GET"; http_method; content:"/master.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353251/; classtype:trojan-activity;sid:84216351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353242/; classtype:trojan-activity;sid:84216342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353243/; classtype:trojan-activity;sid:84216343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_2.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353244/; classtype:trojan-activity;sid:84216344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353246)"; flow:established,from_client; content:"GET"; http_method; content:"//google.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353246/; classtype:trojan-activity;sid:84216346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/billi_e58d74e455634dc695ed8a7b8b320325.exe.upx.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353238/; classtype:trojan-activity;sid:84216338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353234/; classtype:trojan-activity;sid:84216334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353235/; classtype:trojan-activity;sid:84216335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353227)"; flow:established,from_client; content:"GET"; http_method; content:"/ez_kiwi"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353227/; classtype:trojan-activity;sid:84216327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353216)"; flow:established,from_client; content:"GET"; http_method; content:"//chromesetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353216/; classtype:trojan-activity;sid:84216316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353204)"; flow:established,from_client; content:"GET"; http_method; content:"/wp.ps1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353204/; classtype:trojan-activity;sid:84216304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353206)"; flow:established,from_client; content:"GET"; http_method; content:"/e991/injek3.mentah"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353206/; classtype:trojan-activity;sid:84216306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353199)"; flow:established,from_client; content:"GET"; http_method; content:"/unicorn-2.0.0rc7.dist-info/record"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353199/; classtype:trojan-activity;sid:84216299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353189/; classtype:trojan-activity;sid:84216289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353190/; classtype:trojan-activity;sid:84216290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353192/; classtype:trojan-activity;sid:84216292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353178)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353178/; classtype:trojan-activity;sid:84216278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353175)"; flow:established,from_client; content:"GET"; http_method; content:"/2022%e7%bd%91%e9%bc%8e%e6%9d%af%e5%8d%8a%e5%86%b3%e8%b5%9b.7z"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"e4l4.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353175/; classtype:trojan-activity;sid:84216275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353123)"; flow:established,from_client; content:"GET"; http_method; content:"/cqhack/ddos-script/refs/heads/master/cqhack.pl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353123/; classtype:trojan-activity;sid:84216223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352821)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352821/; classtype:trojan-activity;sid:84215921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352586)"; flow:established,from_client; content:"GET"; http_method; content:"/comitheicon/volatus0.5/refs/heads/main/volatus0.5.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352586/; classtype:trojan-activity;sid:84215686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352459)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.244.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352459/; classtype:trojan-activity;sid:84215559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352356)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/exclude.ps1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352356/; classtype:trojan-activity;sid:84215456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352353)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/svhost.vbs"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352353/; classtype:trojan-activity;sid:84215453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352354)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/m.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352354/; classtype:trojan-activity;sid:84215454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352352)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/raw/main/e.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352352/; classtype:trojan-activity;sid:84215452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352351)"; flow:established,from_client; content:"GET"; http_method; content:"/k53xupn43/i965652f/refs/heads/main/m.ps1"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352351/; classtype:trojan-activity;sid:84215451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351932)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12jgde-soib4liipbdhs55vkz7ek8_ua6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351932/; classtype:trojan-activity;sid:84215032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351820)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/raw/refs/heads/main/client-built.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351820/; classtype:trojan-activity;sid:84214920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351813)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/raw/refs/heads/main/amogus.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351813/; classtype:trojan-activity;sid:84214913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351507)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-log"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"proship.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351507/; classtype:trojan-activity;sid:84214607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351478)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/raw/refs/heads/main/ifiinms.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351478/; classtype:trojan-activity;sid:84214578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351477)"; flow:established,from_client; content:"GET"; http_method; content:"/fsabxh/sfdawsdawdaw/raw/refs/heads/main/serials_checker.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351477/; classtype:trojan-activity;sid:84214577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351462)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/raw/refs/heads/main/server1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351462/; classtype:trojan-activity;sid:84214562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351458)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/raw/refs/heads/main/svhost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351458/; classtype:trojan-activity;sid:84214558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351430)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351430/; classtype:trojan-activity;sid:84214530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351428)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351428/; classtype:trojan-activity;sid:84214528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351402)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/raw/refs/heads/main/sentil.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351402/; classtype:trojan-activity;sid:84214502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351383)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/raw/refs/heads/main/njrat.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351383/; classtype:trojan-activity;sid:84214483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351377)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351377/; classtype:trojan-activity;sid:84214477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351381)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/raw/refs/heads/main/bloxflip%20predictor.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351381/; classtype:trojan-activity;sid:84214481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351350)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/raw/refs/heads/main/njrat%20dangerous.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351350/; classtype:trojan-activity;sid:84214450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351320)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351320/; classtype:trojan-activity;sid:84214420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351297)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/raw/refs/heads/main/shellcode.bin"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351297/; classtype:trojan-activity;sid:84214397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351259)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/raw/refs/heads/main/shellcode.bin"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351259/; classtype:trojan-activity;sid:84214359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3349063)"; flow:established,from_client; content:"GET"; http_method; content:"/dzakc3wag/raw/upload/v1734112417/uploaded_textfile"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"res.cloudinary.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_14; reference:url, urlhaus.abuse.ch/url/3349063/; classtype:trojan-activity;sid:84212163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348217)"; flow:established,from_client; content:"GET"; http_method; content:"/attatier/cloud/main/testexe.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348217/; classtype:trojan-activity;sid:84211317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347308)"; flow:established,from_client; content:"GET"; http_method; content:"/component/vc2005sp1redist_x86.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"windriversfiles.imeitools.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347308/; classtype:trojan-activity;sid:84210408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346530)"; flow:established,from_client; content:"GET"; http_method; content:"/whoafg/problemonfmech/refs/heads/main/client.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346530/; classtype:trojan-activity;sid:84209630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346031)"; flow:established,from_client; content:"GET"; http_method; content:"/templates1/js/mixitup.js"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"autoiwc.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346031/; classtype:trojan-activity;sid:84209131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/41a1111.hta"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346026/; classtype:trojan-activity;sid:84209126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346020)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/refs/heads/main/testingfile.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346020/; classtype:trojan-activity;sid:84209120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346000)"; flow:established,from_client; content:"GET"; http_method; content:"/leemurray751/testing/raw/refs/heads/main/testingfile.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346000/; classtype:trojan-activity;sid:84209100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345089)"; flow:established,from_client; content:"GET"; http_method; content:"/n00b69/woasetup/releases/download/installers/dxwebsetup.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345089/; classtype:trojan-activity;sid:84208189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345076)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345076/; classtype:trojan-activity;sid:84208176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345062)"; flow:established,from_client; content:"GET"; http_method; content:"/ys558pd/start.hta"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"device.redirec.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345062/; classtype:trojan-activity;sid:84208162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344216)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344216/; classtype:trojan-activity;sid:84207316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344177)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344177/; classtype:trojan-activity;sid:84207277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344172)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344172/; classtype:trojan-activity;sid:84207272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344116)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344116/; classtype:trojan-activity;sid:84207216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344054)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344054/; classtype:trojan-activity;sid:84207154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344015)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344015/; classtype:trojan-activity;sid:84207115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343939)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343939/; classtype:trojan-activity;sid:84207039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343827)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343827/; classtype:trojan-activity;sid:84206927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343814)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343814/; classtype:trojan-activity;sid:84206914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343669)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343669/; classtype:trojan-activity;sid:84206769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340580/; classtype:trojan-activity;sid:84203680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340578/; classtype:trojan-activity;sid:84203678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340577/; classtype:trojan-activity;sid:84203677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340567/; classtype:trojan-activity;sid:84203667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340568/; classtype:trojan-activity;sid:84203668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340569/; classtype:trojan-activity;sid:84203669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340570/; classtype:trojan-activity;sid:84203670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340573/; classtype:trojan-activity;sid:84203673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340574/; classtype:trojan-activity;sid:84203674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340575/; classtype:trojan-activity;sid:84203675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340576/; classtype:trojan-activity;sid:84203676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340440)"; flow:established,from_client; content:"GET"; http_method; content:"/dis3j/wagnerhook/releases/download/release/loader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340440/; classtype:trojan-activity;sid:84203540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340399)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest%20v1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340399/; classtype:trojan-activity;sid:84203499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340398)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/complexo%20v4.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340398/; classtype:trojan-activity;sid:84203498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340395)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/box3d.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340395/; classtype:trojan-activity;sid:84203495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340396)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/lkwan.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340396/; classtype:trojan-activity;sid:84203496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340397)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/flunix9.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340397/; classtype:trojan-activity;sid:84203497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340392)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/elzhas%20pannel.dll"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340392/; classtype:trojan-activity;sid:84203492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340393)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/morovip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340393/; classtype:trojan-activity;sid:84203493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340394)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/hazaxd.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340394/; classtype:trojan-activity;sid:84203494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340391)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340391/; classtype:trojan-activity;sid:84203491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340390)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/blue_and_white.dll"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340390/; classtype:trojan-activity;sid:84203490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340363)"; flow:established,from_client; content:"GET"; http_method; content:"/huuuuggga/aaaaa1/refs/heads/main/srtware.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340363/; classtype:trojan-activity;sid:84203463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339252)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.136.225.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339252/; classtype:trojan-activity;sid:84202352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339245)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.138.107.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339245/; classtype:trojan-activity;sid:84202345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.12.157.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339230/; classtype:trojan-activity;sid:84202330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339216)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.136.193.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339216/; classtype:trojan-activity;sid:84202316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339219)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.20.27.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339219/; classtype:trojan-activity;sid:84202319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339222)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.43.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339222/; classtype:trojan-activity;sid:84202322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339206)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"159.148.48.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339206/; classtype:trojan-activity;sid:84202306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339193)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.101.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339193/; classtype:trojan-activity;sid:84202293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339181)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.236.133.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339181/; classtype:trojan-activity;sid:84202281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.110.204.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339168/; classtype:trojan-activity;sid:84202268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339171)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.57.125.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339171/; classtype:trojan-activity;sid:84202271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339161)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.220.123.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339161/; classtype:trojan-activity;sid:84202261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.233.125.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339162/; classtype:trojan-activity;sid:84202262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339152)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.191.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339152/; classtype:trojan-activity;sid:84202252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339124)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339124/; classtype:trojan-activity;sid:84202224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"173.178.94.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339127/; classtype:trojan-activity;sid:84202227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339116)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.179.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339116/; classtype:trojan-activity;sid:84202216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339114)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.78.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339114/; classtype:trojan-activity;sid:84202214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339111)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.121.195.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339111/; classtype:trojan-activity;sid:84202211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339106)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.43.6.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339106/; classtype:trojan-activity;sid:84202206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339109)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.84.39.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339109/; classtype:trojan-activity;sid:84202209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339096)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.103.184.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339096/; classtype:trojan-activity;sid:84202196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339100)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.125.133.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339100/; classtype:trojan-activity;sid:84202200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339103)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.160.146.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339103/; classtype:trojan-activity;sid:84202203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339082)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.209.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339082/; classtype:trojan-activity;sid:84202182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339065)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.158.158.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339065/; classtype:trojan-activity;sid:84202165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338712)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/game.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338712/; classtype:trojan-activity;sid:84201812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338655)"; flow:established,from_client; content:"GET"; http_method; content:"/hostfile/taptin/autoupdate.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"update.volam2005pk.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338655/; classtype:trojan-activity;sid:84201755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338656)"; flow:established,from_client; content:"GET"; http_method; content:"/kabot/unix-privilege-escalation-exploits-pack/master/2012/vmsplice-local-root-exploit"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338656/; classtype:trojan-activity;sid:84201756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338557)"; flow:established,from_client; content:"GET"; http_method; content:"/net/boot.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338557/; classtype:trojan-activity;sid:84201657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338560)"; flow:established,from_client; content:"GET"; http_method; content:"/ga13372/jv/main/javaw.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338560/; classtype:trojan-activity;sid:84201660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338554)"; flow:established,from_client; content:"GET"; http_method; content:"/jhpatchouli/payload/raw/master/artifact.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"gitee.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338554/; classtype:trojan-activity;sid:84201654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338548)"; flow:established,from_client; content:"GET"; http_method; content:"/nicxlau/alfa-shell/master/alfa-obfuscated.php"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338548/; classtype:trojan-activity;sid:84201648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338507)"; flow:established,from_client; content:"GET"; http_method; content:"/aissardp/payload/main/payload.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338507/; classtype:trojan-activity;sid:84201607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338505)"; flow:established,from_client; content:"GET"; http_method; content:"/cracker1337uwu/rrr/main/bypass.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338505/; classtype:trojan-activity;sid:84201605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338499)"; flow:established,from_client; content:"GET"; http_method; content:"/g1vi/cve-2023-2640-cve-2023-32629/main/exploit.sh"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338499/; classtype:trojan-activity;sid:84201599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338493)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenmanmkt/repo1/main/exploit-2"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338493/; classtype:trojan-activity;sid:84201593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338492)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/self-injection/self-injection.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338492/; classtype:trojan-activity;sid:84201592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338487)"; flow:established,from_client; content:"GET"; http_method; content:"/cyberhunter00/remote_hijack/master/uac_bypass.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338487/; classtype:trojan-activity;sid:84201587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338473)"; flow:established,from_client; content:"GET"; http_method; content:"/fromfranceanb/d46c38bce2b0d9c6hcffa6baea82ece29fa6d238/main/injection.js"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338473/; classtype:trojan-activity;sid:84201573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338475)"; flow:established,from_client; content:"GET"; http_method; content:"/cocomelonc/2022-01-14-malware-injection-13/master/hack.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338475/; classtype:trojan-activity;sid:84201575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338467)"; flow:established,from_client; content:"GET"; http_method; content:"/fxtazz/injection/main/index.js"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338467/; classtype:trojan-activity;sid:84201567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338471)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/process-injection/process-injection.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338471/; classtype:trojan-activity;sid:84201571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338451)"; flow:established,from_client; content:"GET"; http_method; content:"/sixaknow/uac_bypass_/main/module_377498327498dcxvc32434.dll"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338451/; classtype:trojan-activity;sid:84201551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338443)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/master/standalone_payload.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338443/; classtype:trojan-activity;sid:84201543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338434)"; flow:established,from_client; content:"GET"; http_method; content:"/sanzaz/phantomious/main/injection-clean.js"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338434/; classtype:trojan-activity;sid:84201534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337794)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/f/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337794/; classtype:trojan-activity;sid:84200894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337795)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/c/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337795/; classtype:trojan-activity;sid:84200895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337796)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337796/; classtype:trojan-activity;sid:84200896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337797)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/i/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337797/; classtype:trojan-activity;sid:84200897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337035)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmoundll/kak/main/glew64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337035/; classtype:trojan-activity;sid:84200135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337026)"; flow:established,from_client; content:"GET"; http_method; content:"/nkaslq1/ankrnl/refs/heads/main/alphatweaks.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337026/; classtype:trojan-activity;sid:84200126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337032)"; flow:established,from_client; content:"GET"; http_method; content:"/haa15/driver-shitty/main/kdmapper_release.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337032/; classtype:trojan-activity;sid:84200132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337015)"; flow:established,from_client; content:"GET"; http_method; content:"/v0lt/virtualdub2/releases/download/2.1.3/virtualdub2_v2.1.3.667_win32.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337015/; classtype:trojan-activity;sid:84200115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337012)"; flow:established,from_client; content:"GET"; http_method; content:"/cgmb/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337012/; classtype:trojan-activity;sid:84200112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337010)"; flow:established,from_client; content:"GET"; http_method; content:"/cgpro/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337010/; classtype:trojan-activity;sid:84200110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337004)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidixelaina/wuselaina/raw/refs/heads/main/build.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337004/; classtype:trojan-activity;sid:84200104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336992)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/taskmoder.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336992/; classtype:trojan-activity;sid:84200092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336993)"; flow:established,from_client; content:"GET"; http_method; content:"/z-beam/movaflag/releases/download/1.0.2/mova.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336993/; classtype:trojan-activity;sid:84200093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336990)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/cssgo.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336990/; classtype:trojan-activity;sid:84200090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336987)"; flow:established,from_client; content:"GET"; http_method; content:"/net/boot.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"quanlyphongnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336987/; classtype:trojan-activity;sid:84200087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336983)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/raw/refs/heads/main/black.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336983/; classtype:trojan-activity;sid:84200083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336095)"; flow:established,from_client; content:"GET"; http_method; content:"/stubgenerator/stub/main/stub.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336095/; classtype:trojan-activity;sid:84199195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336094)"; flow:established,from_client; content:"GET"; http_method; content:"/xacker-volk/justmyrat/main/stub.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336094/; classtype:trojan-activity;sid:84199194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336077)"; flow:established,from_client; content:"GET"; http_method; content:"/nikolaevich23/make-pkg-bat/master/setup.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336077/; classtype:trojan-activity;sid:84199177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336072)"; flow:established,from_client; content:"GET"; http_method; content:"/eirxne/valorant-axeprime/main/axeprime.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336072/; classtype:trojan-activity;sid:84199172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336068)"; flow:established,from_client; content:"GET"; http_method; content:"/stephenfewer/reflectivedllinjection/refs/heads/master/bin/reflective_dll.dll"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336068/; classtype:trojan-activity;sid:84199168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336058)"; flow:established,from_client; content:"GET"; http_method; content:"/anessdev/talha/main/talha.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336058/; classtype:trojan-activity;sid:84199158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336051)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336051/; classtype:trojan-activity;sid:84199151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336049)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/zip/refs/heads/main"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336049/; classtype:trojan-activity;sid:84199149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335208)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/master/rage.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335208/; classtype:trojan-activity;sid:84198308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335209)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335209/; classtype:trojan-activity;sid:84198309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335199)"; flow:established,from_client; content:"GET"; http_method; content:"/phm/brive/recepisse/202403/10/doc2lgpu2jwfets.tif"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"195.101.213.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335199/; classtype:trojan-activity;sid:84198299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335200)"; flow:established,from_client; content:"GET"; http_method; content:"/phm/distrimobile/recepisse/202407/30/fuss983_20240725_150732.tif"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"195.101.213.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335200/; classtype:trojan-activity;sid:84198300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335175)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks32_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335175/; classtype:trojan-activity;sid:84198275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335174)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowforce2008_64_add.vmp.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335174/; classtype:trojan-activity;sid:84198274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335173)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks64_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335173/; classtype:trojan-activity;sid:84198273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335166)"; flow:established,from_client; content:"GET"; http_method; content:"/upm2008.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335166/; classtype:trojan-activity;sid:84198266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335156)"; flow:established,from_client; content:"GET"; http_method; content:"/ndisinstaller3.2.32.1.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335156/; classtype:trojan-activity;sid:84198256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335149)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/2018-11/20181122103207926164.doc"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"xww.bucea.edu.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335149/; classtype:trojan-activity;sid:84198249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335154)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335154/; classtype:trojan-activity;sid:84198254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335147)"; flow:established,from_client; content:"GET"; http_method; content:"/iatinfect2008_64.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335147/; classtype:trojan-activity;sid:84198247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335141)"; flow:established,from_client; content:"GET"; http_method; content:"/winsetaccess64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335141/; classtype:trojan-activity;sid:84198241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335135)"; flow:established,from_client; content:"GET"; http_method; content:"/writedat.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335135/; classtype:trojan-activity;sid:84198235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335136)"; flow:established,from_client; content:"GET"; http_method; content:"/mport.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335136/; classtype:trojan-activity;sid:84198236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335134)"; flow:established,from_client; content:"GET"; http_method; content:"/iland.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335134/; classtype:trojan-activity;sid:84198234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335132)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335132/; classtype:trojan-activity;sid:84198232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335123)"; flow:established,from_client; content:"GET"; http_method; content:"/krepej/dubelya/s-shurupom/6-40-40-sht"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"m.bal-stroi.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335123/; classtype:trojan-activity;sid:84198223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335119)"; flow:established,from_client; content:"GET"; http_method; content:"/mytime/files/3.3.7.0/mytime.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"down.ruanmei.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335119/; classtype:trojan-activity;sid:84198219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335118)"; flow:established,from_client; content:"GET"; http_method; content:"/cg70/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335118/; classtype:trojan-activity;sid:84198218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335096)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335096/; classtype:trojan-activity;sid:84198196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335094)"; flow:established,from_client; content:"GET"; http_method; content:"/misc/tools/exporttabletester.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ximonite.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335094/; classtype:trojan-activity;sid:84198194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335074)"; flow:established,from_client; content:"GET"; http_method; content:"/_upload/article/files/90/f4/62d98f264ab0abc4a1f14a32607a/089c9dc1-8248-47b5-b35d-310cd70469b4.doc"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"hhbs.hhu.edu.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335074/; classtype:trojan-activity;sid:84198174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333897)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333897/; classtype:trojan-activity;sid:84196997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333896)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333896/; classtype:trojan-activity;sid:84196996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333895)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333895/; classtype:trojan-activity;sid:84196995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333657)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333657/; classtype:trojan-activity;sid:84196757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333658)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main1.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333658/; classtype:trojan-activity;sid:84196758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333656)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/refs/heads/main/main1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333656/; classtype:trojan-activity;sid:84196756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333651)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/raw/refs/heads/main/main1.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333651/; classtype:trojan-activity;sid:84196751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333527)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/pthlearning.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"chinaapper.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333527/; classtype:trojan-activity;sid:84196627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333522)"; flow:established,from_client; content:"GET"; http_method; content:"/azertyuiopexe/fud-crypter/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333522/; classtype:trojan-activity;sid:84196622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333521)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/main/document.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333521/; classtype:trojan-activity;sid:84196621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333518)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.8"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333518/; classtype:trojan-activity;sid:84196618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333513)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.10"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333513/; classtype:trojan-activity;sid:84196613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333514)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.3"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333514/; classtype:trojan-activity;sid:84196614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333511)"; flow:established,from_client; content:"GET"; http_method; content:"/hwangyounggul33/windows10/refs/heads/main/privacypolicy.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333511/; classtype:trojan-activity;sid:84196611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333509)"; flow:established,from_client; content:"GET"; http_method; content:"/caocaocc/yacd/zip/refs/heads/gh-pages"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333509/; classtype:trojan-activity;sid:84196609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333510)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.2"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333510/; classtype:trojan-activity;sid:84196610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333508)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.11"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333508/; classtype:trojan-activity;sid:84196608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333499)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/agentnov.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333499/; classtype:trojan-activity;sid:84196599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333502)"; flow:established,from_client; content:"GET"; http_method; content:"/cirosantilli/china-dictatorship/zip/refs/heads/master"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333502/; classtype:trojan-activity;sid:84196602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333503)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.8.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333503/; classtype:trojan-activity;sid:84196603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333495)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.5"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333495/; classtype:trojan-activity;sid:84196595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333496)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.7"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333496/; classtype:trojan-activity;sid:84196596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333493)"; flow:established,from_client; content:"GET"; http_method; content:"/d-7uble/invoke-phant0m/zip/refs/heads/master"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333493/; classtype:trojan-activity;sid:84196593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333494)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.7.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333494/; classtype:trojan-activity;sid:84196594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333489)"; flow:established,from_client; content:"GET"; http_method; content:"/54n4l/mimikatzwindows/zip/refs/heads/master"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333489/; classtype:trojan-activity;sid:84196589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333485)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333485/; classtype:trojan-activity;sid:84196585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333482)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.1"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333482/; classtype:trojan-activity;sid:84196582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333481)"; flow:established,from_client; content:"GET"; http_method; content:"/crowly-ai/hello-world/refs/heads/main/zubovlekciya.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333481/; classtype:trojan-activity;sid:84196581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333479)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333479/; classtype:trojan-activity;sid:84196579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333470)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodhoundad/bloodhound/master/collectors/sharphound.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333470/; classtype:trojan-activity;sid:84196570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333458)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar/setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333458/; classtype:trojan-activity;sid:84196558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333457)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333457/; classtype:trojan-activity;sid:84196557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333456)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333456/; classtype:trojan-activity;sid:84196556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333439)"; flow:established,from_client; content:"GET"; http_method; content:"/ytisf/thezoo/refs/heads/master/malware/binaries/ransomware.wannacry/ransomware.wannacry.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333439/; classtype:trojan-activity;sid:84196539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333435)"; flow:established,from_client; content:"GET"; http_method; content:"/newlog/exploiting/refs/heads/master/training/windows/practical_malware_analysis/labs/chapter_1l/lab01-02.exe"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333435/; classtype:trojan-activity;sid:84196535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333369)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/donut.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333369/; classtype:trojan-activity;sid:84196469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333359)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333359/; classtype:trojan-activity;sid:84196459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333355)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333355/; classtype:trojan-activity;sid:84196455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333357)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333357/; classtype:trojan-activity;sid:84196457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333350)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/raw/master/donut.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333350/; classtype:trojan-activity;sid:84196450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333351)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333351/; classtype:trojan-activity;sid:84196451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333352)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333352/; classtype:trojan-activity;sid:84196452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333353)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333353/; classtype:trojan-activity;sid:84196453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333343)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333343/; classtype:trojan-activity;sid:84196443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333322)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333322/; classtype:trojan-activity;sid:84196422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333321)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333321/; classtype:trojan-activity;sid:84196421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333316)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333316/; classtype:trojan-activity;sid:84196416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333317)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333317/; classtype:trojan-activity;sid:84196417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333279)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jtdamhd5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333279/; classtype:trojan-activity;sid:84196379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332955)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%98%85%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%98%85.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"xn--yh4bx88a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332955/; classtype:trojan-activity;sid:84196055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332954)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%ab%b8%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%ab%b7.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"xn--yh4bx88a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332954/; classtype:trojan-activity;sid:84196054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332792)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332792/; classtype:trojan-activity;sid:84195892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332783)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/raw/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332783/; classtype:trojan-activity;sid:84195883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332780)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/raw/refs/heads/main/connector1.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332780/; classtype:trojan-activity;sid:84195880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332771)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/main/critscript.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332771/; classtype:trojan-activity;sid:84195871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332764)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/main/system.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332764/; classtype:trojan-activity;sid:84195864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332765)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/refs/heads/main/runtimebroker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332765/; classtype:trojan-activity;sid:84195865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332761)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/refs/heads/main/jrockekcurje.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332761/; classtype:trojan-activity;sid:84195861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332757)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/raw/main/system.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332757/; classtype:trojan-activity;sid:84195857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332754)"; flow:established,from_client; content:"GET"; http_method; content:"/apoxyies/deeneme/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332754/; classtype:trojan-activity;sid:84195854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332751)"; flow:established,from_client; content:"GET"; http_method; content:"/yuriksq/papilla/raw/refs/heads/main/jrockekcurje.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332751/; classtype:trojan-activity;sid:84195851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331919)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/opyhjdase.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331919/; classtype:trojan-activity;sid:84195019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331862)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/popapoers.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331862/; classtype:trojan-activity;sid:84194962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331858)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/ljgksdtihd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331858/; classtype:trojan-activity;sid:84194958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331850)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/pfntjejghjsdkr.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331850/; classtype:trojan-activity;sid:84194950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331828)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/vikings.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331828/; classtype:trojan-activity;sid:84194928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331826)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/bnkrigkawd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331826/; classtype:trojan-activity;sid:84194926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331699)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331699/; classtype:trojan-activity;sid:84194799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331669)"; flow:established,from_client; content:"GET"; http_method; content:"/fofit-rater/1/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331669/; classtype:trojan-activity;sid:84194769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331670)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/master/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331670/; classtype:trojan-activity;sid:84194770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331664)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/long-glade-33dc08/original//rump_img.jpeg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331664/; classtype:trojan-activity;sid:84194764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331665)"; flow:established,from_client; content:"GET"; http_method; content:"/abhidadatg/worm/refs/heads/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331665/; classtype:trojan-activity;sid:84194765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331653)"; flow:established,from_client; content:"GET"; http_method; content:"/zonicleaks/yappadabbadoo/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331653/; classtype:trojan-activity;sid:84194753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331648)"; flow:established,from_client; content:"GET"; http_method; content:"/jikoos/rrr/main/xclient.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331648/; classtype:trojan-activity;sid:84194748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331649)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/debug2.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.drgenov.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331649/; classtype:trojan-activity;sid:84194749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331644)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/wrwrwr/main/xclient.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331644/; classtype:trojan-activity;sid:84194744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331643)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/adad/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331643/; classtype:trojan-activity;sid:84194743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331639)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/deferred-metadata/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331639/; classtype:trojan-activity;sid:84194739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331640)"; flow:established,from_client; content:"GET"; http_method; content:"/whois-black/qew123/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331640/; classtype:trojan-activity;sid:84194740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331636)"; flow:established,from_client; content:"GET"; http_method; content:"/paco321312312/cautious-sniffle/main/xclient.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331636/; classtype:trojan-activity;sid:84194736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331633)"; flow:established,from_client; content:"GET"; http_method; content:"/joeljosephpajeet/testexe/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331633/; classtype:trojan-activity;sid:84194733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331626)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/debug4.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.drgenov.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331626/; classtype:trojan-activity;sid:84194726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331628)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/fsfsf/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331628/; classtype:trojan-activity;sid:84194728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331630)"; flow:established,from_client; content:"GET"; http_method; content:"/cheetz/nishang/master/gather/keylogger.ps1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331630/; classtype:trojan-activity;sid:84194730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331588)"; flow:established,from_client; content:"GET"; http_method; content:"/cookieskush/pip-package-template/master/client-built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331588/; classtype:trojan-activity;sid:84194688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331577)"; flow:established,from_client; content:"GET"; http_method; content:"/valofficial/client-follower/main/client-built.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331577/; classtype:trojan-activity;sid:84194677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331574)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/refs/heads/master/xclient.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331574/; classtype:trojan-activity;sid:84194674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331534)"; flow:established,from_client; content:"GET"; http_method; content:"/cidadejunina/js/vendor/debug2.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"transparenciacanaa.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331534/; classtype:trojan-activity;sid:84194634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331498)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_-w5me4evtzbdzix_v_ymzdelazhrv5z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331498/; classtype:trojan-activity;sid:84194598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331500)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nskagzrswpttoue3wbrhdqpyzlyve4tg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331500/; classtype:trojan-activity;sid:84194600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331490)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o3zw7sodji4uk954kngkdyshyl37gozq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331490/; classtype:trojan-activity;sid:84194590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331487)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/decqq-cf20a.appspot.com/o/donchifile_vchfujk91.bin|3f|alt=media|7c|26|7c|token=c2737a65-ff1c-436c-a6f0-11d3a748f62f"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331487/; classtype:trojan-activity;sid:84194587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3319642)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.114.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_04; reference:url, urlhaus.abuse.ch/url/3319642/; classtype:trojan-activity;sid:84182742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318309)"; flow:established,from_client; content:"GET"; http_method; content:"/khangdz1801/raw/refs/heads/main/sound.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318309/; classtype:trojan-activity;sid:84181409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317497)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/media/thing2"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"divvanews.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317497/; classtype:trojan-activity;sid:84180597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3316452)"; flow:established,from_client; content:"GET"; http_method; content:"/searchuii.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_01; reference:url, urlhaus.abuse.ch/url/3316452/; classtype:trojan-activity;sid:84179552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315253)"; flow:established,from_client; content:"GET"; http_method; content:"/order/purchaseorder.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315253/; classtype:trojan-activity;sid:84178353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315254)"; flow:established,from_client; content:"GET"; http_method; content:"/order/putty.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315254/; classtype:trojan-activity;sid:84178354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308928)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.1.252.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308928/; classtype:trojan-activity;sid:84172028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308905)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.85.101.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308905/; classtype:trojan-activity;sid:84172005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308898)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.183.16.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308898/; classtype:trojan-activity;sid:84171998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308875)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308875/; classtype:trojan-activity;sid:84171975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308847)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.26.174.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308847/; classtype:trojan-activity;sid:84171947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308798)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1idr9p3dgxkblhu7h4jckclzmtlibwsiw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308798/; classtype:trojan-activity;sid:84171898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308797)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1c2pnucvma1shu90mnauhef6shildth-s"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308797/; classtype:trojan-activity;sid:84171897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308461)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y0"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308461/; classtype:trojan-activity;sid:84171561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308462)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y3"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308462/; classtype:trojan-activity;sid:84171562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308463)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y4.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308463/; classtype:trojan-activity;sid:84171563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308464)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y2"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308464/; classtype:trojan-activity;sid:84171564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308465)"; flow:established,from_client; content:"GET"; http_method; content:"/xblkpfz8y1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"158.101.35.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308465/; classtype:trojan-activity;sid:84171565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3305535)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.185.23.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_26; reference:url, urlhaus.abuse.ch/url/3305535/; classtype:trojan-activity;sid:84168635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303817)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jbzzntbk1kuszoofww7hsqfdh066ontf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303817/; classtype:trojan-activity;sid:84166917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303818)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hkvynldkcbdd50_bsw3s9tk5elbduxtg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303818/; classtype:trojan-activity;sid:84166918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303101)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/lr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"183.102.83.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_24; reference:url, urlhaus.abuse.ch/url/3303101/; classtype:trojan-activity;sid:84166201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300881)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/y.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300881/; classtype:trojan-activity;sid:84163981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300394)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/refs/heads/main/document.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300394/; classtype:trojan-activity;sid:84163494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300382)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/test.xll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300382/; classtype:trojan-activity;sid:84163482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300387)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/ud.bat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300387/; classtype:trojan-activity;sid:84163487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300377)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/t.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300377/; classtype:trojan-activity;sid:84163477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300378)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/template.dotm"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300378/; classtype:trojan-activity;sid:84163478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300374)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/doadmin.png"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300374/; classtype:trojan-activity;sid:84163474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300375)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/steamerx.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300375/; classtype:trojan-activity;sid:84163475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300376)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/justpoc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300376/; classtype:trojan-activity;sid:84163476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300371)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/u.xls"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300371/; classtype:trojan-activity;sid:84163471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300372)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/scriptlet"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300372/; classtype:trojan-activity;sid:84163472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300068)"; flow:established,from_client; content:"GET"; http_method; content:"/es.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pub-cdd0dd27ae6a4aee9841d397e0496374.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3300068/; classtype:trojan-activity;sid:84163168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3299333)"; flow:established,from_client; content:"GET"; http_method; content:"/account/rolex_file.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"treinamento.convenio.to.gov.br"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3299333/; classtype:trojan-activity;sid:84162433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298233)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298233/; classtype:trojan-activity;sid:84161333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298219)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/raw/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298219/; classtype:trojan-activity;sid:84161319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298207)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/raw/refs/heads/main/document.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298207/; classtype:trojan-activity;sid:84161307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298202)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/ud/raw/refs/heads/main/ud.bat"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298202/; classtype:trojan-activity;sid:84161302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298205)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/u.xls"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298205/; classtype:trojan-activity;sid:84161305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298201)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/ud.bat"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298201/; classtype:trojan-activity;sid:84161301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297750)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/nube-f5f04.appspot.com/o/ansy.txt|3f|alt=media|7c|26|7c|token=703d87ea-0284-408f-b949-21b01138d2a5"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3297750/; classtype:trojan-activity;sid:84160850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3297053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_20; reference:url, urlhaus.abuse.ch/url/3297053/; classtype:trojan-activity;sid:84160153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296209)"; flow:established,from_client; content:"GET"; http_method; content:"/crm/exe/update.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.zhikey.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296209/; classtype:trojan-activity;sid:84159309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294913)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294913/; classtype:trojan-activity;sid:84158013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294809)"; flow:established,from_client; content:"GET"; http_method; content:"/configureregistrysettings.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.247.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294809/; classtype:trojan-activity;sid:84157909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294619)"; flow:established,from_client; content:"GET"; http_method; content:"/noureddine-nt9/rgsdr/raw/refs/heads/main/cheet.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294619/; classtype:trojan-activity;sid:84157719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292014)"; flow:established,from_client; content:"GET"; http_method; content:"/n/tui/mininews/mininewsplus/3.0.0.26165/mininewsplus-2.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"mininews.kpzip.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292014/; classtype:trojan-activity;sid:84155114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291910)"; flow:established,from_client; content:"GET"; http_method; content:"/3911_wz.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"wz.3911.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291910/; classtype:trojan-activity;sid:84155010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291869)"; flow:established,from_client; content:"GET"; http_method; content:"/images/stories/guides/guide2018.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"dcwblida.dz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291869/; classtype:trojan-activity;sid:84154969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290243)"; flow:established,from_client; content:"GET"; http_method; content:"/pro2.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.98.201.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290243/; classtype:trojan-activity;sid:84153343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289875)"; flow:established,from_client; content:"GET"; http_method; content:"/r00ts3c/ddos-rootsec/refs/heads/master/ddos%20scripts/l4/udp/10gbpsudp.py"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289875/; classtype:trojan-activity;sid:84152975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.250.231.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289468/; classtype:trojan-activity;sid:84152568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.57.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289469/; classtype:trojan-activity;sid:84152569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.255.216.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289466/; classtype:trojan-activity;sid:84152566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289461/; classtype:trojan-activity;sid:84152561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.2.177.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289462/; classtype:trojan-activity;sid:84152562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.28.177.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289464/; classtype:trojan-activity;sid:84152564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.201.176.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289454/; classtype:trojan-activity;sid:84152554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.21.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288922/; classtype:trojan-activity;sid:84152022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.118.75.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288915/; classtype:trojan-activity;sid:84152015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.171.188.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287640/; classtype:trojan-activity;sid:84150740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.121.12.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287632/; classtype:trojan-activity;sid:84150732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.127.218.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287636/; classtype:trojan-activity;sid:84150736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3287637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_12; reference:url, urlhaus.abuse.ch/url/3287637/; classtype:trojan-activity;sid:84150737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.73.64.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286828/; classtype:trojan-activity;sid:84149928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286821/; classtype:trojan-activity;sid:84149921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286518)"; flow:established,from_client; content:"GET"; http_method; content:"/kzxiaopeng2/kuaizip_setup_-808202126_xiaopeng2_001.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"d.kpzip.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286518/; classtype:trojan-activity;sid:84149618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286513)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip.convertimg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286513/; classtype:trojan-activity;sid:84149613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286067)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/main/shellcode.bin"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286067/; classtype:trojan-activity;sid:84149167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.247.218.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285570/; classtype:trojan-activity;sid:84148670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281714)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/obfuscatedps/dccuac.ps1"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281714/; classtype:trojan-activity;sid:84144814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281578)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/client.exe.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281578/; classtype:trojan-activity;sid:84144678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281577)"; flow:established,from_client; content:"GET"; http_method; content:"/maxz/update/client/dsetup.dll.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.174.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281577/; classtype:trojan-activity;sid:84144677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281278)"; flow:established,from_client; content:"GET"; http_method; content:"/nok/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281278/; classtype:trojan-activity;sid:84144378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281085)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281085/; classtype:trojan-activity;sid:84144185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280990)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2d424qwn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280990/; classtype:trojan-activity;sid:84144090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280680)"; flow:established,from_client; content:"GET"; http_method; content:"/fiies/stormfn-launcher/raw/refs/heads/main/stormfn-launcher.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280680/; classtype:trojan-activity;sid:84143780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279353)"; flow:established,from_client; content:"GET"; http_method; content:"/xavieprowel/crispy-palm-tree/releases/download/1/3e3ev3.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279353/; classtype:trojan-activity;sid:84142453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278669)"; flow:established,from_client; content:"GET"; http_method; content:"/txdown_disk/%e8%bd%af%e4%bb%b6%e4%bd%bf%e7%94%a8/%e7%bc%ba%e5%a4%b1%e4%b8%8b%e8%bd%bd/plugin.dll"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"disk.accord1key.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278669/; classtype:trojan-activity;sid:84141769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278573)"; flow:established,from_client; content:"GET"; http_method; content:"/ciphershld/ms-p-1a/master/setup%20ms%20p-1a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278573/; classtype:trojan-activity;sid:84141673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278576)"; flow:established,from_client; content:"GET"; http_method; content:"/minecradt/regdelete/readme-edits/hell9o.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278576/; classtype:trojan-activity;sid:84141676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278567)"; flow:established,from_client; content:"GET"; http_method; content:"/openpeach/dotnetfx_cleanup_tool/refs/heads/master/cleanup_tool.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278567/; classtype:trojan-activity;sid:84141667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278362)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1las2cmd3reobg45qhkqhawi90h4_u0kd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278362/; classtype:trojan-activity;sid:84141462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278361)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17hv9-3t2ilikbmcfql2z66ipd72x4mz7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278361/; classtype:trojan-activity;sid:84141461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276956)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"216.201.80.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276956/; classtype:trojan-activity;sid:84140056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276896)"; flow:established,from_client; content:"GET"; http_method; content:"/loistupidpet/sfdawsdawdaw/main/serials_checker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276896/; classtype:trojan-activity;sid:84139996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275669)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kc4fdseohzqymz2x0ncqswph66uxdb1z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275669/; classtype:trojan-activity;sid:84138769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275667)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1u_rahqbks7vd7qqc6wx3gxnjxtfqrzbp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275667/; classtype:trojan-activity;sid:84138767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275658)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-8qpzgr4-iis53p1-kr2-o6prrjmnksk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275658/; classtype:trojan-activity;sid:84138758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275656)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ubqrhziusgl-cn_nie2_udj4qi6qrqsw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275656/; classtype:trojan-activity;sid:84138756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275240)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ikoxnnlvglh6jhnfqkrsihss_p2dqkyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275240/; classtype:trojan-activity;sid:84138340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275241)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1r7oi2jekx0ks1wqpt0ms3_kqvukzy3dv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275241/; classtype:trojan-activity;sid:84138341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275242)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gmzqsemymffka4lve0jkwa06sklk7xhu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275242/; classtype:trojan-activity;sid:84138342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.123.89.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274634/; classtype:trojan-activity;sid:84137734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.41.182.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274607/; classtype:trojan-activity;sid:84137707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.19.13.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274591/; classtype:trojan-activity;sid:84137691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274064)"; flow:established,from_client; content:"GET"; http_method; content:"/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274064/; classtype:trojan-activity;sid:84137164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274049)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/main/spoofy.sys"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274049/; classtype:trojan-activity;sid:84137149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274046)"; flow:established,from_client; content:"GET"; http_method; content:"/skarsys/assaultcubecheat/main/spoofy.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274046/; classtype:trojan-activity;sid:84137146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274047)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/refs/heads/main/spoofy.sys"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274047/; classtype:trojan-activity;sid:84137147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274048)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/refs/heads/main/spoofy.sys"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274048/; classtype:trojan-activity;sid:84137148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3273868)"; flow:established,from_client; content:"GET"; http_method; content:"/download/telegram.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"telegramcn.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3273868/; classtype:trojan-activity;sid:84136968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272092)"; flow:established,from_client; content:"GET"; http_method; content:"/ordogos2/g575/releases/download/download/setup.7.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272092/; classtype:trojan-activity;sid:84135192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271922)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injector.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271922/; classtype:trojan-activity;sid:84135022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271923)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injectorold.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271923/; classtype:trojan-activity;sid:84135023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271924)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/driver.sys"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271924/; classtype:trojan-activity;sid:84135024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271925)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271925/; classtype:trojan-activity;sid:84135025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271919)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/ogfn%20updater.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271919/; classtype:trojan-activity;sid:84135019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271920)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/pclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271920/; classtype:trojan-activity;sid:84135020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271921)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/kdmapper_release.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271921/; classtype:trojan-activity;sid:84135021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271692)"; flow:established,from_client; content:"GET"; http_method; content:"/vc17x64.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271692/; classtype:trojan-activity;sid:84134792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271691)"; flow:established,from_client; content:"GET"; http_method; content:"/pchunter64.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271691/; classtype:trojan-activity;sid:84134791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271690)"; flow:established,from_client; content:"GET"; http_method; content:"/remotelyanywhere11.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271690/; classtype:trojan-activity;sid:84134790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271689)"; flow:established,from_client; content:"GET"; http_method; content:"/pm3100.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271689/; classtype:trojan-activity;sid:84134789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271686)"; flow:established,from_client; content:"GET"; http_method; content:"/qwsrv3.3.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271686/; classtype:trojan-activity;sid:84134786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271681)"; flow:established,from_client; content:"GET"; http_method; content:"/x210.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271681/; classtype:trojan-activity;sid:84134781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271683)"; flow:established,from_client; content:"GET"; http_method; content:"/ydcx.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271683/; classtype:trojan-activity;sid:84134783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271684)"; flow:established,from_client; content:"GET"; http_method; content:"/smb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271684/; classtype:trojan-activity;sid:84134784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271685)"; flow:established,from_client; content:"GET"; http_method; content:"/kb2808679x64.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271685/; classtype:trojan-activity;sid:84134785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271678)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271678/; classtype:trojan-activity;sid:84134778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271679)"; flow:established,from_client; content:"GET"; http_method; content:"/rlpb15.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271679/; classtype:trojan-activity;sid:84134779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271680)"; flow:established,from_client; content:"GET"; http_method; content:"/hydkj.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271680/; classtype:trojan-activity;sid:84134780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271675)"; flow:established,from_client; content:"GET"; http_method; content:"/autoruns.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271675/; classtype:trojan-activity;sid:84134775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271673)"; flow:established,from_client; content:"GET"; http_method; content:"/cysoft/winrarx64521sc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271673/; classtype:trojan-activity;sid:84134773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271672)"; flow:established,from_client; content:"GET"; http_method; content:"/hdtune.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271672/; classtype:trojan-activity;sid:84134772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271664)"; flow:established,from_client; content:"GET"; http_method; content:"/wblog.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271664/; classtype:trojan-activity;sid:84134764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271666)"; flow:established,from_client; content:"GET"; http_method; content:"/steam.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ftp.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271666/; classtype:trojan-activity;sid:84134766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271663)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271663/; classtype:trojan-activity;sid:84134763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271634)"; flow:established,from_client; content:"GET"; http_method; content:"/undertalanted/mod/refs/heads/main/svchost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271634/; classtype:trojan-activity;sid:84134734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271624)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271624/; classtype:trojan-activity;sid:84134724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271617)"; flow:established,from_client; content:"GET"; http_method; content:"/regolx1/hadb/refs/heads/main/svchost.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271617/; classtype:trojan-activity;sid:84134717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271614)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/main/svchost.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271614/; classtype:trojan-activity;sid:84134714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271612)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271612/; classtype:trojan-activity;sid:84134712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271609)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/refs/heads/main/svchost.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271609/; classtype:trojan-activity;sid:84134709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271610)"; flow:established,from_client; content:"GET"; http_method; content:"/media/furystorage/api/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"media.githubusercontent.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271610/; classtype:trojan-activity;sid:84134710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271611)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/refs/heads/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271611/; classtype:trojan-activity;sid:84134711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271605)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271605/; classtype:trojan-activity;sid:84134705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271594)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271594/; classtype:trojan-activity;sid:84134694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271596)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271596/; classtype:trojan-activity;sid:84134696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271586)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/raw/main/svchost.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271586/; classtype:trojan-activity;sid:84134686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271587)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/raw/refs/heads/main/svchost.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271587/; classtype:trojan-activity;sid:84134687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271590)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/raw/refs/heads/main/svchost.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271590/; classtype:trojan-activity;sid:84134690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271366)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/refs/heads/main/extremeinjector.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271366/; classtype:trojan-activity;sid:84134466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271369)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/raw/refs/heads/main/extremeinjector.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271369/; classtype:trojan-activity;sid:84134469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271206)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/blader-4f96f.appspot.com/o/rem251.txt|3f|alt=media|7c|26|7c|token=c0f99eb2-2f4d-4b6b-8bb6-bdb0e353c395"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271206/; classtype:trojan-activity;sid:84134306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270748)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270748/; classtype:trojan-activity;sid:84133848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270747)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270747/; classtype:trojan-activity;sid:84133847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270746)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270746/; classtype:trojan-activity;sid:84133846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270744)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270744/; classtype:trojan-activity;sid:84133844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270741)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3270741/; classtype:trojan-activity;sid:84133841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270198)"; flow:established,from_client; content:"GET"; http_method; content:"/web/img/edadf5dc5ec04c578e24f68006fad2b4.sys"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"zlonline.oss-cn-shenzhen.aliyuncs.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270198/; classtype:trojan-activity;sid:84133298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270196)"; flow:established,from_client; content:"GET"; http_method; content:"/novocrm/static/winring0x64.sys"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"118.189.172.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270196/; classtype:trojan-activity;sid:84133296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270195)"; flow:established,from_client; content:"GET"; http_method; content:"/ggassistant/update/2.3.11.29/tool/winring0x64.sys|3f|skq=1701042218"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"shqdown.ggzuhao.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270195/; classtype:trojan-activity;sid:84133295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270193)"; flow:established,from_client; content:"GET"; http_method; content:"/miguel-b-p/..../raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270193/; classtype:trojan-activity;sid:84133293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270185)"; flow:established,from_client; content:"GET"; http_method; content:"/silenthashik/winring/raw/main/winring0x64.sys"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270185/; classtype:trojan-activity;sid:84133285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270186)"; flow:established,from_client; content:"GET"; http_method; content:"/hak333444/xmrig/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270186/; classtype:trojan-activity;sid:84133286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270188)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/blob/master/bin/winring0/winring0x64.sys|3f|raw=true"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270188/; classtype:trojan-activity;sid:84133288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270189)"; flow:established,from_client; content:"GET"; http_method; content:"/so251/olaquerida/releases/download/1releasae/winring0x64.sys"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270189/; classtype:trojan-activity;sid:84133289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270191)"; flow:established,from_client; content:"GET"; http_method; content:"/jsjsjsc79/advsd/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270191/; classtype:trojan-activity;sid:84133291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270192)"; flow:established,from_client; content:"GET"; http_method; content:"/stickmengamer/idk/raw/main/winring0x64.sys"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270192/; classtype:trojan-activity;sid:84133292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270183)"; flow:established,from_client; content:"GET"; http_method; content:"/sopranotech/dimeo/main/winring0x64.sys"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270183/; classtype:trojan-activity;sid:84133283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270184)"; flow:established,from_client; content:"GET"; http_method; content:"/abrissyy/min/main/winring0x64.sys"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270184/; classtype:trojan-activity;sid:84133284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269789)"; flow:established,from_client; content:"GET"; http_method; content:"/framzzzzz/dont-use/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269789/; classtype:trojan-activity;sid:84132889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269715)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/archive/refs/heads/main.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269715/; classtype:trojan-activity;sid:84132815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265959)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygqwpvxadhjsxskr3u3tdw2u5dnzv0pp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265959/; classtype:trojan-activity;sid:84129059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265958)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uzjwtbh4hcs9i060hwf08hrnymnodugn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265958/; classtype:trojan-activity;sid:84129058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258473)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258473/; classtype:trojan-activity;sid:84121573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258474)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258474/; classtype:trojan-activity;sid:84121574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258460)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258460/; classtype:trojan-activity;sid:84121560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258462)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258462/; classtype:trojan-activity;sid:84121562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258439)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258439/; classtype:trojan-activity;sid:84121539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258443)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258443/; classtype:trojan-activity;sid:84121543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258448)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258448/; classtype:trojan-activity;sid:84121548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258435)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258435/; classtype:trojan-activity;sid:84121535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258429)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258429/; classtype:trojan-activity;sid:84121529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258397)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258397/; classtype:trojan-activity;sid:84121497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258399)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258399/; classtype:trojan-activity;sid:84121499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258403)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"193.46.218.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258403/; classtype:trojan-activity;sid:84121503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258033)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/refs/heads/main/ifiinms.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258033/; classtype:trojan-activity;sid:84121133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258029)"; flow:established,from_client; content:"GET"; http_method; content:"/javamagazine/magdownloads/downloads/utilities-windowtimer-ptimer.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258029/; classtype:trojan-activity;sid:84121129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257486)"; flow:established,from_client; content:"GET"; http_method; content:"/networks.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257486/; classtype:trojan-activity;sid:84120586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257484)"; flow:established,from_client; content:"GET"; http_method; content:"/data/javaw/net/net.xsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257484/; classtype:trojan-activity;sid:84120584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257470)"; flow:established,from_client; content:"GET"; http_method; content:"/netstat.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257470/; classtype:trojan-activity;sid:84120570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257471)"; flow:established,from_client; content:"GET"; http_method; content:"/net/net.xsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257471/; classtype:trojan-activity;sid:84120571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257473)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/net/net.xsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sec.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257473/; classtype:trojan-activity;sid:84120573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257474)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/inst.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"sec.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257474/; classtype:trojan-activity;sid:84120574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257475)"; flow:established,from_client; content:"GET"; http_method; content:"/netstat.xsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257475/; classtype:trojan-activity;sid:84120575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257477)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/instance.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sec.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257477/; classtype:trojan-activity;sid:84120577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254228)"; flow:established,from_client; content:"GET"; http_method; content:"/kdot227/somalifuscator/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254228/; classtype:trojan-activity;sid:84117328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254226)"; flow:established,from_client; content:"GET"; http_method; content:"/proxyonly/www/raw/main/security.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254226/; classtype:trojan-activity;sid:84117326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254222)"; flow:established,from_client; content:"GET"; http_method; content:"/robloxdev1223/requirements/raw/main/requirements.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254222/; classtype:trojan-activity;sid:84117322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252630)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252630/; classtype:trojan-activity;sid:84115730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3250891)"; flow:established,from_client; content:"GET"; http_method; content:"/peass-ng/peass-ng/releases/latest/download/linpeas.sh"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_24; reference:url, urlhaus.abuse.ch/url/3250891/; classtype:trojan-activity;sid:84113991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249739)"; flow:established,from_client; content:"GET"; http_method; content:"/img_up/shop_pds/nicehana/client.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"www.xn--on3b15m2lco2u.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249739/; classtype:trojan-activity;sid:84112839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249735)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249735/; classtype:trojan-activity;sid:84112835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249675)"; flow:established,from_client; content:"GET"; http_method; content:"/quasar/quasar/releases/download/v1.4.1/quasar.v1.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249675/; classtype:trojan-activity;sid:84112775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249662)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/refs/heads/master/rat/njrat.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249662/; classtype:trojan-activity;sid:84112762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246018)"; flow:established,from_client; content:"GET"; http_method; content:"/mestalic/site/refs/heads/main/file.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246018/; classtype:trojan-activity;sid:84109118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245733)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.152.219.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245733/; classtype:trojan-activity;sid:84108833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245732)"; flow:established,from_client; content:"GET"; http_method; content:"/vz.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.79.124.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245732/; classtype:trojan-activity;sid:84108832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245730)"; flow:established,from_client; content:"GET"; http_method; content:"/chinese.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.129.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245730/; classtype:trojan-activity;sid:84108830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245463)"; flow:established,from_client; content:"GET"; http_method; content:"/hs.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245463/; classtype:trojan-activity;sid:84108563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245459)"; flow:established,from_client; content:"GET"; http_method; content:"/kg.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245459/; classtype:trojan-activity;sid:84108559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245458)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245458/; classtype:trojan-activity;sid:84108558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243260)"; flow:established,from_client; content:"GET"; http_method; content:"/loader/loader.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"klar.gg"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243260/; classtype:trojan-activity;sid:84106360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243135)"; flow:established,from_client; content:"GET"; http_method; content:"/samarinda/filekey.mentah"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243135/; classtype:trojan-activity;sid:84106235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243134)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/file3.mentah"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243134/; classtype:trojan-activity;sid:84106234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243133)"; flow:established,from_client; content:"GET"; http_method; content:"/enjoyers/injek3.mentah"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.187.146.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243133/; classtype:trojan-activity;sid:84106233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243086)"; flow:established,from_client; content:"GET"; http_method; content:"/update/data/update.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243086/; classtype:trojan-activity;sid:84106186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243082)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0624.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243082/; classtype:trojan-activity;sid:84106182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243077)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0703.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243077/; classtype:trojan-activity;sid:84106177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242983)"; flow:established,from_client; content:"GET"; http_method; content:"/flowseal/zapret-discord-youtube/releases/download/1.1.1/zapret-discord-youtube-1.1.1.rar"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242983/; classtype:trojan-activity;sid:84106083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242769)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/solr.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"119.192.128.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242769/; classtype:trojan-activity;sid:84105869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242663)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack0832.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242663/; classtype:trojan-activity;sid:84105763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242642)"; flow:established,from_client; content:"GET"; http_method; content:"/rishabhkumardeveloper/malware_analysis_using_ml/main/wildfire-test-pe-file.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242642/; classtype:trojan-activity;sid:84105742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241764)"; flow:established,from_client; content:"GET"; http_method; content:"/mori-miyako/discord-token-generator/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241764/; classtype:trojan-activity;sid:84104864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241765)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/main/tweaks.7z"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241765/; classtype:trojan-activity;sid:84104865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241756)"; flow:established,from_client; content:"GET"; http_method; content:"/intergate0/none/main/main.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241756/; classtype:trojan-activity;sid:84104856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241754)"; flow:established,from_client; content:"GET"; http_method; content:"/wbrswbrn/awew45/refs/heads/main/nurik.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241754/; classtype:trojan-activity;sid:84104854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241752)"; flow:established,from_client; content:"GET"; http_method; content:"/kntjspr/licensebytes/refs/heads/main/licensemalwarebytes.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241752/; classtype:trojan-activity;sid:84104852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241644)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/refs/heads/main/connector1.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241644/; classtype:trojan-activity;sid:84104744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241637)"; flow:established,from_client; content:"GET"; http_method; content:"/s107000665/c1/master/1223.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241637/; classtype:trojan-activity;sid:84104737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241638)"; flow:established,from_client; content:"GET"; http_method; content:"/iciamyplant/ctf/master/plantrojan.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241638/; classtype:trojan-activity;sid:84104738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241639)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/main/shellcode.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241639/; classtype:trojan-activity;sid:84104739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241640)"; flow:established,from_client; content:"GET"; http_method; content:"/killbillpribil/world-of-tanks/master/world%20of%20tanks.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241640/; classtype:trojan-activity;sid:84104740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241641)"; flow:established,from_client; content:"GET"; http_method; content:"/mach1el/htb-scripts/master/exploit-fuse/shell.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241641/; classtype:trojan-activity;sid:84104741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241642)"; flow:established,from_client; content:"GET"; http_method; content:"/khr0x40sh/whitelistevasion/master/installutil/script.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241642/; classtype:trojan-activity;sid:84104742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241635)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"qiniuyunxz.yxflzs.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241635/; classtype:trojan-activity;sid:84104735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241559)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/donut.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241559/; classtype:trojan-activity;sid:84104659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241291)"; flow:established,from_client; content:"GET"; http_method; content:"/key.pem"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"152.136.140.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241291/; classtype:trojan-activity;sid:84104391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241127)"; flow:established,from_client; content:"GET"; http_method; content:"/justincoding3/slumfun/main/obfuscated.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241127/; classtype:trojan-activity;sid:84104227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241126)"; flow:established,from_client; content:"GET"; http_method; content:"/r00t-3xp10it/redpill/main/utils/compiled.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241126/; classtype:trojan-activity;sid:84104226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241125)"; flow:established,from_client; content:"GET"; http_method; content:"/secwiki/windows-kernel-exploits/master/ms14-068/ms14-068.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241125/; classtype:trojan-activity;sid:84104225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241123)"; flow:established,from_client; content:"GET"; http_method; content:"/prowindows365/hailhydra/refs/heads/main/hailhydra.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241123/; classtype:trojan-activity;sid:84104223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241055)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241055/; classtype:trojan-activity;sid:84104155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241019)"; flow:established,from_client; content:"GET"; http_method; content:"/gosha1239/onetap/master/onetap.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241019/; classtype:trojan-activity;sid:84104119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241005)"; flow:established,from_client; content:"GET"; http_method; content:"/ricepudding0xl/discordnitrogenerator/main/discordnitrogenerator.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241005/; classtype:trojan-activity;sid:84104105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241004)"; flow:established,from_client; content:"GET"; http_method; content:"/ryan2159/stuff/main/discord.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241004/; classtype:trojan-activity;sid:84104104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240999)"; flow:established,from_client; content:"GET"; http_method; content:"/sad-dust/death/main/stealinfo.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240999/; classtype:trojan-activity;sid:84104099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240998)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/main/discordspotifybypass.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240998/; classtype:trojan-activity;sid:84104098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240994)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/raw/main/discordspotifybypass.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240994/; classtype:trojan-activity;sid:84104094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240819)"; flow:established,from_client; content:"GET"; http_method; content:"/redcanaryco/atomic-red-team/master/atomics/t1204.002/bin/test10.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240819/; classtype:trojan-activity;sid:84103919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240817)"; flow:established,from_client; content:"GET"; http_method; content:"/cuckoobox/cuckoo/archive/master.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240817/; classtype:trojan-activity;sid:84103917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240813)"; flow:established,from_client; content:"GET"; http_method; content:"/haxork8880/files/main/windowssync.txt.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240813/; classtype:trojan-activity;sid:84103913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240814)"; flow:established,from_client; content:"GET"; http_method; content:"/crjtpp/tpplab_public/main/poc-sample-lnk.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240814/; classtype:trojan-activity;sid:84103914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240812)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerx237/miner/main/my-files.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240812/; classtype:trojan-activity;sid:84103912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240811)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/releases/download/beta_v0.6/all.tweaker.beta.v0.6.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240811/; classtype:trojan-activity;sid:84103911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240810)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/raw/main/tweaks.7z"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240810/; classtype:trojan-activity;sid:84103910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240720)"; flow:established,from_client; content:"GET"; http_method; content:"/dqwr1q23rwdfr/xxx/releases/download/xxx/vital.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240720/; classtype:trojan-activity;sid:84103820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240639)"; flow:established,from_client; content:"GET"; http_method; content:"/mohdjulaya09/code-sparrow-crypter-2.0-private-crack-leak/releases/download/%23crypter/codesparrow.crypter.2.0.crack.rar"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240639/; classtype:trojan-activity;sid:84103739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239707)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239707/; classtype:trojan-activity;sid:84102807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239669)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_3.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239669/; classtype:trojan-activity;sid:84102769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239666)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_4.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239666/; classtype:trojan-activity;sid:84102766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239667)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_2.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239667/; classtype:trojan-activity;sid:84102767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239668)"; flow:established,from_client; content:"GET"; http_method; content:"/sys/20230120_1.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"124.248.65.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239668/; classtype:trojan-activity;sid:84102768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238658)"; flow:established,from_client; content:"GET"; http_method; content:"/eaklauncher/eaklauncher.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238658/; classtype:trojan-activity;sid:84101758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238111)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238111/; classtype:trojan-activity;sid:84101211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238073)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/main/fast%20download.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238073/; classtype:trojan-activity;sid:84101173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238067)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasgay23/123/main/svhost.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238067/; classtype:trojan-activity;sid:84101167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238061)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/main/444.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238061/; classtype:trojan-activity;sid:84101161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238057)"; flow:established,from_client; content:"GET"; http_method; content:"/mentaliczz/bloxflippredictor-v2/main/bloxflip%20predictor.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238057/; classtype:trojan-activity;sid:84101157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238047)"; flow:established,from_client; content:"GET"; http_method; content:"/horiffy/sentil/main/sentil.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238047/; classtype:trojan-activity;sid:84101147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238045)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/refs/heads/main/njrat.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238045/; classtype:trojan-activity;sid:84101145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238025)"; flow:established,from_client; content:"GET"; http_method; content:"/tpinauskas/anticheat/main/amogus.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238025/; classtype:trojan-activity;sid:84101125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238013)"; flow:established,from_client; content:"GET"; http_method; content:"/vampirvikariy/clientn2/master/intro.avi.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238013/; classtype:trojan-activity;sid:84101113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238012)"; flow:established,from_client; content:"GET"; http_method; content:"/theairblow/theairblow/main/njrat.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238012/; classtype:trojan-activity;sid:84101112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238010)"; flow:established,from_client; content:"GET"; http_method; content:"/eluwnkaquxi/elcio/main/server1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238010/; classtype:trojan-activity;sid:84101110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/blob/master/rat/njrat.exe|3f|raw=true"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237975/; classtype:trojan-activity;sid:84101075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237976)"; flow:established,from_client; content:"GET"; http_method; content:"/5556.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.212.158.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237976/; classtype:trojan-activity;sid:84101076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237956)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/umbral-stealer/zip/refs/heads/main"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237956/; classtype:trojan-activity;sid:84101056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237955)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blank-grabber/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237955/; classtype:trojan-activity;sid:84101055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237954)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blankobf/zip/refs/heads/v2"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237954/; classtype:trojan-activity;sid:84101054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237889)"; flow:established,from_client; content:"GET"; http_method; content:"/activia/aa_v3.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sfa.com.ar"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237889/; classtype:trojan-activity;sid:84100989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237861)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/zip/refs/heads/main"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237861/; classtype:trojan-activity;sid:84100961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237810)"; flow:established,from_client; content:"GET"; http_method; content:"/steve824/a/zip/refs/heads/main"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237810/; classtype:trojan-activity;sid:84100910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237737)"; flow:established,from_client; content:"GET"; http_method; content:"/thebb5th/123/zip/refs/heads/main"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237737/; classtype:trojan-activity;sid:84100837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237465)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_suia0iczdw2reew1f9hgunezxcwv52d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237465/; classtype:trojan-activity;sid:84100565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237464)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_3ozdjl5puad8qn3tipydynn5j7l13el"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237464/; classtype:trojan-activity;sid:84100564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236597)"; flow:established,from_client; content:"GET"; http_method; content:"/center.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236597/; classtype:trojan-activity;sid:84099697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236587)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"153.37.77.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236587/; classtype:trojan-activity;sid:84099687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236559)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.136.142.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236559/; classtype:trojan-activity;sid:84099659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236453)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/powershellscripts/invoke-petitpotam.ps1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236453/; classtype:trojan-activity;sid:84099553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236450)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/x.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.192.128.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236450/; classtype:trojan-activity;sid:84099550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236324)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xwgl/xw_xxgl.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236324/; classtype:trojan-activity;sid:84099424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236322)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xw_setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236322/; classtype:trojan-activity;sid:84099422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236323)"; flow:established,from_client; content:"GET"; http_method; content:"/file/yhy_setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236323/; classtype:trojan-activity;sid:84099423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236318)"; flow:established,from_client; content:"GET"; http_method; content:"/products/4001/updates/efatura/efatura.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elisans.novayonetim.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236318/; classtype:trojan-activity;sid:84099418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236314)"; flow:established,from_client; content:"GET"; http_method; content:"/ipscan.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"file.edunet.ac"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236314/; classtype:trojan-activity;sid:84099414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236272)"; flow:established,from_client; content:"GET"; http_method; content:"/1skilllauncher/1skilllauncher.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236272/; classtype:trojan-activity;sid:84099372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236240)"; flow:established,from_client; content:"GET"; http_method; content:"/services/identification/server/gtptoolsdownloadhandler.ashx|3f|filename=gtp_6_browserplugin_setup.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"hnjgdl.geps.glodon.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236240/; classtype:trojan-activity;sid:84099340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236237)"; flow:established,from_client; content:"GET"; http_method; content:"/natgo.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dl.natgo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236237/; classtype:trojan-activity;sid:84099337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236236)"; flow:established,from_client; content:"GET"; http_method; content:"/download/etermproxy.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pid.fly160.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236236/; classtype:trojan-activity;sid:84099336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236227)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/iupdate.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.innovare.no"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236227/; classtype:trojan-activity;sid:84099327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236224)"; flow:established,from_client; content:"GET"; http_method; content:"/pdd_biaoge/soft/down.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"49.234.48.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236224/; classtype:trojan-activity;sid:84099324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236154/; classtype:trojan-activity;sid:84099254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235523)"; flow:established,from_client; content:"GET"; http_method; content:"/chainguard-dev/bincapz/archive/refs/tags/v0.5.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235523/; classtype:trojan-activity;sid:84098623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235522)"; flow:established,from_client; content:"GET"; http_method; content:"/playmcbkuwu/vape/releases/download/stable/vape.v4.10.from.duckysolucky.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235522/; classtype:trojan-activity;sid:84098622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235514)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235514/; classtype:trojan-activity;sid:84098614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235513)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.4.7/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235513/; classtype:trojan-activity;sid:84098613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235094)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/update.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235094/; classtype:trojan-activity;sid:84098194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235077)"; flow:established,from_client; content:"GET"; http_method; content:"/libcurl.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235077/; classtype:trojan-activity;sid:84098177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234859)"; flow:established,from_client; content:"GET"; http_method; content:"/petikvx/lockbit-black-builder/main/lockbit30/builder.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234859/; classtype:trojan-activity;sid:84097959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234858)"; flow:established,from_client; content:"GET"; http_method; content:"/tennessene/lockbit/refs/heads/main/builder.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234858/; classtype:trojan-activity;sid:84097958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234803)"; flow:established,from_client; content:"GET"; http_method; content:"/crazycoach.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"coach.028csc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234803/; classtype:trojan-activity;sid:84097903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232402)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.32.202.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232402/; classtype:trojan-activity;sid:84095502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231923)"; flow:established,from_client; content:"GET"; http_method; content:"/nok/mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231923/; classtype:trojan-activity;sid:84095023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231796)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16737801/wave.zip|3f|"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231796/; classtype:trojan-activity;sid:84094896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231794)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16419615/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231794/; classtype:trojan-activity;sid:84094894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229631)"; flow:established,from_client; content:"GET"; http_method; content:"/kamilniftaliev/cryptoview/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229631/; classtype:trojan-activity;sid:84092731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228667)"; flow:established,from_client; content:"GET"; http_method; content:"/winassist/login/login.7z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"win.down.55kantu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228667/; classtype:trojan-activity;sid:84091767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228412)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.0.199.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228412/; classtype:trojan-activity;sid:84091512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226239)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.0/xmrig-6.22.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226239/; classtype:trojan-activity;sid:84089339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225936)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225936/; classtype:trojan-activity;sid:84089036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225930)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225930/; classtype:trojan-activity;sid:84089030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3225922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.188.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3225922/; classtype:trojan-activity;sid:84089022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218033)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.216.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218033/; classtype:trojan-activity;sid:84081133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218030)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.101.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218030/; classtype:trojan-activity;sid:84081130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218022/; classtype:trojan-activity;sid:84081122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218026)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.121.113.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218026/; classtype:trojan-activity;sid:84081126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218007/; classtype:trojan-activity;sid:84081107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.217.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218009/; classtype:trojan-activity;sid:84081109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.147.146.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218011/; classtype:trojan-activity;sid:84081111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218001)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218001/; classtype:trojan-activity;sid:84081101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217787)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217787/; classtype:trojan-activity;sid:84080887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.130.160.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217802/; classtype:trojan-activity;sid:84080902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217784)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217784/; classtype:trojan-activity;sid:84080884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217780/; classtype:trojan-activity;sid:84080880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217775)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217775/; classtype:trojan-activity;sid:84080875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217753/; classtype:trojan-activity;sid:84080853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217757)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.155.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217757/; classtype:trojan-activity;sid:84080857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217760)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217760/; classtype:trojan-activity;sid:84080860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217750)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.28.228.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217750/; classtype:trojan-activity;sid:84080850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217745)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217745/; classtype:trojan-activity;sid:84080845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217740)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217740/; classtype:trojan-activity;sid:84080840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217717/; classtype:trojan-activity;sid:84080817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.233.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217719/; classtype:trojan-activity;sid:84080819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217729)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217729/; classtype:trojan-activity;sid:84080829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217689/; classtype:trojan-activity;sid:84080789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.16.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217684/; classtype:trojan-activity;sid:84080784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217681)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217681/; classtype:trojan-activity;sid:84080781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217682)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217682/; classtype:trojan-activity;sid:84080782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217665)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217665/; classtype:trojan-activity;sid:84080765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.12.184.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217669/; classtype:trojan-activity;sid:84080769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217674/; classtype:trojan-activity;sid:84080774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217676)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.24.237.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217676/; classtype:trojan-activity;sid:84080776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217638)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.6.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217638/; classtype:trojan-activity;sid:84080738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217618)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217618/; classtype:trojan-activity;sid:84080718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217562)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217562/; classtype:trojan-activity;sid:84080662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217557)"; flow:established,from_client; content:"GET"; http_method; content:"/123.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.247.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217557/; classtype:trojan-activity;sid:84080657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.118.215.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217454/; classtype:trojan-activity;sid:84080554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217426)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217426/; classtype:trojan-activity;sid:84080526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217127/; classtype:trojan-activity;sid:84080227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217131/; classtype:trojan-activity;sid:84080231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217134/; classtype:trojan-activity;sid:84080234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217135/; classtype:trojan-activity;sid:84080235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217136/; classtype:trojan-activity;sid:84080236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.105.196.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217139/; classtype:trojan-activity;sid:84080239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217092/; classtype:trojan-activity;sid:84080192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217096/; classtype:trojan-activity;sid:84080196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217097/; classtype:trojan-activity;sid:84080197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.238.209.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217098/; classtype:trojan-activity;sid:84080198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217102/; classtype:trojan-activity;sid:84080202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217104/; classtype:trojan-activity;sid:84080204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217109/; classtype:trojan-activity;sid:84080209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.116.68.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217110/; classtype:trojan-activity;sid:84080210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217111/; classtype:trojan-activity;sid:84080211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217086/; classtype:trojan-activity;sid:84080186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217090/; classtype:trojan-activity;sid:84080190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217091/; classtype:trojan-activity;sid:84080191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.19.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217067/; classtype:trojan-activity;sid:84080167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217069/; classtype:trojan-activity;sid:84080169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217073/; classtype:trojan-activity;sid:84080173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.203.89.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217049/; classtype:trojan-activity;sid:84080149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217059/; classtype:trojan-activity;sid:84080159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217062/; classtype:trojan-activity;sid:84080162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217063/; classtype:trojan-activity;sid:84080163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217064/; classtype:trojan-activity;sid:84080164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217065/; classtype:trojan-activity;sid:84080165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217044/; classtype:trojan-activity;sid:84080144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217037/; classtype:trojan-activity;sid:84080137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217028/; classtype:trojan-activity;sid:84080128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217029/; classtype:trojan-activity;sid:84080129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217032/; classtype:trojan-activity;sid:84080132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217006/; classtype:trojan-activity;sid:84080106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"12.148.208.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217010/; classtype:trojan-activity;sid:84080110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217012/; classtype:trojan-activity;sid:84080112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.184.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217015/; classtype:trojan-activity;sid:84080115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217023/; classtype:trojan-activity;sid:84080123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217001/; classtype:trojan-activity;sid:84080101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217004/; classtype:trojan-activity;sid:84080104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.93.219.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217000/; classtype:trojan-activity;sid:84080100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.10.183.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216997/; classtype:trojan-activity;sid:84080097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216967/; classtype:trojan-activity;sid:84080067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216969/; classtype:trojan-activity;sid:84080069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216971/; classtype:trojan-activity;sid:84080071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216974/; classtype:trojan-activity;sid:84080074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.255.217.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216977/; classtype:trojan-activity;sid:84080077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.155.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216978/; classtype:trojan-activity;sid:84080078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216979/; classtype:trojan-activity;sid:84080079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216983/; classtype:trojan-activity;sid:84080083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216986/; classtype:trojan-activity;sid:84080086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216989/; classtype:trojan-activity;sid:84080089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216960/; classtype:trojan-activity;sid:84080060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216962/; classtype:trojan-activity;sid:84080062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.73.75.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216963/; classtype:trojan-activity;sid:84080063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216958/; classtype:trojan-activity;sid:84080058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216956/; classtype:trojan-activity;sid:84080056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.64.182.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216951/; classtype:trojan-activity;sid:84080051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216927/; classtype:trojan-activity;sid:84080027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216934/; classtype:trojan-activity;sid:84080034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216935/; classtype:trojan-activity;sid:84080035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216936/; classtype:trojan-activity;sid:84080036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216941/; classtype:trojan-activity;sid:84080041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216943/; classtype:trojan-activity;sid:84080043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216945/; classtype:trojan-activity;sid:84080045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216918/; classtype:trojan-activity;sid:84080018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216921/; classtype:trojan-activity;sid:84080021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216889/; classtype:trojan-activity;sid:84079989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216892/; classtype:trojan-activity;sid:84079992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216893/; classtype:trojan-activity;sid:84079993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216899/; classtype:trojan-activity;sid:84079999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216900/; classtype:trojan-activity;sid:84080000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216906/; classtype:trojan-activity;sid:84080006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216883/; classtype:trojan-activity;sid:84079983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216886/; classtype:trojan-activity;sid:84079986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.15.85.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216862/; classtype:trojan-activity;sid:84079962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.72.199.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216865/; classtype:trojan-activity;sid:84079965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216841/; classtype:trojan-activity;sid:84079941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216846/; classtype:trojan-activity;sid:84079946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216849/; classtype:trojan-activity;sid:84079949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.196.120.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216837/; classtype:trojan-activity;sid:84079937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216812/; classtype:trojan-activity;sid:84079912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216813/; classtype:trojan-activity;sid:84079913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216819/; classtype:trojan-activity;sid:84079919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216820/; classtype:trojan-activity;sid:84079920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.203.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216823/; classtype:trojan-activity;sid:84079923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216828/; classtype:trojan-activity;sid:84079928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216802/; classtype:trojan-activity;sid:84079902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216804/; classtype:trojan-activity;sid:84079904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216800/; classtype:trojan-activity;sid:84079900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216794/; classtype:trojan-activity;sid:84079894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216796/; classtype:trojan-activity;sid:84079896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216772/; classtype:trojan-activity;sid:84079872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216761/; classtype:trojan-activity;sid:84079861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216763/; classtype:trojan-activity;sid:84079863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216751/; classtype:trojan-activity;sid:84079851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216750/; classtype:trojan-activity;sid:84079850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216730/; classtype:trojan-activity;sid:84079830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216732/; classtype:trojan-activity;sid:84079832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216733/; classtype:trojan-activity;sid:84079833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216735/; classtype:trojan-activity;sid:84079835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216739/; classtype:trojan-activity;sid:84079839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216742/; classtype:trojan-activity;sid:84079842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216743/; classtype:trojan-activity;sid:84079843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216724/; classtype:trojan-activity;sid:84079824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216726/; classtype:trojan-activity;sid:84079826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.138.68.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216713/; classtype:trojan-activity;sid:84079813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.135.26.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216704/; classtype:trojan-activity;sid:84079804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216709/; classtype:trojan-activity;sid:84079809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216682/; classtype:trojan-activity;sid:84079782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216685/; classtype:trojan-activity;sid:84079785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216688/; classtype:trojan-activity;sid:84079788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216690/; classtype:trojan-activity;sid:84079790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216694/; classtype:trojan-activity;sid:84079794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216696/; classtype:trojan-activity;sid:84079796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.128.81.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216698/; classtype:trojan-activity;sid:84079798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216700/; classtype:trojan-activity;sid:84079800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216670/; classtype:trojan-activity;sid:84079770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216651/; classtype:trojan-activity;sid:84079751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216652/; classtype:trojan-activity;sid:84079752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216653/; classtype:trojan-activity;sid:84079753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216664/; classtype:trojan-activity;sid:84079764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216641/; classtype:trojan-activity;sid:84079741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216636/; classtype:trojan-activity;sid:84079736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216633/; classtype:trojan-activity;sid:84079733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216627/; classtype:trojan-activity;sid:84079727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216629/; classtype:trojan-activity;sid:84079729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216607/; classtype:trojan-activity;sid:84079707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216610/; classtype:trojan-activity;sid:84079710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.100.49.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216616/; classtype:trojan-activity;sid:84079716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216599/; classtype:trojan-activity;sid:84079699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.233.63.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216600/; classtype:trojan-activity;sid:84079700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216603/; classtype:trojan-activity;sid:84079703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216598/; classtype:trojan-activity;sid:84079698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216594/; classtype:trojan-activity;sid:84079694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216572/; classtype:trojan-activity;sid:84079672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216575/; classtype:trojan-activity;sid:84079675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216577/; classtype:trojan-activity;sid:84079677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216581/; classtype:trojan-activity;sid:84079681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216582/; classtype:trojan-activity;sid:84079682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216583/; classtype:trojan-activity;sid:84079683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216584/; classtype:trojan-activity;sid:84079684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216553/; classtype:trojan-activity;sid:84079653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216555/; classtype:trojan-activity;sid:84079655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.112.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216556/; classtype:trojan-activity;sid:84079656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216557/; classtype:trojan-activity;sid:84079657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216559/; classtype:trojan-activity;sid:84079659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.9.34.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216560/; classtype:trojan-activity;sid:84079660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216564/; classtype:trojan-activity;sid:84079664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216567/; classtype:trojan-activity;sid:84079667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216569/; classtype:trojan-activity;sid:84079669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216537/; classtype:trojan-activity;sid:84079637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216522/; classtype:trojan-activity;sid:84079622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216529/; classtype:trojan-activity;sid:84079629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216532/; classtype:trojan-activity;sid:84079632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216534/; classtype:trojan-activity;sid:84079634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216509/; classtype:trojan-activity;sid:84079609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216510/; classtype:trojan-activity;sid:84079610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.160.124.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216487/; classtype:trojan-activity;sid:84079587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.181.166.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216488/; classtype:trojan-activity;sid:84079588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.26.81.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216491/; classtype:trojan-activity;sid:84079591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216496/; classtype:trojan-activity;sid:84079596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.252.66.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216499/; classtype:trojan-activity;sid:84079599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216501/; classtype:trojan-activity;sid:84079601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216502/; classtype:trojan-activity;sid:84079602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216470/; classtype:trojan-activity;sid:84079570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216471/; classtype:trojan-activity;sid:84079571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.124.61.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216475/; classtype:trojan-activity;sid:84079575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216478/; classtype:trojan-activity;sid:84079578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216479/; classtype:trojan-activity;sid:84079579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216456)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216456/; classtype:trojan-activity;sid:84079556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216437)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216437/; classtype:trojan-activity;sid:84079537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216435)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.93.22.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216435/; classtype:trojan-activity;sid:84079535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216430)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.191.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216430/; classtype:trojan-activity;sid:84079530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216428)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.220.203.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216428/; classtype:trojan-activity;sid:84079528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216421)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.92.214.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216421/; classtype:trojan-activity;sid:84079521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.98.186.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216413/; classtype:trojan-activity;sid:84079513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216406)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.232.126.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216406/; classtype:trojan-activity;sid:84079506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216404)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.158.25.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216404/; classtype:trojan-activity;sid:84079504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216396)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216396/; classtype:trojan-activity;sid:84079496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216384)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.12.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216384/; classtype:trojan-activity;sid:84079484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216382)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216382/; classtype:trojan-activity;sid:84079482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216377)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.110.15.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216377/; classtype:trojan-activity;sid:84079477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216376)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.169.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216376/; classtype:trojan-activity;sid:84079476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216372)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216372/; classtype:trojan-activity;sid:84079472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216365)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216365/; classtype:trojan-activity;sid:84079465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216359)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216359/; classtype:trojan-activity;sid:84079459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216353)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.117.136.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216353/; classtype:trojan-activity;sid:84079453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.13.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216334/; classtype:trojan-activity;sid:84079434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216329/; classtype:trojan-activity;sid:84079429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216322/; classtype:trojan-activity;sid:84079422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"74.64.155.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216321/; classtype:trojan-activity;sid:84079421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216318)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.219.74.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216318/; classtype:trojan-activity;sid:84079418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216314)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.108.119.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216314/; classtype:trojan-activity;sid:84079414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216309)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.163.234.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216309/; classtype:trojan-activity;sid:84079409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216306)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216306/; classtype:trojan-activity;sid:84079406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216302/; classtype:trojan-activity;sid:84079402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216301/; classtype:trojan-activity;sid:84079401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.128.81.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215845/; classtype:trojan-activity;sid:84078945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215839/; classtype:trojan-activity;sid:84078939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.124.61.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215842/; classtype:trojan-activity;sid:84078942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215834/; classtype:trojan-activity;sid:84078934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.74.207.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215832/; classtype:trojan-activity;sid:84078932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215823/; classtype:trojan-activity;sid:84078923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.124.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215825/; classtype:trojan-activity;sid:84078925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215826/; classtype:trojan-activity;sid:84078926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215829/; classtype:trojan-activity;sid:84078929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.239.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215830/; classtype:trojan-activity;sid:84078930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215800/; classtype:trojan-activity;sid:84078900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.86.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215806/; classtype:trojan-activity;sid:84078906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.151.108.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215780/; classtype:trojan-activity;sid:84078880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.248.23.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215784/; classtype:trojan-activity;sid:84078884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215788/; classtype:trojan-activity;sid:84078888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215793/; classtype:trojan-activity;sid:84078893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215795/; classtype:trojan-activity;sid:84078895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215776/; classtype:trojan-activity;sid:84078876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215772/; classtype:trojan-activity;sid:84078872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.172.187.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215485/; classtype:trojan-activity;sid:84078585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215481/; classtype:trojan-activity;sid:84078581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.203.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215482/; classtype:trojan-activity;sid:84078582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.81.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215483/; classtype:trojan-activity;sid:84078583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215478/; classtype:trojan-activity;sid:84078578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.155.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215473/; classtype:trojan-activity;sid:84078573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215469/; classtype:trojan-activity;sid:84078569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215463/; classtype:trojan-activity;sid:84078563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.98.186.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215464/; classtype:trojan-activity;sid:84078564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215455/; classtype:trojan-activity;sid:84078555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.219.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215435/; classtype:trojan-activity;sid:84078535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215440/; classtype:trojan-activity;sid:84078540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215421/; classtype:trojan-activity;sid:84078521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215420/; classtype:trojan-activity;sid:84078520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.255.217.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215417/; classtype:trojan-activity;sid:84078517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215410/; classtype:trojan-activity;sid:84078510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.143.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215403/; classtype:trojan-activity;sid:84078503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215404/; classtype:trojan-activity;sid:84078504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.203.89.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215392/; classtype:trojan-activity;sid:84078492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215399/; classtype:trojan-activity;sid:84078499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.61.103.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215388/; classtype:trojan-activity;sid:84078488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215382/; classtype:trojan-activity;sid:84078482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.85.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215377/; classtype:trojan-activity;sid:84078477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.23.192.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215366/; classtype:trojan-activity;sid:84078466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.160.128.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215369/; classtype:trojan-activity;sid:84078469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.105.196.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215372/; classtype:trojan-activity;sid:84078472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215359/; classtype:trojan-activity;sid:84078459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215363/; classtype:trojan-activity;sid:84078463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.211.219.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215355/; classtype:trojan-activity;sid:84078455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.211.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215356/; classtype:trojan-activity;sid:84078456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215357/; classtype:trojan-activity;sid:84078457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213897)"; flow:established,from_client; content:"GET"; http_method; content:"/matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213897/; classtype:trojan-activity;sid:84076997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206293)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/2pac.php"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206293/; classtype:trojan-activity;sid:84069393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204753/; classtype:trojan-activity;sid:84067853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204733/; classtype:trojan-activity;sid:84067833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204531)"; flow:established,from_client; content:"GET"; http_method; content:"/for_down/2013/new/dlls/rse/rsreport.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"download.suxiazai.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204531/; classtype:trojan-activity;sid:84067631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3200548)"; flow:established,from_client; content:"GET"; http_method; content:"/slinky/slinkycrack.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"crystalpvp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3200548/; classtype:trojan-activity;sid:84063648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198764)"; flow:established,from_client; content:"GET"; http_method; content:"/host.out"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.50.0.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198764/; classtype:trojan-activity;sid:84061864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198753)"; flow:established,from_client; content:"GET"; http_method; content:"/pinginfoview.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198753/; classtype:trojan-activity;sid:84061853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198696)"; flow:established,from_client; content:"GET"; http_method; content:"/cen22.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.100.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198696/; classtype:trojan-activity;sid:84061796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195888)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.188.137.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195888/; classtype:trojan-activity;sid:84058988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195887)"; flow:established,from_client; content:"GET"; http_method; content:"/dllgiris.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.98.231.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195887/; classtype:trojan-activity;sid:84058987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195883)"; flow:established,from_client; content:"GET"; http_method; content:"/scanport.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195883/; classtype:trojan-activity;sid:84058983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195831)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195831/; classtype:trojan-activity;sid:84058931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195832)"; flow:established,from_client; content:"GET"; http_method; content:"/winbox/winbox.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.123.98.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195832/; classtype:trojan-activity;sid:84058932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195736)"; flow:established,from_client; content:"GET"; http_method; content:"/fx8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.250.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195736/; classtype:trojan-activity;sid:84058836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195292)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%b8%85%e7%90%86%e5%9e%83%e5%9c%be.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"39.103.217.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195292/; classtype:trojan-activity;sid:84058392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193861)"; flow:established,from_client; content:"GET"; http_method; content:"/massgravel/microsoft-activation-scripts/b1b5299c4725d97349b18b59061647198f7cc59b/mas/all-in-one-version-kl/mas_aio.cmd"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193861/; classtype:trojan-activity;sid:84056961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193548)"; flow:established,from_client; content:"GET"; http_method; content:"/bitrix/js/main/core/core.js"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"evangroup.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193548/; classtype:trojan-activity;sid:84056648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3192568)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz_trunk/win32/mimikatz.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"120.25.163.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_26; reference:url, urlhaus.abuse.ch/url/3192568/; classtype:trojan-activity;sid:84055668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190997)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190997/; classtype:trojan-activity;sid:84054097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190775)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190775/; classtype:trojan-activity;sid:84053875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.92.65.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190704/; classtype:trojan-activity;sid:84053804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190461)"; flow:established,from_client; content:"GET"; http_method; content:"/7"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190461/; classtype:trojan-activity;sid:84053561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190462)"; flow:established,from_client; content:"GET"; http_method; content:"/5"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190462/; classtype:trojan-activity;sid:84053562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190459)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190459/; classtype:trojan-activity;sid:84053559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190421)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"51.91.111.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190421/; classtype:trojan-activity;sid:84053521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190376)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.153.129.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190376/; classtype:trojan-activity;sid:84053476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190323/; classtype:trojan-activity;sid:84053423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190317)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190317/; classtype:trojan-activity;sid:84053417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189225)"; flow:established,from_client; content:"GET"; http_method; content:"/unknwon1352/qawfdasfaw/main/software.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189225/; classtype:trojan-activity;sid:84052325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188620)"; flow:established,from_client; content:"GET"; http_method; content:"/repository/aa_v3.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"83.149.17.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3188620/; classtype:trojan-activity;sid:84051720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188034)"; flow:established,from_client; content:"GET"; http_method; content:"/blueskyxn/changesource/master/besttrace"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3188034/; classtype:trojan-activity;sid:84051134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3187553)"; flow:established,from_client; content:"GET"; http_method; content:"/download/%e5%9b%9b%e6%96%b9%e5%b9%b3%e5%8f%b0-%e5%8d%a1%e5%95%86%e7%ab%af.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"sms-szfang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3187553/; classtype:trojan-activity;sid:84050653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186441)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.6.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186441/; classtype:trojan-activity;sid:84049541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186440)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186440/; classtype:trojan-activity;sid:84049540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186439)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.4.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186439/; classtype:trojan-activity;sid:84049539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186430)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186430/; classtype:trojan-activity;sid:84049530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186428)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_windowsport.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186428/; classtype:trojan-activity;sid:84049528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182627)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.i586"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182627/; classtype:trojan-activity;sid:84045727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182626)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv7l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182626/; classtype:trojan-activity;sid:84045726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182622)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.mipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182622/; classtype:trojan-activity;sid:84045722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182623)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv5l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182623/; classtype:trojan-activity;sid:84045723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182624)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.armv6l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182624/; classtype:trojan-activity;sid:84045724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3182620)"; flow:established,from_client; content:"GET"; http_method; content:"/criptonize.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"41.231.37.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_20; reference:url, urlhaus.abuse.ch/url/3182620/; classtype:trojan-activity;sid:84045720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178401)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1v9ujqbyj-mlf9mugkyiwow6t3rpui2bu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178401/; classtype:trojan-activity;sid:84041501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174891)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174891/; classtype:trojan-activity;sid:84037991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174523)"; flow:established,from_client; content:"GET"; http_method; content:"/scribblercoder/browserthief/main/browserthief.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174523/; classtype:trojan-activity;sid:84037623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174364)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tecunonline.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174364/; classtype:trojan-activity;sid:84037464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174340)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.tecunonline.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174340/; classtype:trojan-activity;sid:84037440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174264)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174264/; classtype:trojan-activity;sid:84037364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3173868)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3173868/; classtype:trojan-activity;sid:84036968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172240)"; flow:established,from_client; content:"GET"; http_method; content:"/techsavvysenior/referralreactjs/archive/refs/heads/main.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172240/; classtype:trojan-activity;sid:84035340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3171541)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3171541/; classtype:trojan-activity;sid:84034641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3171542)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3171542/; classtype:trojan-activity;sid:84034642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3169080)"; flow:established,from_client; content:"GET"; http_method; content:"/tenants/135790374f46b0107c516a5f5e13069b/5e5f800fdf87209fdf8f9b61441e53a1/linux/x64/stable/install.sh"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"download.cudo.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_09_12; reference:url, urlhaus.abuse.ch/url/3169080/; classtype:trojan-activity;sid:84032180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163579)"; flow:established,from_client; content:"GET"; http_method; content:"/handler/download|3f|action=download|7c|26|7c|download_id=jgc6slaf|7c|26|7c|private_id=0|7c|26|7c|url=https%253a%252f%252fyoutransfer.net%252fjgc6slaf"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"youtransfer.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_09; reference:url, urlhaus.abuse.ch/url/3163579/; classtype:trojan-activity;sid:84026679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3160869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.210.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_07; reference:url, urlhaus.abuse.ch/url/3160869/; classtype:trojan-activity;sid:84023969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3159138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.94.210.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_06; reference:url, urlhaus.abuse.ch/url/3159138/; classtype:trojan-activity;sid:84022238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154718)"; flow:established,from_client; content:"GET"; http_method; content:"/hackirby/discord-injection/main/injection.js"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154718/; classtype:trojan-activity;sid:84017818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3137563)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_31; reference:url, urlhaus.abuse.ch/url/3137563/; classtype:trojan-activity;sid:84000663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135722)"; flow:established,from_client; content:"GET"; http_method; content:"/sosinchik/asd/main/zoom.py"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135722/; classtype:trojan-activity;sid:83998822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135724)"; flow:established,from_client; content:"GET"; http_method; content:"/moneroocean/xmrig_setup/master/setup_moneroocean_miner.sh"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135724/; classtype:trojan-activity;sid:83998824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135613)"; flow:established,from_client; content:"GET"; http_method; content:"/log/orgn.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"epanpano.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135613/; classtype:trojan-activity;sid:83998713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135260)"; flow:established,from_client; content:"GET"; http_method; content:"/c64.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hi.admini.website"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135260/; classtype:trojan-activity;sid:83998360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134374)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/wnbsqv3008.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"soft.wsyhn.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134374/; classtype:trojan-activity;sid:83997474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134371)"; flow:established,from_client; content:"GET"; http_method; content:"/qqhelper_1540.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"down.qqfarmer.com.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134371/; classtype:trojan-activity;sid:83997471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134368)"; flow:established,from_client; content:"GET"; http_method; content:"/login/1188%e7%83%88%e7%84%b0.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"cdn.ly.9377.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134368/; classtype:trojan-activity;sid:83997468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129654)"; flow:established,from_client; content:"GET"; http_method; content:"/nova_flow/patcher.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"144.172.71.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129654/; classtype:trojan-activity;sid:83992754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129577)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/update/css/self/[upg]css.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"cs.go.kg"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129577/; classtype:trojan-activity;sid:83992677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129478)"; flow:established,from_client; content:"GET"; http_method; content:"/zoldownload/foobar2000_v1.6.7_beta_17@1704_129472.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"down10d.zol.com.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129478/; classtype:trojan-activity;sid:83992578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129422)"; flow:established,from_client; content:"GET"; http_method; content:"/tjqdq.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.249.193.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129422/; classtype:trojan-activity;sid:83992522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129417)"; flow:established,from_client; content:"GET"; http_method; content:"/asmedises/pxray_cast_sort.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.medises.co.kr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129417/; classtype:trojan-activity;sid:83992517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129220)"; flow:established,from_client; content:"GET"; http_method; content:"/media/mod_junewsultra/js/bootstrap/js/bootstrap.min.js"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"temirtau-adm.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129220/; classtype:trojan-activity;sid:83992320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129042)"; flow:established,from_client; content:"GET"; http_method; content:"/yuta1111x/selfbot/04ecdf46e8db9fce689d93905d759334b475c825/aquarius.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129042/; classtype:trojan-activity;sid:83992142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3119648)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/spam-c273a.appspot.com/o/15-08-2024.jpg|3f|alt=media|7c|26|7c|token=dba912c0-e841-4225-ab88-8ba2612661e2"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_08_21; reference:url, urlhaus.abuse.ch/url/3119648/; classtype:trojan-activity;sid:83982748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118765)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118765/; classtype:trojan-activity;sid:83981865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118728)"; flow:established,from_client; content:"GET"; http_method; content:"/i5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118728/; classtype:trojan-activity;sid:83981828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118721)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118721/; classtype:trojan-activity;sid:83981821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118722)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118722/; classtype:trojan-activity;sid:83981822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118723)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118723/; classtype:trojan-activity;sid:83981823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118724)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118724/; classtype:trojan-activity;sid:83981824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118725)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118725/; classtype:trojan-activity;sid:83981825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118726)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118726/; classtype:trojan-activity;sid:83981826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3118727)"; flow:established,from_client; content:"GET"; http_method; content:"/i6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_20; reference:url, urlhaus.abuse.ch/url/3118727/; classtype:trojan-activity;sid:83981827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3115660)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_19; reference:url, urlhaus.abuse.ch/url/3115660/; classtype:trojan-activity;sid:83978760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114844)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114844/; classtype:trojan-activity;sid:83977944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114845)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114845/; classtype:trojan-activity;sid:83977945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114776)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114776/; classtype:trojan-activity;sid:83977876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3114775)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.112.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_18; reference:url, urlhaus.abuse.ch/url/3114775/; classtype:trojan-activity;sid:83977875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112427)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.104.213.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112427/; classtype:trojan-activity;sid:83975527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112426)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.29.120.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112426/; classtype:trojan-activity;sid:83975526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112419)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112419/; classtype:trojan-activity;sid:83975519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112420)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112420/; classtype:trojan-activity;sid:83975520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112417)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.121.250.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112417/; classtype:trojan-activity;sid:83975517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109981)"; flow:established,from_client; content:"GET"; http_method; content:"/in/2041.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109981/; classtype:trojan-activity;sid:83973081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109982)"; flow:established,from_client; content:"GET"; http_method; content:"/in/204.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109982/; classtype:trojan-activity;sid:83973082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3109980)"; flow:established,from_client; content:"GET"; http_method; content:"/in/d204.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uyul.oss-cn-beijing.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_08_16; reference:url, urlhaus.abuse.ch/url/3109980/; classtype:trojan-activity;sid:83973080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108504)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/webcam.dll"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108504/; classtype:trojan-activity;sid:83971604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108505)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108505/; classtype:trojan-activity;sid:83971605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108506)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/rootkit.dll"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108506/; classtype:trojan-activity;sid:83971606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108507)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/unrootkit.dll"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108507/; classtype:trojan-activity;sid:83971607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108503)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108503/; classtype:trojan-activity;sid:83971603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108502)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/version.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108502/; classtype:trojan-activity;sid:83971602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108492)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark64.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108492/; classtype:trojan-activity;sid:83971592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108491)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark32.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108491/; classtype:trojan-activity;sid:83971591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106560)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http:/154.216.19.139/bins/mirai.armv4l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106560/; classtype:trojan-activity;sid:83969660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106559)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http:/154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106559/; classtype:trojan-activity;sid:83969659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106558)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http:/154.216.19.139/bins/mirai.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106558/; classtype:trojan-activity;sid:83969658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106556)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http:/154.216.19.139/bins/mirai.armv6l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106556/; classtype:trojan-activity;sid:83969656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106557)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http:/154.216.19.139/bins/mirai.arc"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106557/; classtype:trojan-activity;sid:83969657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106551)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http:/154.216.19.139/bins/mirai.x86_64"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106551/; classtype:trojan-activity;sid:83969651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106552)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http:/154.216.19.139/bins/mirai.armv7l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106552/; classtype:trojan-activity;sid:83969652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106553)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http:/154.216.19.139/bins/mirai.armv5l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106553/; classtype:trojan-activity;sid:83969653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106554)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http:/154.216.19.139/bins/mirai.powerpc"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106554/; classtype:trojan-activity;sid:83969654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106555)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http:/154.216.19.139/bins/mirai.mipsel"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106555/; classtype:trojan-activity;sid:83969655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105147)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_move.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105147/; classtype:trojan-activity;sid:83968247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105148)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_virus.bat"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105148/; classtype:trojan-activity;sid:83968248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105149)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/keylogger.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105149/; classtype:trojan-activity;sid:83968249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105150)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/networks_profile.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105150/; classtype:trojan-activity;sid:83968250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105145)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/backdoor.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105145/; classtype:trojan-activity;sid:83968245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105146)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_move.bat"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105146/; classtype:trojan-activity;sid:83968246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105144)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_virus.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105144/; classtype:trojan-activity;sid:83968244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103490)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.122.165.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103490/; classtype:trojan-activity;sid:83966590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103488)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103488/; classtype:trojan-activity;sid:83966588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103489)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103489/; classtype:trojan-activity;sid:83966589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103467)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103467/; classtype:trojan-activity;sid:83966567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100465)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/data.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"k1gkl25as.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100465/; classtype:trojan-activity;sid:83963565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100466)"; flow:established,from_client; content:"GET"; http_method; content:"/cdn-vs/data.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"k1gkl25as.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100466/; classtype:trojan-activity;sid:83963566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100103)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthclient.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100103/; classtype:trojan-activity;sid:83963203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100102)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100102/; classtype:trojan-activity;sid:83963202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100100)"; flow:established,from_client; content:"GET"; http_method; content:"/ggwsupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100100/; classtype:trojan-activity;sid:83963200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100042)"; flow:established,from_client; content:"GET"; http_method; content:"/joelgmsec/invoke-stealth/main/resources/betterxencrypt/betterxencrypt.ps1"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100042/; classtype:trojan-activity;sid:83963142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099961)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http:/154.216.19.139/bins/mirai.sh4"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099961/; classtype:trojan-activity;sid:83963061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099962)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http:/154.216.19.139/bins/mirai.i586"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099962/; classtype:trojan-activity;sid:83963062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099963)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http:/154.216.19.139/bins/mirai.sparc"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099963/; classtype:trojan-activity;sid:83963063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099965)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http:/154.216.19.139/bins/mirai.m68k"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099965/; classtype:trojan-activity;sid:83963065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099966)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http:/154.216.19.139/bins/mirai.mips"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099966/; classtype:trojan-activity;sid:83963066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099960)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http:/154.216.19.139/bins/mirai.i686"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099960/; classtype:trojan-activity;sid:83963060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097244)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097244/; classtype:trojan-activity;sid:83960344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097239)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097239/; classtype:trojan-activity;sid:83960339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097240)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097240/; classtype:trojan-activity;sid:83960340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097241)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097241/; classtype:trojan-activity;sid:83960341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097242)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097242/; classtype:trojan-activity;sid:83960342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097243)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097243/; classtype:trojan-activity;sid:83960343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097229)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097229/; classtype:trojan-activity;sid:83960329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097230)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097230/; classtype:trojan-activity;sid:83960330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097231)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097231/; classtype:trojan-activity;sid:83960331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097232)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097232/; classtype:trojan-activity;sid:83960332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097233)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097233/; classtype:trojan-activity;sid:83960333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097234)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097234/; classtype:trojan-activity;sid:83960334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097235)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097235/; classtype:trojan-activity;sid:83960335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097236)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097236/; classtype:trojan-activity;sid:83960336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097237)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097237/; classtype:trojan-activity;sid:83960337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097238)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097238/; classtype:trojan-activity;sid:83960338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3094790)"; flow:established,from_client; content:"GET"; http_method; content:"/latest.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.9.35.70"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_08_07; reference:url, urlhaus.abuse.ch/url/3094790/; classtype:trojan-activity;sid:83957890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093518)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uypthvq0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093518/; classtype:trojan-activity;sid:83956618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093191)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.243.175.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093191/; classtype:trojan-activity;sid:83956291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093077)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.2.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093077/; classtype:trojan-activity;sid:83956177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092809)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rme3ibrb"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092809/; classtype:trojan-activity;sid:83955909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092807)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/a9he0f3w"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092807/; classtype:trojan-activity;sid:83955907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088913)"; flow:established,from_client; content:"GET"; http_method; content:"/%5bwww.ghxi.com%5d%e7%93%9c%e5%ad%90%e5%bd%b1%e8%a7%86v2_v1.9.1.1.apk"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088913/; classtype:trojan-activity;sid:83952013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3088911)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%88%91%e7%9a%84%e7%94%b5%e8%a7%86tv-v2.1.8-%e5%85%8d%e8%b4%b9%e7%ba%af%e5%87%80%e7%89%88.apk"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"47.109.77.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_04; reference:url, urlhaus.abuse.ch/url/3088911/; classtype:trojan-activity;sid:83952011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086848)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tb/tb.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086848/; classtype:trojan-activity;sid:83949948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086847)"; flow:established,from_client; content:"GET"; http_method; content:"/down/jf/jf.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086847/; classtype:trojan-activity;sid:83949947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086390)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%5bwin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086390/; classtype:trojan-activity;sid:83949490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3083844)"; flow:established,from_client; content:"GET"; http_method; content:"/store_app/guardservice.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sgz-1302338321.cos.ap-guangzhou.myqcloud.com"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_08_02; reference:url, urlhaus.abuse.ch/url/3083844/; classtype:trojan-activity;sid:83946944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072990)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072990/; classtype:trojan-activity;sid:83936090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072974)"; flow:established,from_client; content:"GET"; http_method; content:"/adrinnno/ptwis/raw/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072974/; classtype:trojan-activity;sid:83936074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072975)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/raw/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072975/; classtype:trojan-activity;sid:83936075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072978)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/raw/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072978/; classtype:trojan-activity;sid:83936078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072969)"; flow:established,from_client; content:"GET"; http_method; content:"/deannwas/policah/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072969/; classtype:trojan-activity;sid:83936069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072970)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/main/ref_ba0929399122_pdf.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072970/; classtype:trojan-activity;sid:83936070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072971)"; flow:established,from_client; content:"GET"; http_method; content:"/trevsglass/morna/raw/main/ref_ba0929399122_pdf.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072971/; classtype:trojan-activity;sid:83936071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072972)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072972/; classtype:trojan-activity;sid:83936072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072973)"; flow:established,from_client; content:"GET"; http_method; content:"/grayinv/henidus/raw/main/transaction_end_ids_58788719853478_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072973/; classtype:trojan-activity;sid:83936073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3063290)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.123.89.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_23; reference:url, urlhaus.abuse.ch/url/3063290/; classtype:trojan-activity;sid:83926390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058866)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2023-36874.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058866/; classtype:trojan-activity;sid:83921966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058862)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058862/; classtype:trojan-activity;sid:83921962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058863)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058863/; classtype:trojan-activity;sid:83921963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058864)"; flow:established,from_client; content:"GET"; http_method; content:"/b64"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058864/; classtype:trojan-activity;sid:83921964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052730)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/srmaster-3e0e8.appspot.com/o/revenger.jpg|3f|alt=media|7c|26|7c|token=f4f35bff-72c6-4f56-ae67-ea2379366dd5"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052730/; classtype:trojan-activity;sid:83915830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"202.107.235.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052707/; classtype:trojan-activity;sid:83915807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052706)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.248.47.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052706/; classtype:trojan-activity;sid:83915806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mimikatz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052415/; classtype:trojan-activity;sid:83915515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimispool.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052412/; classtype:trojan-activity;sid:83915512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimilib.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052413/; classtype:trojan-activity;sid:83915513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimidrv.sys"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052414/; classtype:trojan-activity;sid:83915514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimidrv.sys"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052395/; classtype:trojan-activity;sid:83915495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimikatz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052400/; classtype:trojan-activity;sid:83915500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimispool.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052392/; classtype:trojan-activity;sid:83915492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilove.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052393/; classtype:trojan-activity;sid:83915493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win32/mimilib.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052394/; classtype:trojan-activity;sid:83915494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968679)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/12.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968679/; classtype:trojan-activity;sid:83831779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968678)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/22.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968678/; classtype:trojan-activity;sid:83831778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949407)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999safagqwhg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949407/; classtype:trojan-activity;sid:83812507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949406)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.210.27.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949406/; classtype:trojan-activity;sid:83812506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949385)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rsqnkyvcaein5m-gskl8coyuh8w5xrbd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949385/; classtype:trojan-activity;sid:83812485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949176)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999asgasg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949176/; classtype:trojan-activity;sid:83812276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2947781)"; flow:established,from_client; content:"GET"; http_method; content:"/bitrix/cache/js/s1/kolibri_corppro/kernel_main/kernel_main_v1.js"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"vodomer-service.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_07_10; reference:url, urlhaus.abuse.ch/url/2947781/; classtype:trojan-activity;sid:83810881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944285)"; flow:established,from_client; content:"GET"; http_method; content:"/jijilovedada/jijilovedada/main/tools/cc/adaptorovernight.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944285/; classtype:trojan-activity;sid:83807385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942727)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942727/; classtype:trojan-activity;sid:83805827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942725)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download//1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942725/; classtype:trojan-activity;sid:83805825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942694)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/123.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942694/; classtype:trojan-activity;sid:83805794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942567)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942567/; classtype:trojan-activity;sid:83805667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934823)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/000.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934823/; classtype:trojan-activity;sid:83797923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934824)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/trojan.malpack.themida%20(anti%20vm).exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934824/; classtype:trojan-activity;sid:83797924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934818)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/jigsaw.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934818/; classtype:trojan-activity;sid:83797918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934819)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/freeyoutubedownloader.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934819/; classtype:trojan-activity;sid:83797919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934820)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/memz.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934820/; classtype:trojan-activity;sid:83797920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934821)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/noescape.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934821/; classtype:trojan-activity;sid:83797921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934822)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/destover.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934822/; classtype:trojan-activity;sid:83797922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934816)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/meredrop.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934816/; classtype:trojan-activity;sid:83797916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934817)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/redlinestealer.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934817/; classtype:trojan-activity;sid:83797917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934811)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/hive%20ransomware.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934811/; classtype:trojan-activity;sid:83797911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934812)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/wannacry.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934812/; classtype:trojan-activity;sid:83797912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934813)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/nomoreransom.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934813/; classtype:trojan-activity;sid:83797913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934808)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/petya.a.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934808/; classtype:trojan-activity;sid:83797908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934809)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/cryptowall.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934809/; classtype:trojan-activity;sid:83797909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934810)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/infinitycrypt.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934810/; classtype:trojan-activity;sid:83797910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934805)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/coronavirus.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934805/; classtype:trojan-activity;sid:83797905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932460)"; flow:established,from_client; content:"GET"; http_method; content:"/445.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932460/; classtype:trojan-activity;sid:83795560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914055)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914055/; classtype:trojan-activity;sid:83777155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2912423)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ssl.ftp21.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_29; reference:url, urlhaus.abuse.ch/url/2912423/; classtype:trojan-activity;sid:83775523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911222)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.3.78.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911222/; classtype:trojan-activity;sid:83774322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911219)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911219/; classtype:trojan-activity;sid:83774319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911217)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911217/; classtype:trojan-activity;sid:83774317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911212)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911212/; classtype:trojan-activity;sid:83774312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911196)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78-20-115-5.access.telenet.be"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911196/; classtype:trojan-activity;sid:83774296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911194)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911194/; classtype:trojan-activity;sid:83774294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911190)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.20.115.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911190/; classtype:trojan-activity;sid:83774290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911191/; classtype:trojan-activity;sid:83774291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911187/; classtype:trojan-activity;sid:83774287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911184)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911184/; classtype:trojan-activity;sid:83774284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911166)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.22.139.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911166/; classtype:trojan-activity;sid:83774266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.255.114.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911154/; classtype:trojan-activity;sid:83774254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911157)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.157.110.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911157/; classtype:trojan-activity;sid:83774257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911160)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"181.36.153.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911160/; classtype:trojan-activity;sid:83774260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911133)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911133/; classtype:trojan-activity;sid:83774233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911126)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.186.91.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911126/; classtype:trojan-activity;sid:83774226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911119)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83-87-76-41.cable.dynamic.v4.ziggo.nl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911119/; classtype:trojan-activity;sid:83774219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911118)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.87.76.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911118/; classtype:trojan-activity;sid:83774218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911113)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"softbank126023203236.bbtec.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911113/; classtype:trojan-activity;sid:83774213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911108)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-195-103-203-106.business.telecomitalia.it"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911108/; classtype:trojan-activity;sid:83774208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911105)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-95-255-114-11.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911105/; classtype:trojan-activity;sid:83774205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909291)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.184.185.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909291/; classtype:trojan-activity;sid:83772391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909290)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.107.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909290/; classtype:trojan-activity;sid:83772390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908913)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.72.167.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908913/; classtype:trojan-activity;sid:83772013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908909)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"12.196.184.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908909/; classtype:trojan-activity;sid:83772009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908899)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908899/; classtype:trojan-activity;sid:83771999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908900)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.108.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908900/; classtype:trojan-activity;sid:83772000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908901)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908901/; classtype:trojan-activity;sid:83772001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908903)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.142.209.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908903/; classtype:trojan-activity;sid:83772003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908894)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"170.210.81.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908894/; classtype:trojan-activity;sid:83771994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901197)"; flow:established,from_client; content:"GET"; http_method; content:"/zwzonepieces/posapsi/master/chatlife.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_22; reference:url, urlhaus.abuse.ch/url/2901197/; classtype:trojan-activity;sid:83764297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2897332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.202.101.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_19; reference:url, urlhaus.abuse.ch/url/2897332/; classtype:trojan-activity;sid:83760432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2894025)"; flow:established,from_client; content:"GET"; http_method; content:"/kailash-jakhar/webpack-v5-tutorial/main/quizpokemon.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_17; reference:url, urlhaus.abuse.ch/url/2894025/; classtype:trojan-activity;sid:83757125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2891702)"; flow:established,from_client; content:"GET"; http_method; content:"/u/software/%e6%89%93%e5%8d%b0%e4%bb%bb%e5%8a%a1%e6%b8%85%e9%99%a4%e5%99%a8.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"183.166.57.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_16; reference:url, urlhaus.abuse.ch/url/2891702/; classtype:trojan-activity;sid:83754802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888476)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"59.175.183.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888476/; classtype:trojan-activity;sid:83751576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888469)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.244.110.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888469/; classtype:trojan-activity;sid:83751569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888463)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.178.133.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888463/; classtype:trojan-activity;sid:83751563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888444)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.67.254.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888444/; classtype:trojan-activity;sid:83751544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888440)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888440/; classtype:trojan-activity;sid:83751540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888438)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.159.155.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888438/; classtype:trojan-activity;sid:83751538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888430)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.157.17.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888430/; classtype:trojan-activity;sid:83751530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885860)"; flow:established,from_client; content:"GET"; http_method; content:"/brunovale03/adegaads/main/offeredbuilt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2885860/; classtype:trojan-activity;sid:83748960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.156.224.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883947/; classtype:trojan-activity;sid:83747047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883708)"; flow:established,from_client; content:"GET"; http_method; content:"/sirvivor32/sirvivor/main/lukejazz.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883708/; classtype:trojan-activity;sid:83746808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881768)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881768/; classtype:trojan-activity;sid:83744868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879955)"; flow:established,from_client; content:"GET"; http_method; content:"/unp%20setup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.138.125.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879955/; classtype:trojan-activity;sid:83743055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879655)"; flow:established,from_client; content:"GET"; http_method; content:"/sharphound.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879655/; classtype:trojan-activity;sid:83742755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877890)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15421286/2022and2023taxdocuments.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877890/; classtype:trojan-activity;sid:83740990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877319)"; flow:established,from_client; content:"GET"; http_method; content:"/slade107.psm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_06; reference:url, urlhaus.abuse.ch/url/2877319/; classtype:trojan-activity;sid:83740419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2875871)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.159.154.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_05; reference:url, urlhaus.abuse.ch/url/2875871/; classtype:trojan-activity;sid:83738971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874516)"; flow:established,from_client; content:"GET"; http_method; content:"/o.elf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"reusable-flex.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874516/; classtype:trojan-activity;sid:83737616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874107)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19nonxskhmwbvfxpr2ccmwd9xrhz1ldco"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874107/; classtype:trojan-activity;sid:83737207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874109)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1p_knmkidu8kiejeem_ijrlumbjih3bkv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874109/; classtype:trojan-activity;sid:83737209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874102)"; flow:established,from_client; content:"GET"; http_method; content:"/walesboller.pcx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"karoonpc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874102/; classtype:trojan-activity;sid:83737202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2873811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.112.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2873811/; classtype:trojan-activity;sid:83736911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870237)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cqtygpx9gdoywntprwub0xbckivif6iy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870237/; classtype:trojan-activity;sid:83733337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wsqkirdngjlt8uu2lv9mzciks4my12jh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870235/; classtype:trojan-activity;sid:83733335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869849)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869849/; classtype:trojan-activity;sid:83732949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869844)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869844/; classtype:trojan-activity;sid:83732944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869702)"; flow:established,from_client; content:"GET"; http_method; content:"/sheksweet/sheksweet1/main/rambledmime.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869702/; classtype:trojan-activity;sid:83732802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868723)"; flow:established,from_client; content:"GET"; http_method; content:"/a.i_1003h.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"221.143.49.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868723/; classtype:trojan-activity;sid:83731823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867270)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/flutter-movie/master/crypted_c360a5b7.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867270/; classtype:trojan-activity;sid:83730370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867236)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/apple-replica-starter-files/master/apple-replica/zintask.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867236/; classtype:trojan-activity;sid:83730336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865442)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws_upload.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865442/; classtype:trojan-activity;sid:83728542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865272)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthbq.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865272/; classtype:trojan-activity;sid:83728372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865273)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupload.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865273/; classtype:trojan-activity;sid:83728373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865241)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupdate.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865241/; classtype:trojan-activity;sid:83728341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863341)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863341/; classtype:trojan-activity;sid:83726441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863342)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863342/; classtype:trojan-activity;sid:83726442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863345)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863345/; classtype:trojan-activity;sid:83726445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863330)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863330/; classtype:trojan-activity;sid:83726430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863333)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.77.57.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863333/; classtype:trojan-activity;sid:83726433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863334)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.49.168.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863334/; classtype:trojan-activity;sid:83726434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862520)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/varteyjw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862520/; classtype:trojan-activity;sid:83725620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862050)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/8gikly"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862050/; classtype:trojan-activity;sid:83725150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862051)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/medjl1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862051/; classtype:trojan-activity;sid:83725151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862052)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dy1f16"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862052/; classtype:trojan-activity;sid:83725152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862053)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/kx3wl4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862053/; classtype:trojan-activity;sid:83725153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862054)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/ppxodm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862054/; classtype:trojan-activity;sid:83725154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862055)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/e7opy8"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862055/; classtype:trojan-activity;sid:83725155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862056)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/7dhid7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862056/; classtype:trojan-activity;sid:83725156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862049)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/tbfvpd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862049/; classtype:trojan-activity;sid:83725149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862046)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/6f2c5c"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862046/; classtype:trojan-activity;sid:83725146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862047)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/g2js91"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862047/; classtype:trojan-activity;sid:83725147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862044)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/lt00vw"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862044/; classtype:trojan-activity;sid:83725144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862045)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/i7tdbr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862045/; classtype:trojan-activity;sid:83725145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862043)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/3a9xj1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862043/; classtype:trojan-activity;sid:83725143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862042)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/wyg3h5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862042/; classtype:trojan-activity;sid:83725142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862022)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862022/; classtype:trojan-activity;sid:83725122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862020)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862020/; classtype:trojan-activity;sid:83725120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862016)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862016/; classtype:trojan-activity;sid:83725116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862017)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862017/; classtype:trojan-activity;sid:83725117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862004/; classtype:trojan-activity;sid:83725104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862005)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.202.0.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862005/; classtype:trojan-activity;sid:83725105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862007/; classtype:trojan-activity;sid:83725107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862009/; classtype:trojan-activity;sid:83725109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862010/; classtype:trojan-activity;sid:83725110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862014)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862014/; classtype:trojan-activity;sid:83725114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861986)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861986/; classtype:trojan-activity;sid:83725086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861987)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861987/; classtype:trojan-activity;sid:83725087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861978)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861978/; classtype:trojan-activity;sid:83725078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861979)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861979/; classtype:trojan-activity;sid:83725079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861982)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861982/; classtype:trojan-activity;sid:83725082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861985)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861985/; classtype:trojan-activity;sid:83725085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861962)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861962/; classtype:trojan-activity;sid:83725062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861971)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861971/; classtype:trojan-activity;sid:83725071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861974)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861974/; classtype:trojan-activity;sid:83725074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861957)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861957/; classtype:trojan-activity;sid:83725057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861958/; classtype:trojan-activity;sid:83725058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861959)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861959/; classtype:trojan-activity;sid:83725059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861951)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861951/; classtype:trojan-activity;sid:83725051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861950)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861950/; classtype:trojan-activity;sid:83725050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861946)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861946/; classtype:trojan-activity;sid:83725046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861948)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861948/; classtype:trojan-activity;sid:83725048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861949)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861949/; classtype:trojan-activity;sid:83725049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861919)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861919/; classtype:trojan-activity;sid:83725019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861923/; classtype:trojan-activity;sid:83725023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861927)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861927/; classtype:trojan-activity;sid:83725027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861929)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861929/; classtype:trojan-activity;sid:83725029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861930)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861930/; classtype:trojan-activity;sid:83725030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861931)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861931/; classtype:trojan-activity;sid:83725031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861932)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861932/; classtype:trojan-activity;sid:83725032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861935/; classtype:trojan-activity;sid:83725035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861939)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861939/; classtype:trojan-activity;sid:83725039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861940)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861940/; classtype:trojan-activity;sid:83725040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861941)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861941/; classtype:trojan-activity;sid:83725041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861943)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861943/; classtype:trojan-activity;sid:83725043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861945)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861945/; classtype:trojan-activity;sid:83725045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861888)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dvbcvt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861888/; classtype:trojan-activity;sid:83724988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861887)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/exw2o1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861887/; classtype:trojan-activity;sid:83724987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861842)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861842/; classtype:trojan-activity;sid:83724942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861843)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861843/; classtype:trojan-activity;sid:83724943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861844)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861844/; classtype:trojan-activity;sid:83724944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861852)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861852/; classtype:trojan-activity;sid:83724952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861837)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861837/; classtype:trojan-activity;sid:83724937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861838)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861838/; classtype:trojan-activity;sid:83724938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861839)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861839/; classtype:trojan-activity;sid:83724939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861834)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861834/; classtype:trojan-activity;sid:83724934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861831)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861831/; classtype:trojan-activity;sid:83724931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861828)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861828/; classtype:trojan-activity;sid:83724928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861826)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861826/; classtype:trojan-activity;sid:83724926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861827)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861827/; classtype:trojan-activity;sid:83724927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861824)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861824/; classtype:trojan-activity;sid:83724924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861822)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861822/; classtype:trojan-activity;sid:83724922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861819)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861819/; classtype:trojan-activity;sid:83724919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861818)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861818/; classtype:trojan-activity;sid:83724918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861814)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861814/; classtype:trojan-activity;sid:83724914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861808)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861808/; classtype:trojan-activity;sid:83724908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861802)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861802/; classtype:trojan-activity;sid:83724902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861799)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861799/; classtype:trojan-activity;sid:83724899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861800)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861800/; classtype:trojan-activity;sid:83724900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861798)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861798/; classtype:trojan-activity;sid:83724898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861794)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861794/; classtype:trojan-activity;sid:83724894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861791)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861791/; classtype:trojan-activity;sid:83724891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861790)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861790/; classtype:trojan-activity;sid:83724890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861789)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861789/; classtype:trojan-activity;sid:83724889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861785)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861785/; classtype:trojan-activity;sid:83724885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861781)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861781/; classtype:trojan-activity;sid:83724881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861777)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861777/; classtype:trojan-activity;sid:83724877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861778)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861778/; classtype:trojan-activity;sid:83724878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861769)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.165.122.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861769/; classtype:trojan-activity;sid:83724869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861770)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861770/; classtype:trojan-activity;sid:83724870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861773)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861773/; classtype:trojan-activity;sid:83724873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861758)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861758/; classtype:trojan-activity;sid:83724858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861760)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861760/; classtype:trojan-activity;sid:83724860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861761)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861761/; classtype:trojan-activity;sid:83724861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861763)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861763/; classtype:trojan-activity;sid:83724863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861755)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861755/; classtype:trojan-activity;sid:83724855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861750)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861750/; classtype:trojan-activity;sid:83724850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861749)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861749/; classtype:trojan-activity;sid:83724849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861743)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861743/; classtype:trojan-activity;sid:83724843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861735)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861735/; classtype:trojan-activity;sid:83724835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861737)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861737/; classtype:trojan-activity;sid:83724837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861740)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861740/; classtype:trojan-activity;sid:83724840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861729)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861729/; classtype:trojan-activity;sid:83724829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861731)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861731/; classtype:trojan-activity;sid:83724831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861733)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861733/; classtype:trojan-activity;sid:83724833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861734)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861734/; classtype:trojan-activity;sid:83724834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861721)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861721/; classtype:trojan-activity;sid:83724821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861722)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861722/; classtype:trojan-activity;sid:83724822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861725)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861725/; classtype:trojan-activity;sid:83724825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861719)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861719/; classtype:trojan-activity;sid:83724819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861710)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861710/; classtype:trojan-activity;sid:83724810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861707)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861707/; classtype:trojan-activity;sid:83724807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861695)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861695/; classtype:trojan-activity;sid:83724795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861699)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861699/; classtype:trojan-activity;sid:83724799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861700)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14stirling.dyndns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861700/; classtype:trojan-activity;sid:83724800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861702)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861702/; classtype:trojan-activity;sid:83724802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861682)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861682/; classtype:trojan-activity;sid:83724782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861683)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"117.202.0.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861683/; classtype:trojan-activity;sid:83724783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861685)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861685/; classtype:trojan-activity;sid:83724785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861689)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.125.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861689/; classtype:trojan-activity;sid:83724789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861692)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861692/; classtype:trojan-activity;sid:83724792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861693)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861693/; classtype:trojan-activity;sid:83724793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861680)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861680/; classtype:trojan-activity;sid:83724780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861675)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861675/; classtype:trojan-activity;sid:83724775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861670)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861670/; classtype:trojan-activity;sid:83724770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861666)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861666/; classtype:trojan-activity;sid:83724766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861667)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861667/; classtype:trojan-activity;sid:83724767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861657)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861657/; classtype:trojan-activity;sid:83724757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861659)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861659/; classtype:trojan-activity;sid:83724759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861661)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"212.3.211.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861661/; classtype:trojan-activity;sid:83724761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861643)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861643/; classtype:trojan-activity;sid:83724743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861644)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"84.29.231.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861644/; classtype:trojan-activity;sid:83724744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861640)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861640/; classtype:trojan-activity;sid:83724740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861641)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861641/; classtype:trojan-activity;sid:83724741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861633)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861633/; classtype:trojan-activity;sid:83724733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861636)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861636/; classtype:trojan-activity;sid:83724736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861629)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861629/; classtype:trojan-activity;sid:83724729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861628)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861628/; classtype:trojan-activity;sid:83724728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861626)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861626/; classtype:trojan-activity;sid:83724726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861615)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861615/; classtype:trojan-activity;sid:83724715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861616)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861616/; classtype:trojan-activity;sid:83724716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861620)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861620/; classtype:trojan-activity;sid:83724720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861595)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861595/; classtype:trojan-activity;sid:83724695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861597)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861597/; classtype:trojan-activity;sid:83724697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861598)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861598/; classtype:trojan-activity;sid:83724698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861600)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861600/; classtype:trojan-activity;sid:83724700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861601)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861601/; classtype:trojan-activity;sid:83724701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861603)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861603/; classtype:trojan-activity;sid:83724703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861606)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861606/; classtype:trojan-activity;sid:83724706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861609)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861609/; classtype:trojan-activity;sid:83724709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861610)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861610/; classtype:trojan-activity;sid:83724710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861592)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861592/; classtype:trojan-activity;sid:83724692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861586)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.84.167.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861586/; classtype:trojan-activity;sid:83724686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861582)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861582/; classtype:trojan-activity;sid:83724682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861568)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861568/; classtype:trojan-activity;sid:83724668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861569)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861569/; classtype:trojan-activity;sid:83724669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861573)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861573/; classtype:trojan-activity;sid:83724673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861577)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861577/; classtype:trojan-activity;sid:83724677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861559)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861559/; classtype:trojan-activity;sid:83724659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861562)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861562/; classtype:trojan-activity;sid:83724662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861553)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861553/; classtype:trojan-activity;sid:83724653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861555)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861555/; classtype:trojan-activity;sid:83724655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861549)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861549/; classtype:trojan-activity;sid:83724649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861547)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861547/; classtype:trojan-activity;sid:83724647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861543/; classtype:trojan-activity;sid:83724643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859511)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859511/; classtype:trojan-activity;sid:83722611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859508/; classtype:trojan-activity;sid:83722608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859027)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15378217/all.2023.tax.documents.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859027/; classtype:trojan-activity;sid:83722127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858898)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858898/; classtype:trojan-activity;sid:83721998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857904)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857904/; classtype:trojan-activity;sid:83721004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.29.231.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857898/; classtype:trojan-activity;sid:83720998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857892/; classtype:trojan-activity;sid:83720992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857875)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857875/; classtype:trojan-activity;sid:83720975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857868)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857868/; classtype:trojan-activity;sid:83720968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857866)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857866/; classtype:trojan-activity;sid:83720966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857859)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857859/; classtype:trojan-activity;sid:83720959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857850)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.196.71.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857850/; classtype:trojan-activity;sid:83720950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857851)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857851/; classtype:trojan-activity;sid:83720951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857849/; classtype:trojan-activity;sid:83720949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857844)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.2.229.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857844/; classtype:trojan-activity;sid:83720944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857837)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857837/; classtype:trojan-activity;sid:83720937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857838)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.62.200.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857838/; classtype:trojan-activity;sid:83720938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857834)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857834/; classtype:trojan-activity;sid:83720934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857822)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857822/; classtype:trojan-activity;sid:83720922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857820)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.31.226.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857820/; classtype:trojan-activity;sid:83720920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857821)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857821/; classtype:trojan-activity;sid:83720921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857813)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857813/; classtype:trojan-activity;sid:83720913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857809)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857809/; classtype:trojan-activity;sid:83720909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857807)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857807/; classtype:trojan-activity;sid:83720907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857804)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857804/; classtype:trojan-activity;sid:83720904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857802/; classtype:trojan-activity;sid:83720902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857795)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857795/; classtype:trojan-activity;sid:83720895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857794)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857794/; classtype:trojan-activity;sid:83720894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857788)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857788/; classtype:trojan-activity;sid:83720888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857785)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857785/; classtype:trojan-activity;sid:83720885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857778)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857778/; classtype:trojan-activity;sid:83720878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857772)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857772/; classtype:trojan-activity;sid:83720872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857773)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857773/; classtype:trojan-activity;sid:83720873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857762/; classtype:trojan-activity;sid:83720862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857754/; classtype:trojan-activity;sid:83720854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857747/; classtype:trojan-activity;sid:83720847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857749)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857749/; classtype:trojan-activity;sid:83720849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857730)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857730/; classtype:trojan-activity;sid:83720830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857719/; classtype:trojan-activity;sid:83720819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857704)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857704/; classtype:trojan-activity;sid:83720804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857699)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.120.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857699/; classtype:trojan-activity;sid:83720799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.241.90.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857696/; classtype:trojan-activity;sid:83720796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857692)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857692/; classtype:trojan-activity;sid:83720792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857693)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857693/; classtype:trojan-activity;sid:83720793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857689/; classtype:trojan-activity;sid:83720789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857687)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857687/; classtype:trojan-activity;sid:83720787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857671/; classtype:trojan-activity;sid:83720771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857672/; classtype:trojan-activity;sid:83720772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857669/; classtype:trojan-activity;sid:83720769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857666/; classtype:trojan-activity;sid:83720766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857660)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857660/; classtype:trojan-activity;sid:83720760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857653)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857653/; classtype:trojan-activity;sid:83720753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"119.13.179.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857654/; classtype:trojan-activity;sid:83720754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857651/; classtype:trojan-activity;sid:83720751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857652)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857652/; classtype:trojan-activity;sid:83720752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857642/; classtype:trojan-activity;sid:83720742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857634)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857634/; classtype:trojan-activity;sid:83720734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857630)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857630/; classtype:trojan-activity;sid:83720730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857626)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857626/; classtype:trojan-activity;sid:83720726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857624/; classtype:trojan-activity;sid:83720724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857620/; classtype:trojan-activity;sid:83720720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857610)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857610/; classtype:trojan-activity;sid:83720710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857601)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857601/; classtype:trojan-activity;sid:83720701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857602/; classtype:trojan-activity;sid:83720702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857590)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857590/; classtype:trojan-activity;sid:83720690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857587)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857587/; classtype:trojan-activity;sid:83720687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857584)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857584/; classtype:trojan-activity;sid:83720684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857580)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857580/; classtype:trojan-activity;sid:83720680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857582)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857582/; classtype:trojan-activity;sid:83720682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857573)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857573/; classtype:trojan-activity;sid:83720673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857570)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857570/; classtype:trojan-activity;sid:83720670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857561)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.22.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857561/; classtype:trojan-activity;sid:83720661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857553)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857553/; classtype:trojan-activity;sid:83720653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857551)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857551/; classtype:trojan-activity;sid:83720651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857545)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857545/; classtype:trojan-activity;sid:83720645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857539)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.160.10.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857539/; classtype:trojan-activity;sid:83720639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857535)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857535/; classtype:trojan-activity;sid:83720635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857526)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857526/; classtype:trojan-activity;sid:83720626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857527)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857527/; classtype:trojan-activity;sid:83720627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857521)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.129.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857521/; classtype:trojan-activity;sid:83720621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857522)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.64.76.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857522/; classtype:trojan-activity;sid:83720622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857524/; classtype:trojan-activity;sid:83720624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857525)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857525/; classtype:trojan-activity;sid:83720625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857510)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857510/; classtype:trojan-activity;sid:83720610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857502)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857502/; classtype:trojan-activity;sid:83720602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857496)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857496/; classtype:trojan-activity;sid:83720596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857498)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857498/; classtype:trojan-activity;sid:83720598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857493/; classtype:trojan-activity;sid:83720593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857483)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857483/; classtype:trojan-activity;sid:83720583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857484/; classtype:trojan-activity;sid:83720584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857486/; classtype:trojan-activity;sid:83720586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857481)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.147.175.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857481/; classtype:trojan-activity;sid:83720581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857468)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.222.113.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857468/; classtype:trojan-activity;sid:83720568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857464)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857464/; classtype:trojan-activity;sid:83720564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857465/; classtype:trojan-activity;sid:83720565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857463)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857463/; classtype:trojan-activity;sid:83720563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857444)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857444/; classtype:trojan-activity;sid:83720544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857447)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857447/; classtype:trojan-activity;sid:83720547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857448)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857448/; classtype:trojan-activity;sid:83720548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857459)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.65.37.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857459/; classtype:trojan-activity;sid:83720559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857437)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.238.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857437/; classtype:trojan-activity;sid:83720537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2856551)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.223.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2856551/; classtype:trojan-activity;sid:83719651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.30.12.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_17; reference:url, urlhaus.abuse.ch/url/2852772/; classtype:trojan-activity;sid:83715872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852301)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mzon8jro4iemie6erfw5o3w-0tnwxnlz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_16; reference:url, urlhaus.abuse.ch/url/2852301/; classtype:trojan-activity;sid:83715401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2850173)"; flow:established,from_client; content:"GET"; http_method; content:"/990_ota.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"59.59.6.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_14; reference:url, urlhaus.abuse.ch/url/2850173/; classtype:trojan-activity;sid:83713273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2846768)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/css/setup.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"zenglobalenerji.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_11; reference:url, urlhaus.abuse.ch/url/2846768/; classtype:trojan-activity;sid:83709868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845681)"; flow:established,from_client; content:"GET"; http_method; content:"/app/filesrc/android/apk/2023/zonghengxsandroid_7.5.6.63_zh-zhh5.apk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"static.zongheng.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845681/; classtype:trojan-activity;sid:83708781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843557)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/is2kceh3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843557/; classtype:trojan-activity;sid:83706657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843076)"; flow:established,from_client; content:"GET"; http_method; content:"/seagate.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843076/; classtype:trojan-activity;sid:83706176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842671)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.120.38.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842671/; classtype:trojan-activity;sid:83705771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842657)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.16.100.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842657/; classtype:trojan-activity;sid:83705757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.120.38.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842420/; classtype:trojan-activity;sid:83705520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.16.100.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842412/; classtype:trojan-activity;sid:83705512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.35.49.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842402/; classtype:trojan-activity;sid:83705502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842062)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842062/; classtype:trojan-activity;sid:83705162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842036/; classtype:trojan-activity;sid:83705136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842029)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842029/; classtype:trojan-activity;sid:83705129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842033)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842033/; classtype:trojan-activity;sid:83705133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842018)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.80.77.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842018/; classtype:trojan-activity;sid:83705118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842015)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842015/; classtype:trojan-activity;sid:83705115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842006/; classtype:trojan-activity;sid:83705106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841990)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.231.247.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841990/; classtype:trojan-activity;sid:83705090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841995)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841995/; classtype:trojan-activity;sid:83705095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841998)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.247.13.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841998/; classtype:trojan-activity;sid:83705098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841999)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.45.241.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841999/; classtype:trojan-activity;sid:83705099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841987)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841987/; classtype:trojan-activity;sid:83705087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841983)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"144.48.170.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841983/; classtype:trojan-activity;sid:83705083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841974/; classtype:trojan-activity;sid:83705074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841976/; classtype:trojan-activity;sid:83705076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841953)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.209.184.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841953/; classtype:trojan-activity;sid:83705053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841954)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841954/; classtype:trojan-activity;sid:83705054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.9.14.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841942/; classtype:trojan-activity;sid:83705042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841941/; classtype:trojan-activity;sid:83705041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841932/; classtype:trojan-activity;sid:83705032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841807)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptography_module_windows.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841807/; classtype:trojan-activity;sid:83704907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.37.170.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841721/; classtype:trojan-activity;sid:83704821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.247.13.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841715/; classtype:trojan-activity;sid:83704815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841712/; classtype:trojan-activity;sid:83704812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841705/; classtype:trojan-activity;sid:83704805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.34.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841683/; classtype:trojan-activity;sid:83704783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.80.77.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841656/; classtype:trojan-activity;sid:83704756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.236.247.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841650/; classtype:trojan-activity;sid:83704750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841644/; classtype:trojan-activity;sid:83704744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841631/; classtype:trojan-activity;sid:83704731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841621/; classtype:trojan-activity;sid:83704721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.209.184.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841624/; classtype:trojan-activity;sid:83704724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841613/; classtype:trojan-activity;sid:83704713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.83.215.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841614/; classtype:trojan-activity;sid:83704714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.192.22.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841604/; classtype:trojan-activity;sid:83704704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.209.184.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841608/; classtype:trojan-activity;sid:83704708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841609/; classtype:trojan-activity;sid:83704709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841602/; classtype:trojan-activity;sid:83704702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.231.247.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841603/; classtype:trojan-activity;sid:83704703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.45.241.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841591/; classtype:trojan-activity;sid:83704691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.85.143.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841586/; classtype:trojan-activity;sid:83704686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841573/; classtype:trojan-activity;sid:83704673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841570/; classtype:trojan-activity;sid:83704670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837354)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"61.83.215.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837354/; classtype:trojan-activity;sid:83700454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837116)"; flow:established,from_client; content:"GET"; http_method; content:"/ag_injector_latest.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dl.aginjector.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837116/; classtype:trojan-activity;sid:83700216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836854)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836854/; classtype:trojan-activity;sid:83699954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836844)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836844/; classtype:trojan-activity;sid:83699944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834467)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.249.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834467/; classtype:trojan-activity;sid:83697567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834459)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.76.122.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834459/; classtype:trojan-activity;sid:83697559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834442)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834442/; classtype:trojan-activity;sid:83697542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834387)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834387/; classtype:trojan-activity;sid:83697487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833916)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/main/cock.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833916/; classtype:trojan-activity;sid:83697016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833904)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/raw/main/cock.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833904/; classtype:trojan-activity;sid:83697004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; content:"GET"; http_method; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830955)"; flow:established,from_client; content:"GET"; http_method; content:"/delta-io/delta/files/15016110/delta.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830955/; classtype:trojan-activity;sid:83694055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827204)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"yahyacarpet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827204/; classtype:trojan-activity;sid:83690304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827195)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"antvietnam.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827195/; classtype:trojan-activity;sid:83690295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827181)"; flow:established,from_client; content:"GET"; http_method; content:"/projects/visioncrystal/wp-content/plugins/user-private-files/shared/"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"www.websitedesigningindia.biz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827181/; classtype:trojan-activity;sid:83690281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824077)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win32-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824077/; classtype:trojan-activity;sid:83687177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823150)"; flow:established,from_client; content:"GET"; http_method; content:"/y-steamworks.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.50.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823150/; classtype:trojan-activity;sid:83686250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822909)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822909/; classtype:trojan-activity;sid:83686009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822908)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822908/; classtype:trojan-activity;sid:83686008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822907/; classtype:trojan-activity;sid:83686007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822894)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.136.240.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822894/; classtype:trojan-activity;sid:83685994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822895)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822895/; classtype:trojan-activity;sid:83685995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822881)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822881/; classtype:trojan-activity;sid:83685981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822882/; classtype:trojan-activity;sid:83685982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822865)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"12.148.208.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822865/; classtype:trojan-activity;sid:83685965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822867)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822867/; classtype:trojan-activity;sid:83685967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822872)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.101.226.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822872/; classtype:trojan-activity;sid:83685972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822873)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822873/; classtype:trojan-activity;sid:83685973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822862)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822862/; classtype:trojan-activity;sid:83685962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822863)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822863/; classtype:trojan-activity;sid:83685963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822834)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822834/; classtype:trojan-activity;sid:83685934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822823)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822823/; classtype:trojan-activity;sid:83685923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822824)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.227.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822824/; classtype:trojan-activity;sid:83685924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822825)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822825/; classtype:trojan-activity;sid:83685925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822828/; classtype:trojan-activity;sid:83685928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822829)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.87.236.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822829/; classtype:trojan-activity;sid:83685929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822809)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822809/; classtype:trojan-activity;sid:83685909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822819)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822819/; classtype:trojan-activity;sid:83685919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822797)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822797/; classtype:trojan-activity;sid:83685897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822778)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.176.137.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822778/; classtype:trojan-activity;sid:83685878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822781)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822781/; classtype:trojan-activity;sid:83685881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822782)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822782/; classtype:trojan-activity;sid:83685882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822792)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822792/; classtype:trojan-activity;sid:83685892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822772/; classtype:trojan-activity;sid:83685872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822774)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822774/; classtype:trojan-activity;sid:83685874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822763)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822763/; classtype:trojan-activity;sid:83685863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822768)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822768/; classtype:trojan-activity;sid:83685868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822751)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822751/; classtype:trojan-activity;sid:83685851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822734)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822734/; classtype:trojan-activity;sid:83685834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822735)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822735/; classtype:trojan-activity;sid:83685835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822740)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822740/; classtype:trojan-activity;sid:83685840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822718)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.205.90.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822718/; classtype:trojan-activity;sid:83685818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822721)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822721/; classtype:trojan-activity;sid:83685821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822724/; classtype:trojan-activity;sid:83685824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822726)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822726/; classtype:trojan-activity;sid:83685826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822711)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822711/; classtype:trojan-activity;sid:83685811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822706)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822706/; classtype:trojan-activity;sid:83685806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822695)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822695/; classtype:trojan-activity;sid:83685795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822698)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822698/; classtype:trojan-activity;sid:83685798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822705)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822705/; classtype:trojan-activity;sid:83685805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822684)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822684/; classtype:trojan-activity;sid:83685784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822691)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822691/; classtype:trojan-activity;sid:83685791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822694)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822694/; classtype:trojan-activity;sid:83685794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822671)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822671/; classtype:trojan-activity;sid:83685771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822670)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822670/; classtype:trojan-activity;sid:83685770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822661)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.55.247.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822661/; classtype:trojan-activity;sid:83685761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822646)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822646/; classtype:trojan-activity;sid:83685746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822650/; classtype:trojan-activity;sid:83685750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822638)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822638/; classtype:trojan-activity;sid:83685738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822634)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822634/; classtype:trojan-activity;sid:83685734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822620)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822620/; classtype:trojan-activity;sid:83685720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822606)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822606/; classtype:trojan-activity;sid:83685706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822608)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.42.98.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822608/; classtype:trojan-activity;sid:83685708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822612)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822612/; classtype:trojan-activity;sid:83685712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822615)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"125.20.254.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822615/; classtype:trojan-activity;sid:83685715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822592)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822592/; classtype:trojan-activity;sid:83685692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822596)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822596/; classtype:trojan-activity;sid:83685696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822575)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.4.222.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822575/; classtype:trojan-activity;sid:83685675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822578)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822578/; classtype:trojan-activity;sid:83685678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822583)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822583/; classtype:trojan-activity;sid:83685683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822570)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822570/; classtype:trojan-activity;sid:83685670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822571)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822571/; classtype:trojan-activity;sid:83685671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822574)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822574/; classtype:trojan-activity;sid:83685674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822553)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822553/; classtype:trojan-activity;sid:83685653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822548/; classtype:trojan-activity;sid:83685648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822544)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822544/; classtype:trojan-activity;sid:83685644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822538)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.181.166.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822538/; classtype:trojan-activity;sid:83685638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822543)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822543/; classtype:trojan-activity;sid:83685643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822532)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822532/; classtype:trojan-activity;sid:83685632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822518)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822518/; classtype:trojan-activity;sid:83685618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822522)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822522/; classtype:trojan-activity;sid:83685622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822512)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822512/; classtype:trojan-activity;sid:83685612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822517)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.66.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822517/; classtype:trojan-activity;sid:83685617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822498)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822498/; classtype:trojan-activity;sid:83685598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822495)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822495/; classtype:trojan-activity;sid:83685595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822488/; classtype:trojan-activity;sid:83685588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822478)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822478/; classtype:trojan-activity;sid:83685578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822482)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822482/; classtype:trojan-activity;sid:83685582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822485)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822485/; classtype:trojan-activity;sid:83685585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822467)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822467/; classtype:trojan-activity;sid:83685567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822468)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822468/; classtype:trojan-activity;sid:83685568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822471)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822471/; classtype:trojan-activity;sid:83685571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822457)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.28.86.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822457/; classtype:trojan-activity;sid:83685557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822460)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822460/; classtype:trojan-activity;sid:83685560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822462)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822462/; classtype:trojan-activity;sid:83685562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822452)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.219.187.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822452/; classtype:trojan-activity;sid:83685552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822443)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822443/; classtype:trojan-activity;sid:83685543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.134.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822426/; classtype:trojan-activity;sid:83685526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822416)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822416/; classtype:trojan-activity;sid:83685516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822417)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822417/; classtype:trojan-activity;sid:83685517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822411)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.111.14.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822411/; classtype:trojan-activity;sid:83685511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822400)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.160.75.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822400/; classtype:trojan-activity;sid:83685500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822401)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822401/; classtype:trojan-activity;sid:83685501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822405)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822405/; classtype:trojan-activity;sid:83685505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822389)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822389/; classtype:trojan-activity;sid:83685489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822395)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822395/; classtype:trojan-activity;sid:83685495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822396/; classtype:trojan-activity;sid:83685496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822377)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822377/; classtype:trojan-activity;sid:83685477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822383)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822383/; classtype:trojan-activity;sid:83685483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822384)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822384/; classtype:trojan-activity;sid:83685484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822385)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822385/; classtype:trojan-activity;sid:83685485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822371)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822371/; classtype:trojan-activity;sid:83685471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822372/; classtype:trojan-activity;sid:83685472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822373)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.97.190.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822373/; classtype:trojan-activity;sid:83685473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822374)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822374/; classtype:trojan-activity;sid:83685474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822357)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.255.67.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822357/; classtype:trojan-activity;sid:83685457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822363)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822363/; classtype:trojan-activity;sid:83685463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822364)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822364/; classtype:trojan-activity;sid:83685464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822353)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822353/; classtype:trojan-activity;sid:83685453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822355)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822355/; classtype:trojan-activity;sid:83685455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822337)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822337/; classtype:trojan-activity;sid:83685437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822331)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"131.108.39.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822331/; classtype:trojan-activity;sid:83685431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822334)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822334/; classtype:trojan-activity;sid:83685434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822325)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822325/; classtype:trojan-activity;sid:83685425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822316/; classtype:trojan-activity;sid:83685416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822303)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.66.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822303/; classtype:trojan-activity;sid:83685403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822302)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822302/; classtype:trojan-activity;sid:83685402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822292)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.101.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822292/; classtype:trojan-activity;sid:83685392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822294)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822294/; classtype:trojan-activity;sid:83685394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822287/; classtype:trojan-activity;sid:83685387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822275)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822275/; classtype:trojan-activity;sid:83685375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822280/; classtype:trojan-activity;sid:83685380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822281)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.202.63.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822281/; classtype:trojan-activity;sid:83685381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822268/; classtype:trojan-activity;sid:83685368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822270)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822270/; classtype:trojan-activity;sid:83685370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822263)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822263/; classtype:trojan-activity;sid:83685363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822255/; classtype:trojan-activity;sid:83685355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822249)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822249/; classtype:trojan-activity;sid:83685349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822250)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822250/; classtype:trojan-activity;sid:83685350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822239)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.193.97.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822239/; classtype:trojan-activity;sid:83685339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822244/; classtype:trojan-activity;sid:83685344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822227)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822227/; classtype:trojan-activity;sid:83685327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822228)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822228/; classtype:trojan-activity;sid:83685328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822218)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.214.31.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822218/; classtype:trojan-activity;sid:83685318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822215)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.237.112.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822215/; classtype:trojan-activity;sid:83685315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822204)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822204/; classtype:trojan-activity;sid:83685304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822207)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822207/; classtype:trojan-activity;sid:83685307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822196)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822196/; classtype:trojan-activity;sid:83685296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822197)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822197/; classtype:trojan-activity;sid:83685297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822198)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822198/; classtype:trojan-activity;sid:83685298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822199)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.52.94.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822199/; classtype:trojan-activity;sid:83685299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822192)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822192/; classtype:trojan-activity;sid:83685292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822186)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.168.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822186/; classtype:trojan-activity;sid:83685286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822190/; classtype:trojan-activity;sid:83685290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822184)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822184/; classtype:trojan-activity;sid:83685284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822173)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822173/; classtype:trojan-activity;sid:83685273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822178/; classtype:trojan-activity;sid:83685278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822163)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.250.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822163/; classtype:trojan-activity;sid:83685263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822165/; classtype:trojan-activity;sid:83685265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822167)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822167/; classtype:trojan-activity;sid:83685267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822170)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.93.219.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822170/; classtype:trojan-activity;sid:83685270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822155)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822155/; classtype:trojan-activity;sid:83685255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822142/; classtype:trojan-activity;sid:83685242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822140)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822140/; classtype:trojan-activity;sid:83685240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822129)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822129/; classtype:trojan-activity;sid:83685229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822131)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822131/; classtype:trojan-activity;sid:83685231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822132/; classtype:trojan-activity;sid:83685232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822121/; classtype:trojan-activity;sid:83685221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822123/; classtype:trojan-activity;sid:83685223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822102)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822102/; classtype:trojan-activity;sid:83685202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822107)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822107/; classtype:trojan-activity;sid:83685207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822098)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.10.183.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822098/; classtype:trojan-activity;sid:83685198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822094)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.158.238.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822094/; classtype:trojan-activity;sid:83685194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822088)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.122.210.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822088/; classtype:trojan-activity;sid:83685188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822091)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822091/; classtype:trojan-activity;sid:83685191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822070)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.26.180.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822070/; classtype:trojan-activity;sid:83685170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822072)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822072/; classtype:trojan-activity;sid:83685172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822064)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822064/; classtype:trojan-activity;sid:83685164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822058)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822058/; classtype:trojan-activity;sid:83685158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822054)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822054/; classtype:trojan-activity;sid:83685154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822048/; classtype:trojan-activity;sid:83685148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822050)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.18.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822050/; classtype:trojan-activity;sid:83685150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822042)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822042/; classtype:trojan-activity;sid:83685142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822044)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822044/; classtype:trojan-activity;sid:83685144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822047)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822047/; classtype:trojan-activity;sid:83685147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822039)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822039/; classtype:trojan-activity;sid:83685139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822041)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822041/; classtype:trojan-activity;sid:83685141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822017)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822017/; classtype:trojan-activity;sid:83685117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822014)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822014/; classtype:trojan-activity;sid:83685114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822003)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.38.171.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822003/; classtype:trojan-activity;sid:83685103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822004)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822004/; classtype:trojan-activity;sid:83685104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822006/; classtype:trojan-activity;sid:83685106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821983)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.242.106.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821983/; classtype:trojan-activity;sid:83685083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"183.108.106.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821974/; classtype:trojan-activity;sid:83685074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821977)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821977/; classtype:trojan-activity;sid:83685077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821980)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821980/; classtype:trojan-activity;sid:83685080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821967)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.73.75.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821967/; classtype:trojan-activity;sid:83685067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821961)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821961/; classtype:trojan-activity;sid:83685061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821963)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.204.154.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821963/; classtype:trojan-activity;sid:83685063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821959)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821959/; classtype:trojan-activity;sid:83685059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.56.164.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821941/; classtype:trojan-activity;sid:83685041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821942/; classtype:trojan-activity;sid:83685042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821944)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821944/; classtype:trojan-activity;sid:83685044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821949)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821949/; classtype:trojan-activity;sid:83685049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821928)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821928/; classtype:trojan-activity;sid:83685028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821939)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821939/; classtype:trojan-activity;sid:83685039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821925)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821925/; classtype:trojan-activity;sid:83685025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821915)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821915/; classtype:trojan-activity;sid:83685015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.4.222.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821863/; classtype:trojan-activity;sid:83684963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821854/; classtype:trojan-activity;sid:83684954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821851/; classtype:trojan-activity;sid:83684951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821836/; classtype:trojan-activity;sid:83684936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.155.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821838/; classtype:trojan-activity;sid:83684938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821829/; classtype:trojan-activity;sid:83684929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821818/; classtype:trojan-activity;sid:83684918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821806/; classtype:trojan-activity;sid:83684906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821801/; classtype:trojan-activity;sid:83684901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821804/; classtype:trojan-activity;sid:83684904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821790/; classtype:trojan-activity;sid:83684890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.55.98.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821777/; classtype:trojan-activity;sid:83684877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821764/; classtype:trojan-activity;sid:83684864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821760/; classtype:trojan-activity;sid:83684860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821762/; classtype:trojan-activity;sid:83684862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821754/; classtype:trojan-activity;sid:83684854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821755/; classtype:trojan-activity;sid:83684855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821751/; classtype:trojan-activity;sid:83684851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821740/; classtype:trojan-activity;sid:83684840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821737/; classtype:trojan-activity;sid:83684837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821722/; classtype:trojan-activity;sid:83684822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821726/; classtype:trojan-activity;sid:83684826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.255.10.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821718/; classtype:trojan-activity;sid:83684818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821706/; classtype:trojan-activity;sid:83684806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821710/; classtype:trojan-activity;sid:83684810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821711/; classtype:trojan-activity;sid:83684811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821699/; classtype:trojan-activity;sid:83684799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821683/; classtype:trojan-activity;sid:83684783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821687/; classtype:trojan-activity;sid:83684787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.158.238.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821688/; classtype:trojan-activity;sid:83684788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821689/; classtype:trojan-activity;sid:83684789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821676/; classtype:trojan-activity;sid:83684776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821677/; classtype:trojan-activity;sid:83684777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821670/; classtype:trojan-activity;sid:83684770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821660/; classtype:trojan-activity;sid:83684760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821657/; classtype:trojan-activity;sid:83684757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821659/; classtype:trojan-activity;sid:83684759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.28.86.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821652/; classtype:trojan-activity;sid:83684752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.20.254.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821650/; classtype:trojan-activity;sid:83684750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821639/; classtype:trojan-activity;sid:83684739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821629/; classtype:trojan-activity;sid:83684729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821633/; classtype:trojan-activity;sid:83684733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.65.35.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821634/; classtype:trojan-activity;sid:83684734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821619/; classtype:trojan-activity;sid:83684719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.207.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821622/; classtype:trojan-activity;sid:83684722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821616/; classtype:trojan-activity;sid:83684716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821617/; classtype:trojan-activity;sid:83684717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.33.204.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821612/; classtype:trojan-activity;sid:83684712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.68.95.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821599/; classtype:trojan-activity;sid:83684699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821595/; classtype:trojan-activity;sid:83684695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.66.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821583/; classtype:trojan-activity;sid:83684683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820658/; classtype:trojan-activity;sid:83683758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820623)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/esa0xclp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820623/; classtype:trojan-activity;sid:83683723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818986/; classtype:trojan-activity;sid:83682086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818981/; classtype:trojan-activity;sid:83682081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818983/; classtype:trojan-activity;sid:83682083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818975/; classtype:trojan-activity;sid:83682075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.242.106.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818977/; classtype:trojan-activity;sid:83682077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818963/; classtype:trojan-activity;sid:83682063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818966/; classtype:trojan-activity;sid:83682066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.72.19.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818959/; classtype:trojan-activity;sid:83682059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818946/; classtype:trojan-activity;sid:83682046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818931/; classtype:trojan-activity;sid:83682031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.49.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818914/; classtype:trojan-activity;sid:83682014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818911/; classtype:trojan-activity;sid:83682011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818905/; classtype:trojan-activity;sid:83682005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818899/; classtype:trojan-activity;sid:83681999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818884/; classtype:trojan-activity;sid:83681984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.10.183.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818888/; classtype:trojan-activity;sid:83681988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818881/; classtype:trojan-activity;sid:83681981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818874/; classtype:trojan-activity;sid:83681974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.94.9.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818867/; classtype:trojan-activity;sid:83681967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.111.14.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818868/; classtype:trojan-activity;sid:83681968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818865/; classtype:trojan-activity;sid:83681965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818866/; classtype:trojan-activity;sid:83681966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.181.166.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818861/; classtype:trojan-activity;sid:83681961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.12.76.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818863/; classtype:trojan-activity;sid:83681963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.31.28.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818864/; classtype:trojan-activity;sid:83681964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818852/; classtype:trojan-activity;sid:83681952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818853/; classtype:trojan-activity;sid:83681953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.122.210.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818845/; classtype:trojan-activity;sid:83681945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818833/; classtype:trojan-activity;sid:83681933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.52.94.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818837/; classtype:trojan-activity;sid:83681937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818838/; classtype:trojan-activity;sid:83681938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.55.247.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818841/; classtype:trojan-activity;sid:83681941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818843/; classtype:trojan-activity;sid:83681943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818832/; classtype:trojan-activity;sid:83681932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.102.177.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818823/; classtype:trojan-activity;sid:83681923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818800/; classtype:trojan-activity;sid:83681900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.227.22.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818803/; classtype:trojan-activity;sid:83681903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.180.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818781/; classtype:trojan-activity;sid:83681881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.136.240.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818773/; classtype:trojan-activity;sid:83681873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818777/; classtype:trojan-activity;sid:83681877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818778/; classtype:trojan-activity;sid:83681878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818772/; classtype:trojan-activity;sid:83681872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818758/; classtype:trojan-activity;sid:83681858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.227.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818763/; classtype:trojan-activity;sid:83681863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.219.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818223/; classtype:trojan-activity;sid:83681323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817239)"; flow:established,from_client; content:"GET"; http_method; content:"/pbhhdf/12/raw/main/keepvid-pro_full2578.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817239/; classtype:trojan-activity;sid:83680339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814157)"; flow:established,from_client; content:"GET"; http_method; content:"/exploits/full-nelson.c"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"vulnfactory.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814157/; classtype:trojan-activity;sid:83677257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814129/; classtype:trojan-activity;sid:83677229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814127/; classtype:trojan-activity;sid:83677227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814122/; classtype:trojan-activity;sid:83677222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814109/; classtype:trojan-activity;sid:83677209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.73.75.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814101/; classtype:trojan-activity;sid:83677201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.126.186.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814105/; classtype:trojan-activity;sid:83677205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814095/; classtype:trojan-activity;sid:83677195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"131.108.39.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814096/; classtype:trojan-activity;sid:83677196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814082/; classtype:trojan-activity;sid:83677182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.72.199.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813791/; classtype:trojan-activity;sid:83676891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813150/; classtype:trojan-activity;sid:83676250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813143/; classtype:trojan-activity;sid:83676243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813133/; classtype:trojan-activity;sid:83676233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813132/; classtype:trojan-activity;sid:83676232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813125/; classtype:trojan-activity;sid:83676225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.219.187.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813110/; classtype:trojan-activity;sid:83676210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813111/; classtype:trojan-activity;sid:83676211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.5.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813106/; classtype:trojan-activity;sid:83676206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.67.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813092/; classtype:trojan-activity;sid:83676192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813098/; classtype:trojan-activity;sid:83676198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813100/; classtype:trojan-activity;sid:83676200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813084/; classtype:trojan-activity;sid:83676184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.39.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813081/; classtype:trojan-activity;sid:83676181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813078/; classtype:trojan-activity;sid:83676178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.136.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813068/; classtype:trojan-activity;sid:83676168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.204.154.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813069/; classtype:trojan-activity;sid:83676169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813072/; classtype:trojan-activity;sid:83676172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813060/; classtype:trojan-activity;sid:83676160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813052/; classtype:trojan-activity;sid:83676152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.101.226.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813026/; classtype:trojan-activity;sid:83676126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809237/; classtype:trojan-activity;sid:83672337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809236/; classtype:trojan-activity;sid:83672336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.239.105.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809231/; classtype:trojan-activity;sid:83672331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809227/; classtype:trojan-activity;sid:83672327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.221.36.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809229/; classtype:trojan-activity;sid:83672329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809223/; classtype:trojan-activity;sid:83672323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809225/; classtype:trojan-activity;sid:83672325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809226/; classtype:trojan-activity;sid:83672326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809208/; classtype:trojan-activity;sid:83672308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809209/; classtype:trojan-activity;sid:83672309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.160.75.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809212/; classtype:trojan-activity;sid:83672312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.95.186.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809204/; classtype:trojan-activity;sid:83672304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809203/; classtype:trojan-activity;sid:83672303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.202.63.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809199/; classtype:trojan-activity;sid:83672299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809173/; classtype:trojan-activity;sid:83672273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809171/; classtype:trojan-activity;sid:83672271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809167/; classtype:trojan-activity;sid:83672267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809158/; classtype:trojan-activity;sid:83672258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.5.6.69"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809145/; classtype:trojan-activity;sid:83672245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809149/; classtype:trojan-activity;sid:83672249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809136/; classtype:trojan-activity;sid:83672236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809140/; classtype:trojan-activity;sid:83672240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809132/; classtype:trojan-activity;sid:83672232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809128/; classtype:trojan-activity;sid:83672228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.193.97.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809122/; classtype:trojan-activity;sid:83672222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809123/; classtype:trojan-activity;sid:83672223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809117/; classtype:trojan-activity;sid:83672217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809107/; classtype:trojan-activity;sid:83672207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.87.236.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809102/; classtype:trojan-activity;sid:83672202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.155.192.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809106/; classtype:trojan-activity;sid:83672206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.56.164.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809099/; classtype:trojan-activity;sid:83672199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809084/; classtype:trojan-activity;sid:83672184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809073/; classtype:trojan-activity;sid:83672173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809006/; classtype:trojan-activity;sid:83672106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808986/; classtype:trojan-activity;sid:83672086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808981/; classtype:trojan-activity;sid:83672081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808966/; classtype:trojan-activity;sid:83672066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808967/; classtype:trojan-activity;sid:83672067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808957/; classtype:trojan-activity;sid:83672057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808948/; classtype:trojan-activity;sid:83672048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808947/; classtype:trojan-activity;sid:83672047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808944/; classtype:trojan-activity;sid:83672044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808933/; classtype:trojan-activity;sid:83672033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808935/; classtype:trojan-activity;sid:83672035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.108.106.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808938/; classtype:trojan-activity;sid:83672038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808924/; classtype:trojan-activity;sid:83672024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808928/; classtype:trojan-activity;sid:83672028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808907/; classtype:trojan-activity;sid:83672007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808910/; classtype:trojan-activity;sid:83672010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.97.190.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808903/; classtype:trojan-activity;sid:83672003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.95.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808888/; classtype:trojan-activity;sid:83671988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808883/; classtype:trojan-activity;sid:83671983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.61.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808876/; classtype:trojan-activity;sid:83671976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808872/; classtype:trojan-activity;sid:83671972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.16.75.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808873/; classtype:trojan-activity;sid:83671973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808870/; classtype:trojan-activity;sid:83671970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.21.120.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808871/; classtype:trojan-activity;sid:83671971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808854/; classtype:trojan-activity;sid:83671954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808855/; classtype:trojan-activity;sid:83671955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808836/; classtype:trojan-activity;sid:83671936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.214.31.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808839/; classtype:trojan-activity;sid:83671939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.134.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808822/; classtype:trojan-activity;sid:83671922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808823/; classtype:trojan-activity;sid:83671923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808827/; classtype:trojan-activity;sid:83671927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808829/; classtype:trojan-activity;sid:83671929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808809/; classtype:trojan-activity;sid:83671909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808794/; classtype:trojan-activity;sid:83671894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808795/; classtype:trojan-activity;sid:83671895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808771/; classtype:trojan-activity;sid:83671871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808756/; classtype:trojan-activity;sid:83671856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.157.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808758/; classtype:trojan-activity;sid:83671858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.101.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808742/; classtype:trojan-activity;sid:83671842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.214.241.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808734/; classtype:trojan-activity;sid:83671834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808737/; classtype:trojan-activity;sid:83671837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.114.97.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808740/; classtype:trojan-activity;sid:83671840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808708/; classtype:trojan-activity;sid:83671808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808710/; classtype:trojan-activity;sid:83671810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"12.148.208.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808713/; classtype:trojan-activity;sid:83671813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.62.179.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808715/; classtype:trojan-activity;sid:83671815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808717/; classtype:trojan-activity;sid:83671817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808652/; classtype:trojan-activity;sid:83671752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808644/; classtype:trojan-activity;sid:83671744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808636/; classtype:trojan-activity;sid:83671736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808631/; classtype:trojan-activity;sid:83671731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.176.137.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808630/; classtype:trojan-activity;sid:83671730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.66.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808625/; classtype:trojan-activity;sid:83671725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.218.139.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808622/; classtype:trojan-activity;sid:83671722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808603/; classtype:trojan-activity;sid:83671703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808594/; classtype:trojan-activity;sid:83671694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.237.112.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808595/; classtype:trojan-activity;sid:83671695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808599/; classtype:trojan-activity;sid:83671699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.69.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808575/; classtype:trojan-activity;sid:83671675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.73.242.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808563/; classtype:trojan-activity;sid:83671663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808562/; classtype:trojan-activity;sid:83671662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808560/; classtype:trojan-activity;sid:83671660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808545/; classtype:trojan-activity;sid:83671645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808551/; classtype:trojan-activity;sid:83671651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808533/; classtype:trojan-activity;sid:83671633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808535/; classtype:trojan-activity;sid:83671635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808520/; classtype:trojan-activity;sid:83671620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808515/; classtype:trojan-activity;sid:83671615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808518/; classtype:trojan-activity;sid:83671618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808504/; classtype:trojan-activity;sid:83671604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.18.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808508/; classtype:trojan-activity;sid:83671608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808502/; classtype:trojan-activity;sid:83671602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808496/; classtype:trojan-activity;sid:83671596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808492/; classtype:trojan-activity;sid:83671592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808485/; classtype:trojan-activity;sid:83671585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808470/; classtype:trojan-activity;sid:83671570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.55.243.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808462/; classtype:trojan-activity;sid:83671562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808448/; classtype:trojan-activity;sid:83671548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808444/; classtype:trojan-activity;sid:83671544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808430/; classtype:trojan-activity;sid:83671530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808416/; classtype:trojan-activity;sid:83671516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808418/; classtype:trojan-activity;sid:83671518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808420/; classtype:trojan-activity;sid:83671520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808390/; classtype:trojan-activity;sid:83671490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.187.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808399/; classtype:trojan-activity;sid:83671499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808380/; classtype:trojan-activity;sid:83671480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808371/; classtype:trojan-activity;sid:83671471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808373/; classtype:trojan-activity;sid:83671473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808374/; classtype:trojan-activity;sid:83671474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808309)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808309/; classtype:trojan-activity;sid:83671409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808300)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808300/; classtype:trojan-activity;sid:83671400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808287/; classtype:trojan-activity;sid:83671387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808291)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808291/; classtype:trojan-activity;sid:83671391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808281)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808281/; classtype:trojan-activity;sid:83671381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808274)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808274/; classtype:trojan-activity;sid:83671374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808275)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808275/; classtype:trojan-activity;sid:83671375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808279)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808279/; classtype:trojan-activity;sid:83671379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808280)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808280/; classtype:trojan-activity;sid:83671380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808267)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808267/; classtype:trojan-activity;sid:83671367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808231)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808231/; classtype:trojan-activity;sid:83671331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808232)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808232/; classtype:trojan-activity;sid:83671332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808235)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808235/; classtype:trojan-activity;sid:83671335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808236/; classtype:trojan-activity;sid:83671336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808241)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808241/; classtype:trojan-activity;sid:83671341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808242/; classtype:trojan-activity;sid:83671342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808249)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808249/; classtype:trojan-activity;sid:83671349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808225)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808225/; classtype:trojan-activity;sid:83671325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808227/; classtype:trojan-activity;sid:83671327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808215)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808215/; classtype:trojan-activity;sid:83671315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808217)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808217/; classtype:trojan-activity;sid:83671317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808222/; classtype:trojan-activity;sid:83671322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808198/; classtype:trojan-activity;sid:83671298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808187/; classtype:trojan-activity;sid:83671287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808189/; classtype:trojan-activity;sid:83671289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808196/; classtype:trojan-activity;sid:83671296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808184/; classtype:trojan-activity;sid:83671284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808167/; classtype:trojan-activity;sid:83671267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.123.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808168/; classtype:trojan-activity;sid:83671268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808161/; classtype:trojan-activity;sid:83671261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; content:"GET"; http_method; content:"/ping"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804806)"; flow:established,from_client; content:"GET"; http_method; content:"/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"distro.ibiblio.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804806/; classtype:trojan-activity;sid:83667906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799350)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dkj56fnkcbsf3inlqszzm7vpvq3dmdl5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799350/; classtype:trojan-activity;sid:83662450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798325)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.119.134.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798325/; classtype:trojan-activity;sid:83661425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798324)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"75.119.134.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798324/; classtype:trojan-activity;sid:83661424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795045)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"metrics.gocloudmaps.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2795045/; classtype:trojan-activity;sid:83658145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790578)"; flow:established,from_client; content:"GET"; http_method; content:"/.index/scan.tar"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.216.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790578/; classtype:trojan-activity;sid:83653678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789249)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1aygcpsnow8esde5bkkuaj0bygkowvttd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2789249/; classtype:trojan-activity;sid:83652349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; content:"GET"; http_method; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"60.22.23.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787399)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1stvkjdfiwxw79oezmc62wzmjjaeftyze"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787399/; classtype:trojan-activity;sid:83650499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787397)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hditwve1kadzeycbldxttxi4mmhddgyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787397/; classtype:trojan-activity;sid:83650497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787024)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"65.49.44.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787024/; classtype:trojan-activity;sid:83650124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787023)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.113.35.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787023/; classtype:trojan-activity;sid:83650123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786674)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"47.101.206.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786674/; classtype:trojan-activity;sid:83649774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; content:"GET"; http_method; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785447)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/tinder%20bot.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785447/; classtype:trojan-activity;sid:83648547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782882)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782882/; classtype:trojan-activity;sid:83645982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782434)"; flow:established,from_client; content:"GET"; http_method; content:"/17c4755d1d45ed1bb454/8703634058188758823"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"f24-zfcloud.zdn.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782434/; classtype:trojan-activity;sid:83645534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780273)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ge6chcvywbep4kgx_odpxtvfi3vj-zwy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780273/; classtype:trojan-activity;sid:83643373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780261)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780261/; classtype:trojan-activity;sid:83643361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776130)"; flow:established,from_client; content:"GET"; http_method; content:"//pcs/click|3f|adurl=//bamautzky.de/red.php"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776130/; classtype:trojan-activity;sid:83639230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772697)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/x.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772697/; classtype:trojan-activity;sid:83635797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772689)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/met111.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772689/; classtype:trojan-activity;sid:83635789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769165/; classtype:trojan-activity;sid:83632265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769015)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"www.ojang.pe.kr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769015/; classtype:trojan-activity;sid:83632115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_r1.bmp"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765626)"; flow:established,from_client; content:"GET"; http_method; content:"/hitmanpro.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hitman-pro.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765626/; classtype:trojan-activity;sid:83628726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765616)"; flow:established,from_client; content:"GET"; http_method; content:"/css/down.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"computersupportexperts.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765616/; classtype:trojan-activity;sid:83628716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765602)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f||7c|26|7c|adurl=https://patricstoremegans2.com/"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765602/; classtype:trojan-activity;sid:83628702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765586)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_default.bmp"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765586/; classtype:trojan-activity;sid:83628686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764512)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764512/; classtype:trojan-activity;sid:83627612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764507)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764507/; classtype:trojan-activity;sid:83627607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764508)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764508/; classtype:trojan-activity;sid:83627608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764509)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764509/; classtype:trojan-activity;sid:83627609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2761815)"; flow:established,from_client; content:"GET"; http_method; content:"/dt9.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"delp-heizungsbau.de"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_02_15; reference:url, urlhaus.abuse.ch/url/2761815/; classtype:trojan-activity;sid:83624915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754787)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754787/; classtype:trojan-activity;sid:83617887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754785)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754785/; classtype:trojan-activity;sid:83617885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2753677)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//projetodegente.com"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_30; reference:url, urlhaus.abuse.ch/url/2753677/; classtype:trojan-activity;sid:83616777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751573)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//higreens.co.in"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_25; reference:url, urlhaus.abuse.ch/url/2751573/; classtype:trojan-activity;sid:83614673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751543)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//kavyasourcing.com/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_25; reference:url, urlhaus.abuse.ch/url/2751543/; classtype:trojan-activity;sid:83614643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751237)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://cliffg.me"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751237/; classtype:trojan-activity;sid:83614337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751171)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://streammobs.com/"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751171/; classtype:trojan-activity;sid:83614271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749355)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://redeamazoniaazul.org/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749355/; classtype:trojan-activity;sid:83612455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749356)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//www.jd-forever.com/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749356/; classtype:trojan-activity;sid:83612456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749357)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//old.umcl.us/"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749357/; classtype:trojan-activity;sid:83612457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749182)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://wegrowcoaching.com/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_17; reference:url, urlhaus.abuse.ch/url/2749182/; classtype:trojan-activity;sid:83612282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749177)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://dongyu.us/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_17; reference:url, urlhaus.abuse.ch/url/2749177/; classtype:trojan-activity;sid:83612277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748605)"; flow:established,from_client; content:"GET"; http_method; content:"/ssslllap1/asdasd/raw/main/crypted.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_13; reference:url, urlhaus.abuse.ch/url/2748605/; classtype:trojan-activity;sid:83611705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv5qahzp_toxgct3ezfvvy4q3a5vvh6s"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748349/; classtype:trojan-activity;sid:83611449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747896)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//vaibhavtripathi.in"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747896/; classtype:trojan-activity;sid:83610996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747890)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//procuratio.nu/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747890/; classtype:trojan-activity;sid:83610990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747433)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zpmmtvzq"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_08; reference:url, urlhaus.abuse.ch/url/2747433/; classtype:trojan-activity;sid:83610533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746783)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_06; reference:url, urlhaus.abuse.ch/url/2746783/; classtype:trojan-activity;sid:83609883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746751)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/avmezmcr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_05; reference:url, urlhaus.abuse.ch/url/2746751/; classtype:trojan-activity;sid:83609851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746285)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/v7jxrycp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_04; reference:url, urlhaus.abuse.ch/url/2746285/; classtype:trojan-activity;sid:83609385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2745294)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fvia.id.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_12_30; reference:url, urlhaus.abuse.ch/url/2745294/; classtype:trojan-activity;sid:83608394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743461)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12rmvuwgpj0dzbb3haoaww2lviavhvb4r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743461/; classtype:trojan-activity;sid:83606561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743460)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rfsmrzeanvap2tnmtwrptlepwarwlkge"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743460/; classtype:trojan-activity;sid:83606560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742817)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://synergyconsulting.us"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_20; reference:url, urlhaus.abuse.ch/url/2742817/; classtype:trojan-activity;sid:83605917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742524)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//www.deltabehavioralhealth.org/"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742524/; classtype:trojan-activity;sid:83605624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742518)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k0bqhrtnu4v1yexoni5p1utyjuohmfzm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742518/; classtype:trojan-activity;sid:83605618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742516)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fhqpevblkipshqumjmsbzeetdzhzxv-j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742516/; classtype:trojan-activity;sid:83605616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740202)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//balkarsoftware.cubistech.com"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_13; reference:url, urlhaus.abuse.ch/url/2740202/; classtype:trojan-activity;sid:83603302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2738928)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.5.6.69"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_12_08; reference:url, urlhaus.abuse.ch/url/2738928/; classtype:trojan-activity;sid:83602028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2738603)"; flow:established,from_client; content:"GET"; http_method; content:"/autorun.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.209.176.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_07; reference:url, urlhaus.abuse.ch/url/2738603/; classtype:trojan-activity;sid:83601703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733771)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733771/; classtype:trojan-activity;sid:83596871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733212)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//churchinmanila.org/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_20; reference:url, urlhaus.abuse.ch/url/2733212/; classtype:trojan-activity;sid:83596312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731428)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"muzzumilruheel.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_11_17; reference:url, urlhaus.abuse.ch/url/2731428/; classtype:trojan-activity;sid:83594528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731061)"; flow:established,from_client; content:"GET"; http_method; content:"/centro/index.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"spst.hqup.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_11_15; reference:url, urlhaus.abuse.ch/url/2731061/; classtype:trojan-activity;sid:83594161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; content:"GET"; http_method; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729736)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://posicionamientonatural.es/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729736/; classtype:trojan-activity;sid:83592836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729405)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://namaacont.com/"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729405/; classtype:trojan-activity;sid:83592505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2728799)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wfwtp8qn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_11_07; reference:url, urlhaus.abuse.ch/url/2728799/; classtype:trojan-activity;sid:83591899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2727395)"; flow:established,from_client; content:"GET"; http_method; content:"/frankcastle2/0/main/0j"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_03; reference:url, urlhaus.abuse.ch/url/2727395/; classtype:trojan-activity;sid:83590495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726994)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lhnnwoydntgqibsykxwgd32s5xftxvfh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726994/; classtype:trojan-activity;sid:83590094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726777)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sqvm1xsoranfnvqst_kkdmn8yhgulm4k"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726777/; classtype:trojan-activity;sid:83589877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726592)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zqzivoxid6wgvjstzd0lg2vxnpnc-puf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726592/; classtype:trojan-activity;sid:83589692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; content:"GET"; http_method; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726089)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gfn3lqd1rvybut4ha-ldl92wt8ysrzfc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726089/; classtype:trojan-activity;sid:83589189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722703)"; flow:established,from_client; content:"GET"; http_method; content:"/image.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ircftp.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_10_20; reference:url, urlhaus.abuse.ch/url/2722703/; classtype:trojan-activity;sid:83585803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.152.81.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_16; reference:url, urlhaus.abuse.ch/url/2720935/; classtype:trojan-activity;sid:83584035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715902)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.168.123.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_02; reference:url, urlhaus.abuse.ch/url/2715902/; classtype:trojan-activity;sid:83579002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714668)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.41.182.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714668/; classtype:trojan-activity;sid:83577768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713056)"; flow:established,from_client; content:"GET"; http_method; content:"/rter/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"tanscarattorneys.co.tz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713056/; classtype:trojan-activity;sid:83576156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2708874)"; flow:established,from_client; content:"GET"; http_method; content:"/readme.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"svirtual.sanviatorperu.edu.pe"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_01; reference:url, urlhaus.abuse.ch/url/2708874/; classtype:trojan-activity;sid:83571974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705989)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.94.9.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_21; reference:url, urlhaus.abuse.ch/url/2705989/; classtype:trojan-activity;sid:83569089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2702776)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scler.ttf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"scainseto.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_08_08; reference:url, urlhaus.abuse.ch/url/2702776/; classtype:trojan-activity;sid:83565876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2701777)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tm63vbgu"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_07; reference:url, urlhaus.abuse.ch/url/2701777/; classtype:trojan-activity;sid:83564877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2694556)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/plain-sunset-8e5d78/original/js.jpeg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_08_01; reference:url, urlhaus.abuse.ch/url/2694556/; classtype:trojan-activity;sid:83557656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; content:"GET"; http_method; content:"/housenetshare.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"stdown.dinju.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2692699)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/long-glade-33dc08/original/rump_img.jpeg"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_07_30; reference:url, urlhaus.abuse.ch/url/2692699/; classtype:trojan-activity;sid:83555799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2690396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.198.242.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_26; reference:url, urlhaus.abuse.ch/url/2690396/; classtype:trojan-activity;sid:83553496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2688262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_23; reference:url, urlhaus.abuse.ch/url/2688262/; classtype:trojan-activity;sid:83551362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2687872)"; flow:established,from_client; content:"GET"; http_method; content:"/new.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"resourceedge.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_22; reference:url, urlhaus.abuse.ch/url/2687872/; classtype:trojan-activity;sid:83550972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2686558)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jc80ycae"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_20; reference:url, urlhaus.abuse.ch/url/2686558/; classtype:trojan-activity;sid:83549658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676029)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rr3hywgc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_03; reference:url, urlhaus.abuse.ch/url/2676029/; classtype:trojan-activity;sid:83539129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2675524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_07_02; reference:url, urlhaus.abuse.ch/url/2675524/; classtype:trojan-activity;sid:83538624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661661)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661661/; classtype:trojan-activity;sid:83524761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661657)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661657/; classtype:trojan-activity;sid:83524757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661658)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661658/; classtype:trojan-activity;sid:83524758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661659)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661659/; classtype:trojan-activity;sid:83524759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661660)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661660/; classtype:trojan-activity;sid:83524760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661653)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661653/; classtype:trojan-activity;sid:83524753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661654)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661654/; classtype:trojan-activity;sid:83524754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661655)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661655/; classtype:trojan-activity;sid:83524755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661656)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661656/; classtype:trojan-activity;sid:83524756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2649103)"; flow:established,from_client; content:"GET"; http_method; content:"/etsdn/d715"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"151.236.9.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_01; reference:url, urlhaus.abuse.ch/url/2649103/; classtype:trojan-activity;sid:83512203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2632434)"; flow:established,from_client; content:"GET"; http_method; content:"/xqqsou.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_15; reference:url, urlhaus.abuse.ch/url/2632434/; classtype:trojan-activity;sid:83495534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2632435)"; flow:established,from_client; content:"GET"; http_method; content:"/jshggkofqk.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_15; reference:url, urlhaus.abuse.ch/url/2632435/; classtype:trojan-activity;sid:83495535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2629977)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|confirm=t|7c|26|7c|id=145b1fbjtyee3w1rjsazo7hzcoiiaxzum|7c|26|7c|uuid=eb581596-9566-4a21-b3b6-e6909eb42ff6|7c|26|7c|at=akkf8vzrltviqrn7wljfjcwisgcc:1683793107077"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_05_11; reference:url, urlhaus.abuse.ch/url/2629977/; classtype:trojan-activity;sid:83493077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628190)"; flow:established,from_client; content:"GET"; http_method; content:"/neicpac.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628190/; classtype:trojan-activity;sid:83491290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628180)"; flow:established,from_client; content:"GET"; http_method; content:"/jtnhsefe.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628180/; classtype:trojan-activity;sid:83491280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628183)"; flow:established,from_client; content:"GET"; http_method; content:"/btwvkpvlg.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628183/; classtype:trojan-activity;sid:83491283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628184)"; flow:established,from_client; content:"GET"; http_method; content:"/pepbg.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628184/; classtype:trojan-activity;sid:83491284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2628185)"; flow:established,from_client; content:"GET"; http_method; content:"/gkxcfiyk.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"208.67.107.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_05_10; reference:url, urlhaus.abuse.ch/url/2628185/; classtype:trojan-activity;sid:83491285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2622777)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1a5fq2ek"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_05_02; reference:url, urlhaus.abuse.ch/url/2622777/; classtype:trojan-activity;sid:83485877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617048)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617048/; classtype:trojan-activity;sid:83480148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617044)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617044/; classtype:trojan-activity;sid:83480144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617045)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617045/; classtype:trojan-activity;sid:83480145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617046)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617046/; classtype:trojan-activity;sid:83480146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617047)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617047/; classtype:trojan-activity;sid:83480147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617042)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617042/; classtype:trojan-activity;sid:83480142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617043)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617043/; classtype:trojan-activity;sid:83480143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.5.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615396/; classtype:trojan-activity;sid:83478496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615316/; classtype:trojan-activity;sid:83478416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615314)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615314/; classtype:trojan-activity;sid:83478414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615310)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615310/; classtype:trojan-activity;sid:83478410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615289)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.70.214.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615289/; classtype:trojan-activity;sid:83478389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615287/; classtype:trojan-activity;sid:83478387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615265)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.124.228.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615265/; classtype:trojan-activity;sid:83478365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615264)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.33.204.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615264/; classtype:trojan-activity;sid:83478364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615251)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.121.103.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615251/; classtype:trojan-activity;sid:83478351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2602547)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mdpqv8gx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_08; reference:url, urlhaus.abuse.ch/url/2602547/; classtype:trojan-activity;sid:83465647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2587598)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jtx57kpr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_27; reference:url, urlhaus.abuse.ch/url/2587598/; classtype:trojan-activity;sid:83450698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2582576)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.144.173.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_23; reference:url, urlhaus.abuse.ch/url/2582576/; classtype:trojan-activity;sid:83445676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; content:"GET"; http_method; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2579753)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fu3d5tvi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_21; reference:url, urlhaus.abuse.ch/url/2579753/; classtype:trojan-activity;sid:83442853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2573934)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/4jusqzvd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_16; reference:url, urlhaus.abuse.ch/url/2573934/; classtype:trojan-activity;sid:83437034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2573741)"; flow:established,from_client; content:"GET"; http_method; content:"/rid/rid.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jawaratekno.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_16; reference:url, urlhaus.abuse.ch/url/2573741/; classtype:trojan-activity;sid:83436841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2573727)"; flow:established,from_client; content:"GET"; http_method; content:"/sb/sb.js"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"afrihealthexpo.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_03_16; reference:url, urlhaus.abuse.ch/url/2573727/; classtype:trojan-activity;sid:83436827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572744)"; flow:established,from_client; content:"GET"; http_method; content:"/ieu/ieu.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tsmau.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572744/; classtype:trojan-activity;sid:83435844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572552)"; flow:established,from_client; content:"GET"; http_method; content:"/ae/ae.js"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sundor.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572552/; classtype:trojan-activity;sid:83435652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572483)"; flow:established,from_client; content:"GET"; http_method; content:"/oovn/oovn.js"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"accesstelematics.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572483/; classtype:trojan-activity;sid:83435583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571484)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571484/; classtype:trojan-activity;sid:83434584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571457)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"estudio.ythan.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571457/; classtype:trojan-activity;sid:83434557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571417)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571417/; classtype:trojan-activity;sid:83434517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571398)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"records.dennisign.se"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571398/; classtype:trojan-activity;sid:83434498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571387)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571387/; classtype:trojan-activity;sid:83434487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571356)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"estudio.ythan.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571356/; classtype:trojan-activity;sid:83434456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571323)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571323/; classtype:trojan-activity;sid:83434423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571282)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571282/; classtype:trojan-activity;sid:83434382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571162)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571162/; classtype:trojan-activity;sid:83434262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571156)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.institut-corps-a-ligne.fr"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571156/; classtype:trojan-activity;sid:83434256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571158)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"records.dennisign.se"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571158/; classtype:trojan-activity;sid:83434258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571152)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cfu.twr.mybluehost.me"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571152/; classtype:trojan-activity;sid:83434252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571135)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571135/; classtype:trojan-activity;sid:83434235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571043)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571043/; classtype:trojan-activity;sid:83434143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571034)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"estudio.ythan.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571034/; classtype:trojan-activity;sid:83434134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570844)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"derekludlow.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570844/; classtype:trojan-activity;sid:83433944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570812)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bracell.latitude.net.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570812/; classtype:trojan-activity;sid:83433912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570732)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cfu.twr.mybluehost.me"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570732/; classtype:trojan-activity;sid:83433832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570688)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.institut-corps-a-ligne.fr"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570688/; classtype:trojan-activity;sid:83433788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570642)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570642/; classtype:trojan-activity;sid:83433742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570563)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"embedone.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570563/; classtype:trojan-activity;sid:83433663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570545)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"derekludlow.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570545/; classtype:trojan-activity;sid:83433645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570515)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.institut-corps-a-ligne.fr"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570515/; classtype:trojan-activity;sid:83433615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570501)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"records.dennisign.se"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570501/; classtype:trojan-activity;sid:83433601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570474)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cfu.twr.mybluehost.me"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570474/; classtype:trojan-activity;sid:83433574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570386)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"derekludlow.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570386/; classtype:trojan-activity;sid:83433486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568880)"; flow:established,from_client; content:"GET"; http_method; content:"/daee/daee.js"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cloudzsoft.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568880/; classtype:trojan-activity;sid:83431980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568810)"; flow:established,from_client; content:"GET"; http_method; content:"/setu/setu.js"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"byoug.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568810/; classtype:trojan-activity;sid:83431910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2561396)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/index.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"trungtambaohanhmaylanh.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_03_07; reference:url, urlhaus.abuse.ch/url/2561396/; classtype:trojan-activity;sid:83424496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2555339)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rn8tlx2e"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_02; reference:url, urlhaus.abuse.ch/url/2555339/; classtype:trojan-activity;sid:83418439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; content:"GET"; http_method; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; content:"GET"; http_method; content:"/unlockteame/unlimited/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2538213)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/images/gallery/credit%20alert.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"anapa-zarya.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_12; reference:url, urlhaus.abuse.ch/url/2538213/; classtype:trojan-activity;sid:83401313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2533240)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bztvxkzb"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_07; reference:url, urlhaus.abuse.ch/url/2533240/; classtype:trojan-activity;sid:83396340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2532808)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/index.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"gabyagozetim.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_07; reference:url, urlhaus.abuse.ch/url/2532808/; classtype:trojan-activity;sid:83395908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2510643)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bn6ktvyl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_01_17; reference:url, urlhaus.abuse.ch/url/2510643/; classtype:trojan-activity;sid:83373743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2502405)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tgp9td9z"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_01_09; reference:url, urlhaus.abuse.ch/url/2502405/; classtype:trojan-activity;sid:83365505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440082)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440082/; classtype:trojan-activity;sid:83303182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2410141)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.38.184.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_14; reference:url, urlhaus.abuse.ch/url/2410141/; classtype:trojan-activity;sid:83273241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; content:"GET"; http_method; content:"/analytics/zy5ntk/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fromthetrenchesworldreport.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2406761)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/wpoxoxqe2in4fju/doc7november00065.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_11_10; reference:url, urlhaus.abuse.ch/url/2406761/; classtype:trojan-activity;sid:83269861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403614)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uuja3km9"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403614/; classtype:trojan-activity;sid:83266714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403434)"; flow:established,from_client; content:"GET"; http_method; content:"/down/fw/fw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403434/; classtype:trojan-activity;sid:83266534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2400757)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.72.19.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_04; reference:url, urlhaus.abuse.ch/url/2400757/; classtype:trojan-activity;sid:83263857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2399181)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nrhtc20u"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_11_03; reference:url, urlhaus.abuse.ch/url/2399181/; classtype:trojan-activity;sid:83262281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2393391)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/block-supports/5.png"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"fullstacknir.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_11_01; reference:url, urlhaus.abuse.ch/url/2393391/; classtype:trojan-activity;sid:83256491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2388056)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j5nyvlbz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_10_27; reference:url, urlhaus.abuse.ch/url/2388056/; classtype:trojan-activity;sid:83251156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2376908)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hf1kfswr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_10_18; reference:url, urlhaus.abuse.ch/url/2376908/; classtype:trojan-activity;sid:83240008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2350870)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/vfrixuukosr"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_05; reference:url, urlhaus.abuse.ch/url/2350870/; classtype:trojan-activity;sid:83213970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2350871)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/frqolwwzjar"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_05; reference:url, urlhaus.abuse.ch/url/2350871/; classtype:trojan-activity;sid:83213971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2346004)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/zjqvxfqziug"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_03; reference:url, urlhaus.abuse.ch/url/2346004/; classtype:trojan-activity;sid:83209104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344776)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/jvtabqibosa"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344776/; classtype:trojan-activity;sid:83207876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344769)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/kuueqefqqhz"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344769/; classtype:trojan-activity;sid:83207869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344770)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/nzifvmlonlj"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344770/; classtype:trojan-activity;sid:83207870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344771)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/hsrdqwkmzlr"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344771/; classtype:trojan-activity;sid:83207871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344772)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/udndlytpwdl"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344772/; classtype:trojan-activity;sid:83207872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344773)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/irvwgjjfsyc"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344773/; classtype:trojan-activity;sid:83207873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344774)"; flow:established,from_client; content:"GET"; http_method; content:"/doc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/zjqyppwjmbp"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344774/; classtype:trojan-activity;sid:83207874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2344775)"; flow:established,from_client; content:"GET"; http_method; content:"/image2021042gfreds12322erdq1doc03027382doc20220513prelidoc20220513hgy37845657488494338293trdfednarc0559doc0302732112202135jihg25485/ztjemchbyhr"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"ramactools.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_10_01; reference:url, urlhaus.abuse.ch/url/2344775/; classtype:trojan-activity;sid:83207875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2314671)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/8v775ivv"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_26; reference:url, urlhaus.abuse.ch/url/2314671/; classtype:trojan-activity;sid:83177771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2302899)"; flow:established,from_client; content:"GET"; http_method; content:"/janchuk/voidrat/raw/master/voidrat.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_14; reference:url, urlhaus.abuse.ch/url/2302899/; classtype:trojan-activity;sid:83165999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2301947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.201.176.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_13; reference:url, urlhaus.abuse.ch/url/2301947/; classtype:trojan-activity;sid:83165047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2301795)"; flow:established,from_client; content:"GET"; http_method; content:"/buding.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.98.224.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_13; reference:url, urlhaus.abuse.ch/url/2301795/; classtype:trojan-activity;sid:83164895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2300014)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gxkzk3ds"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_12; reference:url, urlhaus.abuse.ch/url/2300014/; classtype:trojan-activity;sid:83163114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2296313)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_07; reference:url, urlhaus.abuse.ch/url/2296313/; classtype:trojan-activity;sid:83159413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2290030)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.188.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_02; reference:url, urlhaus.abuse.ch/url/2290030/; classtype:trojan-activity;sid:83153130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2283630)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.200.208.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_29; reference:url, urlhaus.abuse.ch/url/2283630/; classtype:trojan-activity;sid:83146730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276646)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ujztrvsh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_24; reference:url, urlhaus.abuse.ch/url/2276646/; classtype:trojan-activity;sid:83139746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276438)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/t53jemit"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_24; reference:url, urlhaus.abuse.ch/url/2276438/; classtype:trojan-activity;sid:83139538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276221)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jstt4bu3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_23; reference:url, urlhaus.abuse.ch/url/2276221/; classtype:trojan-activity;sid:83139321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273642)"; flow:established,from_client; content:"GET"; http_method; content:"/rv8i00aqhy9h.appspot.com/w/3cfyb8wwk0rbazs.html|3f|w=923512558645741636"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273642/; classtype:trojan-activity;sid:83136742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273644)"; flow:established,from_client; content:"GET"; http_method; content:"/zu084vpj5pi3.appspot.com/w/5wztrvywkg1nfh3.html|3f|0=26927131496308317"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273644/; classtype:trojan-activity;sid:83136744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273641)"; flow:established,from_client; content:"GET"; http_method; content:"/rv8i00aqhy9h.appspot.com/w/3cfyb8wwk0rbazs.html|3f|b=078869956064707140"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273641/; classtype:trojan-activity;sid:83136741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273631)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9i5j0gyv05.appspot.com/w/3hiwrrbg7kfgwix.html|3f|b=034842339434253164"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273631/; classtype:trojan-activity;sid:83136731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273635)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/frv9esc9c6itwcf.html|3f|0=338008105729275687"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273635/; classtype:trojan-activity;sid:83136735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273638)"; flow:established,from_client; content:"GET"; http_method; content:"/no9h3qe3ulhy.appspot.com/w/ovqlo2cstw8agi4.html|3f|0=949870842437428557"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273638/; classtype:trojan-activity;sid:83136738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273639)"; flow:established,from_client; content:"GET"; http_method; content:"/q08e1nunq6qw.appspot.com/w/iqc3wtjt5nwkwr2.html|3f|a=628281255891256139"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273639/; classtype:trojan-activity;sid:83136739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273616)"; flow:established,from_client; content:"GET"; http_method; content:"/no9h3qe3ulhy.appspot.com/w/61wyeicw653vri9.html|3f|0=639911943761137497"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273616/; classtype:trojan-activity;sid:83136716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273620)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9i5j0gyv05.appspot.com/w/bceqtk5gdz1bi0o.html|3f|w=622601326319247024"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273620/; classtype:trojan-activity;sid:83136720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273622)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/kdjppmswkowyt08.html|3f|a=635327819844459660"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273622/; classtype:trojan-activity;sid:83136722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273624)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/kdjppmswkowyt08.html|3f|0=180530635864101112"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273624/; classtype:trojan-activity;sid:83136724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273625)"; flow:established,from_client; content:"GET"; http_method; content:"/mof722sen9dd.appspot.com/w/7psfpp4zrf4stzt.html|3f|a=516444057951127042"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273625/; classtype:trojan-activity;sid:83136725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273602)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/rgtnon73qqparlt.html|3f|w=400667741549615496"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273602/; classtype:trojan-activity;sid:83136702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273606)"; flow:established,from_client; content:"GET"; http_method; content:"/pf4yttmpbcc1.appspot.com/w/l2vbukjpboaa0rp.html|3f|b=628132126654153176"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273606/; classtype:trojan-activity;sid:83136706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273601)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/pxj4b9pt3neodpl.html|3f|b=105291068911024790"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273601/; classtype:trojan-activity;sid:83136701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273600)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/vzuevaq9st1om0u.html|3f|0=686223453033719951"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273600/; classtype:trojan-activity;sid:83136700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273564)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/pxj4b9pt3neodpl.html|3f|a=798607223158637252"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273564/; classtype:trojan-activity;sid:83136664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273565)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/md9tu4xcfdj0vej.html|3f|w=075279633731175239"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273565/; classtype:trojan-activity;sid:83136665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273566)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/bowky7hf4zoq1yj.html|3f|b=461383376258417948"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273566/; classtype:trojan-activity;sid:83136666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273567)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/anqx16yjifb1cwa.html|3f|0=969703532910206739"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273567/; classtype:trojan-activity;sid:83136667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273569)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/j28wvecoagaougq.html|3f|w=803273432647646489"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273569/; classtype:trojan-activity;sid:83136669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273574)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/vzuevaq9st1om0u.html|3f|a=552325786310453352"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273574/; classtype:trojan-activity;sid:83136674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273575)"; flow:established,from_client; content:"GET"; http_method; content:"/by9sdoqaf4zo.appspot.com/w/faa0zxu52jz0fge.html|3f|0=778301933278021061"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273575/; classtype:trojan-activity;sid:83136675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273579)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/vzuevaq9st1om0u.html|3f|a=414671893653575055"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273579/; classtype:trojan-activity;sid:83136679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273580)"; flow:established,from_client; content:"GET"; http_method; content:"/e899w369ygfh.appspot.com/w/hm8qqu1yh2nhiuw.html|3f|0=850822877794596921"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273580/; classtype:trojan-activity;sid:83136680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273581)"; flow:established,from_client; content:"GET"; http_method; content:"/gewls1oaxiv8.appspot.com/w/k2gvfktvgwo6t7t.html|3f|0=500436606434401193"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273581/; classtype:trojan-activity;sid:83136681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273582)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/2b6lhcmpzq1rcwl.html|3f|0=292730885826958440"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273582/; classtype:trojan-activity;sid:83136682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273583)"; flow:established,from_client; content:"GET"; http_method; content:"/le9t9f8owv3e.appspot.com/w/md9tu4xcfdj0vej.html|3f|b=351877166079332276"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273583/; classtype:trojan-activity;sid:83136683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273586)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/d5bpwq7evn1mfxz.html|3f|b=770321496534593005"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273586/; classtype:trojan-activity;sid:83136686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273588)"; flow:established,from_client; content:"GET"; http_method; content:"/c8qhff44bb7f.appspot.com/w/q5gro00vqf3ltx5.html|3f|a=334407029692307930"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273588/; classtype:trojan-activity;sid:83136688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273592)"; flow:established,from_client; content:"GET"; http_method; content:"/e899w369ygfh.appspot.com/w/c82wdsb4ehjf8rf.html|3f|0=051292546441672376"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273592/; classtype:trojan-activity;sid:83136692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273597)"; flow:established,from_client; content:"GET"; http_method; content:"/k6yho9kvu0tt.appspot.com/w/89vh2kpx4x61qlr.html|3f|w=697802237262829742"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273597/; classtype:trojan-activity;sid:83136697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273598)"; flow:established,from_client; content:"GET"; http_method; content:"/kjl51nnbkg8f.appspot.com/w/5m6qptmj0v66s7q.html|3f|0=327926918056836416"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273598/; classtype:trojan-activity;sid:83136698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273599)"; flow:established,from_client; content:"GET"; http_method; content:"/by9sdoqaf4zo.appspot.com/w/faa0zxu52jz0fge.html|3f|a=494789731176222112"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273599/; classtype:trojan-activity;sid:83136699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273560)"; flow:established,from_client; content:"GET"; http_method; content:"/kjl51nnbkg8f.appspot.com/w/i3hmewo60gwvumx.html|3f|b=841660865822302577"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273560/; classtype:trojan-activity;sid:83136660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2273561)"; flow:established,from_client; content:"GET"; http_method; content:"/c08hrgew4vlk.appspot.com/w/j28wvecoagaougq.html|3f|w=036663603374497270"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"storage.googleapis.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_08_17; reference:url, urlhaus.abuse.ch/url/2273561/; classtype:trojan-activity;sid:83136661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271925)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.218.139.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_08_12; reference:url, urlhaus.abuse.ch/url/2271925/; classtype:trojan-activity;sid:83135025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2258131)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/e8kjpbmd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_07_17; reference:url, urlhaus.abuse.ch/url/2258131/; classtype:trojan-activity;sid:83121231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2253550)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ib64cptx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_07_03; reference:url, urlhaus.abuse.ch/url/2253550/; classtype:trojan-activity;sid:83116650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252574)"; flow:established,from_client; content:"GET"; http_method; content:"/updates1/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1717.1000uc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252574/; classtype:trojan-activity;sid:83115674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250908)"; flow:established,from_client; content:"GET"; http_method; content:"/ema_kvcebm137.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mersped.mycpanel.rs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_27; reference:url, urlhaus.abuse.ch/url/2250908/; classtype:trojan-activity;sid:83114008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2241008)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ty045yct"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_16; reference:url, urlhaus.abuse.ch/url/2241008/; classtype:trojan-activity;sid:83104108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2240596)"; flow:established,from_client; content:"GET"; http_method; content:"/js/prototype/form.js"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.usaayurveda.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_16; reference:url, urlhaus.abuse.ch/url/2240596/; classtype:trojan-activity;sid:83103696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237175)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/cg100.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237175/; classtype:trojan-activity;sid:83100275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237174)"; flow:established,from_client; content:"GET"; http_method; content:"/cgmb/benzmonster.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237174/; classtype:trojan-activity;sid:83100274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2236625)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sm02zsvdywdotb7rql/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dhnconstrucciones.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_13; reference:url, urlhaus.abuse.ch/url/2236625/; classtype:trojan-activity;sid:83099725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2230406)"; flow:established,from_client; content:"GET"; http_method; content:"/down/newsales/adm_atu.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"palharesinformatica.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_08; reference:url, urlhaus.abuse.ch/url/2230406/; classtype:trojan-activity;sid:83093506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2227709)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_06; reference:url, urlhaus.abuse.ch/url/2227709/; classtype:trojan-activity;sid:83090809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2192744)"; flow:established,from_client; content:"GET"; http_method; content:"/crt/xe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pns.org.pk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_05_13; reference:url, urlhaus.abuse.ch/url/2192744/; classtype:trojan-activity;sid:83055844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2171312)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/ozrw36a2y1ch2cluzy/"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_29; reference:url, urlhaus.abuse.ch/url/2171312/; classtype:trojan-activity;sid:83034412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2164668)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/uadjw/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_26; reference:url, urlhaus.abuse.ch/url/2164668/; classtype:trojan-activity;sid:83027768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2148323)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/5nnq0rbw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_04_14; reference:url, urlhaus.abuse.ch/url/2148323/; classtype:trojan-activity;sid:83011423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2135884)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/herrldgm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_04_07; reference:url, urlhaus.abuse.ch/url/2135884/; classtype:trojan-activity;sid:82998984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2134110)"; flow:established,from_client; content:"GET"; http_method; content:"/0011b9cd240249c3aeb520ea1205eaf1.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zhengxinpeixun.oss-cn-qingdao.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_04_06; reference:url, urlhaus.abuse.ch/url/2134110/; classtype:trojan-activity;sid:82997210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2124302)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_03_31; reference:url, urlhaus.abuse.ch/url/2124302/; classtype:trojan-activity;sid:82987402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2119354)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/3cxmq4uaxy/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2119354/; classtype:trojan-activity;sid:82982454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2119353)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/3cxmq4uaxy/|3f|i=1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2119353/; classtype:trojan-activity;sid:82982453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2114263)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/yjmqxmidki/a/hyehwggs.ps1"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"trtmyanmar.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_24; reference:url, urlhaus.abuse.ch/url/2114263/; classtype:trojan-activity;sid:82977363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2098517)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/znbskzzj"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_03_15; reference:url, urlhaus.abuse.ch/url/2098517/; classtype:trojan-activity;sid:82961617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086600)"; flow:established,from_client; content:"GET"; http_method; content:"/logfiles/u2o/"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.25.223.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086600/; classtype:trojan-activity;sid:82949700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2053942)"; flow:established,from_client; content:"GET"; http_method; content:"/zp-user/protected%20client.js"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"dreamwatchevent.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_02_22; reference:url, urlhaus.abuse.ch/url/2053942/; classtype:trojan-activity;sid:82917042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2044850)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3k52mzsw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_02_16; reference:url, urlhaus.abuse.ch/url/2044850/; classtype:trojan-activity;sid:82907950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2024674)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.152.84.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_02; reference:url, urlhaus.abuse.ch/url/2024674/; classtype:trojan-activity;sid:82887774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021785)"; flow:established,from_client; content:"GET"; http_method; content:"/hksweep/vendor/font-awesome/svgs/brands/subtraction.php"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"rxquickpay.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021785/; classtype:trojan-activity;sid:82884885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021799)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/retraction.php"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021799/; classtype:trojan-activity;sid:82884899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021757)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/highlight.php"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021757/; classtype:trojan-activity;sid:82884857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021704)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/zany.php"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021704/; classtype:trojan-activity;sid:82884804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008178)"; flow:established,from_client; content:"GET"; http_method; content:"/comply.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.crazywickedaddiction.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008178/; classtype:trojan-activity;sid:82871278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008138)"; flow:established,from_client; content:"GET"; http_method; content:"/squalid.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"continentalgroup.net.in"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008138/; classtype:trojan-activity;sid:82871238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008130)"; flow:established,from_client; content:"GET"; http_method; content:"/development/public/uploads/images/categories/beirut.php"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"www.crazywickedaddiction.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008130/; classtype:trojan-activity;sid:82871230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008131)"; flow:established,from_client; content:"GET"; http_method; content:"/belt.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"forms.saurashtrauniversity.edu"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008131/; classtype:trojan-activity;sid:82871231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2007403)"; flow:established,from_client; content:"GET"; http_method; content:"/b/tu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"izogard.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_26; reference:url, urlhaus.abuse.ch/url/2007403/; classtype:trojan-activity;sid:82870503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2007115)"; flow:established,from_client; content:"GET"; http_method; content:"/nashi-klienty/b5sc/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"izocab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_26; reference:url, urlhaus.abuse.ch/url/2007115/; classtype:trojan-activity;sid:82870215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1986867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp_it22/test_zip2/loader_zip.js"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"5.8.18.7"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2022_01_18; reference:url, urlhaus.abuse.ch/url/1986867/; classtype:trojan-activity;sid:82849967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1917301)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/okxyj/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"fulltai.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_24; reference:url, urlhaus.abuse.ch/url/1917301/; classtype:trojan-activity;sid:82780401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1895334)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyseventeen/s.cmd"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"150.60.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_18; reference:url, urlhaus.abuse.ch/url/1895334/; classtype:trojan-activity;sid:82758434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1890257)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/crypta.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reauthenticator.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1890257/; classtype:trojan-activity;sid:82753357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888166)"; flow:established,from_client; content:"GET"; http_method; content:"/actionably.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888166/; classtype:trojan-activity;sid:82751266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888149)"; flow:established,from_client; content:"GET"; http_method; content:"/roughness.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888149/; classtype:trojan-activity;sid:82751249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888114)"; flow:established,from_client; content:"GET"; http_method; content:"/redesign.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888114/; classtype:trojan-activity;sid:82751214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888115)"; flow:established,from_client; content:"GET"; http_method; content:"/antienuretic.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888115/; classtype:trojan-activity;sid:82751215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888106)"; flow:established,from_client; content:"GET"; http_method; content:"/fizz.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888106/; classtype:trojan-activity;sid:82751206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888086)"; flow:established,from_client; content:"GET"; http_method; content:"/designer.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888086/; classtype:trojan-activity;sid:82751186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888092)"; flow:established,from_client; content:"GET"; http_method; content:"/frustrating.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888092/; classtype:trojan-activity;sid:82751192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888081)"; flow:established,from_client; content:"GET"; http_method; content:"/conditioner.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888081/; classtype:trojan-activity;sid:82751181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888084)"; flow:established,from_client; content:"GET"; http_method; content:"/unexplainable.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888084/; classtype:trojan-activity;sid:82751184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888085)"; flow:established,from_client; content:"GET"; http_method; content:"/whiz.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888085/; classtype:trojan-activity;sid:82751185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1861154)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.158.206.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_07; reference:url, urlhaus.abuse.ch/url/1861154/; classtype:trojan-activity;sid:82724254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1840623)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/t7scuzy/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"apple-service93.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1840623/; classtype:trojan-activity;sid:82703723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1809781)"; flow:established,from_client; content:"GET"; http_method; content:"/libraries/vendor/joomla/registry/src/format/pinafore.php"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"ukguk71.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_11_23; reference:url, urlhaus.abuse.ch/url/1809781/; classtype:trojan-activity;sid:82672881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1801469)"; flow:established,from_client; content:"GET"; http_method; content:"/images/sohio.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.41.182.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_11_19; reference:url, urlhaus.abuse.ch/url/1801469/; classtype:trojan-activity;sid:82664569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1778573)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c91fwnb0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_11_12; reference:url, urlhaus.abuse.ch/url/1778573/; classtype:trojan-activity;sid:82641673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; content:"GET"; http_method; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"server.toeicswt.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1751625)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ywjkrwem"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_11_04; reference:url, urlhaus.abuse.ch/url/1751625/; classtype:trojan-activity;sid:82614725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743733)"; flow:established,from_client; content:"GET"; http_method; content:"/zoologies.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743733/; classtype:trojan-activity;sid:82606833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743713)"; flow:established,from_client; content:"GET"; http_method; content:"/whacked.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743713/; classtype:trojan-activity;sid:82606813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743660)"; flow:established,from_client; content:"GET"; http_method; content:"/unplug.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743660/; classtype:trojan-activity;sid:82606760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1728024)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/egenyqrk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_29; reference:url, urlhaus.abuse.ch/url/1728024/; classtype:trojan-activity;sid:82591124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1727038)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nwj3nqw2"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_29; reference:url, urlhaus.abuse.ch/url/1727038/; classtype:trojan-activity;sid:82590138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1720728)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/medialibrary/012/fucking.php"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"shop.mediasova.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1720728/; classtype:trojan-activity;sid:82583828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1720508)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/medialibrary/012/chaperon.php"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"shop.mediasova.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1720508/; classtype:trojan-activity;sid:82583608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1704978)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=04a3894062e7d373|7c|26|7c|resid=4a3894062e7d373%21192|7c|26|7c|authkey=ab7i1w77n6tsb3m"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_21; reference:url, urlhaus.abuse.ch/url/1704978/; classtype:trojan-activity;sid:82568078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1698617)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=75ea534baf13442d|7c|26|7c|resid=75ea534baf13442d%21128|7c|26|7c|authkey=akd4vmzywc14zgq|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_20; reference:url, urlhaus.abuse.ch/url/1698617/; classtype:trojan-activity;sid:82561717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1695302)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=07e7986a5bf9243c|7c|26|7c|resid=7e7986a5bf9243c%21490|7c|26|7c|authkey=abhawhbvtpoyc2a"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_19; reference:url, urlhaus.abuse.ch/url/1695302/; classtype:trojan-activity;sid:82558402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1681096)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/htylx0l1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_15; reference:url, urlhaus.abuse.ch/url/1681096/; classtype:trojan-activity;sid:82544196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1678523)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/vltktanthutn.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kimyen.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_14; reference:url, urlhaus.abuse.ch/url/1678523/; classtype:trojan-activity;sid:82541623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1668138)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2a3tx7hd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_11; reference:url, urlhaus.abuse.ch/url/1668138/; classtype:trojan-activity;sid:82531238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1659212)"; flow:established,from_client; content:"GET"; http_method; content:"/images/lifegreen.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.41.182.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_07; reference:url, urlhaus.abuse.ch/url/1659212/; classtype:trojan-activity;sid:82522312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1658131)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=539bd593e9568c65|7c|26|7c|resid=539bd593e9568c65%21136|7c|26|7c|authkey=aepr2tr-q36tt8u|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1658131/; classtype:trojan-activity;sid:82521231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; content:"GET"; http_method; content:"/update/ana/update.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.teknoarge.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641492)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/01/spell.php"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"easybrand.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641492/; classtype:trojan-activity;sid:82504592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641460)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/01/stored.php"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"easybrand.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641460/; classtype:trojan-activity;sid:82504560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1640507)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=2cc133e5e8e9b372|7c|26|7c|resid=2cc133e5e8e9b372%21113|7c|26|7c|authkey=agftuffxlpqkaz8|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1640507/; classtype:trojan-activity;sid:82503607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1638740)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xpmlg1s0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_21; reference:url, urlhaus.abuse.ch/url/1638740/; classtype:trojan-activity;sid:82501840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1638721)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3pqfze3c"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_21; reference:url, urlhaus.abuse.ch/url/1638721/; classtype:trojan-activity;sid:82501821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1609238)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mjzm2uub"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_10; reference:url, urlhaus.abuse.ch/url/1609238/; classtype:trojan-activity;sid:82472338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1609225)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fhxehwzr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_10; reference:url, urlhaus.abuse.ch/url/1609225/; classtype:trojan-activity;sid:82472325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582138)"; flow:established,from_client; content:"GET"; http_method; content:"/coon.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582138/; classtype:trojan-activity;sid:82445238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582118)"; flow:established,from_client; content:"GET"; http_method; content:"/manly.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582118/; classtype:trojan-activity;sid:82445218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582106)"; flow:established,from_client; content:"GET"; http_method; content:"/lecher.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582106/; classtype:trojan-activity;sid:82445206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582015)"; flow:established,from_client; content:"GET"; http_method; content:"/strobing.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582015/; classtype:trojan-activity;sid:82445115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1569937)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2fvyxcn8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_08_27; reference:url, urlhaus.abuse.ch/url/1569937/; classtype:trojan-activity;sid:82433037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1560761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/safmanager/safman_setup.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.saf-oil.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_24; reference:url, urlhaus.abuse.ch/url/1560761/; classtype:trojan-activity;sid:82423861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1531261)"; flow:established,from_client; content:"GET"; http_method; content:"/images/smallruby.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.41.182.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_08_13; reference:url, urlhaus.abuse.ch/url/1531261/; classtype:trojan-activity;sid:82394361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503427)"; flow:established,from_client; content:"GET"; http_method; content:"/teachable.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503427/; classtype:trojan-activity;sid:82366527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503410)"; flow:established,from_client; content:"GET"; http_method; content:"/aggressive.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503410/; classtype:trojan-activity;sid:82366510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503377)"; flow:established,from_client; content:"GET"; http_method; content:"/belt.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503377/; classtype:trojan-activity;sid:82366477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503368)"; flow:established,from_client; content:"GET"; http_method; content:"/anarchical.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503368/; classtype:trojan-activity;sid:82366468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503361)"; flow:established,from_client; content:"GET"; http_method; content:"/newborn.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503361/; classtype:trojan-activity;sid:82366461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503351)"; flow:established,from_client; content:"GET"; http_method; content:"/ruckus.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503351/; classtype:trojan-activity;sid:82366451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503338)"; flow:established,from_client; content:"GET"; http_method; content:"/unanswerable.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503338/; classtype:trojan-activity;sid:82366438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503341)"; flow:established,from_client; content:"GET"; http_method; content:"/harass.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503341/; classtype:trojan-activity;sid:82366441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1473823)"; flow:established,from_client; content:"GET"; http_method; content:"/sweat.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_07_22; reference:url, urlhaus.abuse.ch/url/1473823/; classtype:trojan-activity;sid:82336923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1470181)"; flow:established,from_client; content:"GET"; http_method; content:"/power.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.106.250.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1470181/; classtype:trojan-activity;sid:82333281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1469946)"; flow:established,from_client; content:"GET"; http_method; content:"/hajime"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1469946/; classtype:trojan-activity;sid:82333046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1434520)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_07; reference:url, urlhaus.abuse.ch/url/1434520/; classtype:trojan-activity;sid:82297620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1431282)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zn9ibvfw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_06; reference:url, urlhaus.abuse.ch/url/1431282/; classtype:trojan-activity;sid:82294382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1424912)"; flow:established,from_client; content:"GET"; http_method; content:"/servces.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.254.229.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_04; reference:url, urlhaus.abuse.ch/url/1424912/; classtype:trojan-activity;sid:82288012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371786)"; flow:established,from_client; content:"GET"; http_method; content:"/watercress.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371786/; classtype:trojan-activity;sid:82234886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371739)"; flow:established,from_client; content:"GET"; http_method; content:"/lining.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371739/; classtype:trojan-activity;sid:82234839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371719)"; flow:established,from_client; content:"GET"; http_method; content:"/scroungy.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371719/; classtype:trojan-activity;sid:82234819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371685)"; flow:established,from_client; content:"GET"; http_method; content:"/44363.6345685185.dat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"111.90.151.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371685/; classtype:trojan-activity;sid:82234785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369570)"; flow:established,from_client; content:"GET"; http_method; content:"/pinout.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369570/; classtype:trojan-activity;sid:82232670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369536)"; flow:established,from_client; content:"GET"; http_method; content:"/steeplechases.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369536/; classtype:trojan-activity;sid:82232636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369533)"; flow:established,from_client; content:"GET"; http_method; content:"/familial.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369533/; classtype:trojan-activity;sid:82232633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1364815)"; flow:established,from_client; content:"GET"; http_method; content:"/update_vbase/voklight.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"visam.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_06_14; reference:url, urlhaus.abuse.ch/url/1364815/; classtype:trojan-activity;sid:82227915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1364597)"; flow:established,from_client; content:"GET"; http_method; content:"/update_vbase/voklightd.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"visam.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_06_14; reference:url, urlhaus.abuse.ch/url/1364597/; classtype:trojan-activity;sid:82227697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1352974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_06_11; reference:url, urlhaus.abuse.ch/url/1352974/; classtype:trojan-activity;sid:82216074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350653)"; flow:established,from_client; content:"GET"; http_method; content:"/habitual.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350653/; classtype:trojan-activity;sid:82213753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350619)"; flow:established,from_client; content:"GET"; http_method; content:"/ruleless.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350619/; classtype:trojan-activity;sid:82213719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346907)"; flow:established,from_client; content:"GET"; http_method; content:"/toothy.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346907/; classtype:trojan-activity;sid:82210007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346883)"; flow:established,from_client; content:"GET"; http_method; content:"/unpunished.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346883/; classtype:trojan-activity;sid:82209983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346885)"; flow:established,from_client; content:"GET"; http_method; content:"/jordan.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346885/; classtype:trojan-activity;sid:82209985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346871)"; flow:established,from_client; content:"GET"; http_method; content:"/defended.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346871/; classtype:trojan-activity;sid:82209971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; content:"GET"; http_method; content:"/inst77player/inst77player_1.0.0.1.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl.360tpcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314584)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqofspqgo4lhe7xt4ky-gkjbc9rgwzgw9rksc_azpw2gotdlnhx9oxc_rgk1zz9mgxxwqoixey0eajp/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314584/; classtype:trojan-activity;sid:82177684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314578)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vszvhw0lywviz_dpqozkdip0orjsf7411ucirwqegcgfxwqqb3nqpbn3d7orqqxnatypulra_ssggie/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314578/; classtype:trojan-activity;sid:82177678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314581)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr-asdhfa85lnhp1g6rll18x2htnflvy5zggxzrfveecvbhjiwaes9o9w3dn49od7lplixl3u59icjr/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314581/; classtype:trojan-activity;sid:82177681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314569)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqb__8qdiraoo-s_qrzkk8o_8brsuwaeje3ivcd5efhddlux4gw5otilj5ezfenwjzaha-zojj_7srj/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314569/; classtype:trojan-activity;sid:82177669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314562)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqha4kutkvbpn1c9r1jolub-v1dyh36itza-2zhojxuluskoxk6iogpy8b8iscqqjskaf3wduc6oykt/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314562/; classtype:trojan-activity;sid:82177662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314563)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqm_l1o1djktv6pcfwixdz1gjaqrg26rpb3n3uqpk0jqvif91b_irdew7mo34hhhoffbjohoztlmdtp/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314563/; classtype:trojan-activity;sid:82177663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314556)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrxkt9v4qcom-0wjceb6bexufgpr_vdebkc-kra8h7gutbblset1veguumqxs3npiv4qw-7_1kiy3jm/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314556/; classtype:trojan-activity;sid:82177656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314548)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vspnrqtfaftwpvbd8o61fbvozlhc3z0x8jy4glnji-v80xrxnlemgt89l5imnr_7kxst0gn9ydkjj0q/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314548/; classtype:trojan-activity;sid:82177648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314549)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsftpbjz498ict3ab9-tehopymacl8ygytkgufxpnwlfphfxyyh5jmfj_2llrrddsiu8vypu1ksvp5p/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314549/; classtype:trojan-activity;sid:82177649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314543)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vs1h7txewarzqve-jwxnwcgzibofoz58qrk8kerhmfz8mpippgfjeoijthgmm-tw7lwcipr8acup_ft/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314543/; classtype:trojan-activity;sid:82177643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314544)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr92cz6z4uh71ogqyzgn6vtdc54xoa0iovizmkmogvekyix648nysfipvt4qto6uvtrp9jsatoeuhk3/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314544/; classtype:trojan-activity;sid:82177644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314545)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtuc-a7s7ylxnfwqp8oxz6no5uwdmabudx-6glkwrnzjwqwgdtcpdvwp0x0l03qdarzrzonj_adevlw/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314545/; classtype:trojan-activity;sid:82177645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314534)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqe1vc-nlfenfgigyaugmmg1dq4l0-haikp9qxkacc32ig0xtg6go8lejdoogo0vfeoie4tcyy4_bn4/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314534/; classtype:trojan-activity;sid:82177634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314535)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsrvkllojuhzbqokettk0u2b1whglldp35-o1zgt_jlem2z2odwedj0z9sgtukvikdowcuan-0fj5wn/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314535/; classtype:trojan-activity;sid:82177635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314537)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqvbpr6y2jjnkxfpcwt9uv7pqycg6vdoowr-xnakhtl9ns4tk44rpa91em8usoc992uqyrpn6ucy5ep/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314537/; classtype:trojan-activity;sid:82177637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314526)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq8kqm4rsobvbpga8ncnzs-1xulwuezfri9x1ktowpiijctqe1uq0iged6iq7sa5zuhnh56egsebkoj/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314526/; classtype:trojan-activity;sid:82177626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287391)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtecbrofm9hcrdmzz8g7ktneypnrpr1s7bvyoit3r8jd7rjanmysk9yyuhvzmdp3dmkd-xss7kpyffa/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287391/; classtype:trojan-activity;sid:82150491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287387)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt544w_wvxhvfskbx2zio7pht-jzhb1nvr7y1qhtxccjopcfxzhm1mottjhjsdudpgs9lfrjcqzoi8n/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287387/; classtype:trojan-activity;sid:82150487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287378)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtcfdv_0srlqbmtfzi6hivmikknsfqd5bubuem-s-mzpzfsva62zyncoy-phkzysuhuddl0yhlyajye/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287378/; classtype:trojan-activity;sid:82150478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287373)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrtnhy8ipm82egefg7zhukj5qwbit31-jlhdsxovff8rcefw2uhpndpuclv_ffrqqdjhxyxympj3ame/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287373/; classtype:trojan-activity;sid:82150473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287333)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt4iy9nlwuov8hsmpykbfkn1fh1ydp7ms8dudg2ldfjgxf8rumdtzgiw7ukoifo3ap-pb7ybzlcdfqi/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287333/; classtype:trojan-activity;sid:82150433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1285698)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.114.95.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1285698/; classtype:trojan-activity;sid:82148798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278913)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtyg409rjv4omi3oujyjsc6ajzflluuz37ofzbpjjihmrewoh2ehp2pwbfllgyy_yzqdrldwcaejvd5/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278913/; classtype:trojan-activity;sid:82142013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278910)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr1e4kzyqneoh2tjc5rh_unlfwjdo31gedrveg0wdyrprmm3yfdxjqxdvyy535adzu5p9m4mrvdau9v/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278910/; classtype:trojan-activity;sid:82142010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278905)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrvmutaxfc2ewkvy_l_cewfjwv4md_uadqlv4onmlyc0frnp7jod3ru93sm6y-tmoj0nrvbfylt739z/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278905/; classtype:trojan-activity;sid:82142005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278895)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtpholmraa4dir0lg8z5yhqljwbzp0qkypc3jax6d3l0hs6n23kpm2iqgccjvbvug5th443jjbzs2uv/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278895/; classtype:trojan-activity;sid:82141995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278896)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq6nr-yg49vldzzxliqvpupbajoss2nfxsnsk3khaixmvqydl20mxhttp-qa7mojkwa4osepa76nnbl/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278896/; classtype:trojan-activity;sid:82141996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278899)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqyowyoxata2couqa6uc3gwi59sq5maualr7yfmq6luzvtefqopogncbli8hx6vubkt2b65qerqhzy8/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278899/; classtype:trojan-activity;sid:82141999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278586)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j5fxvrf3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278586/; classtype:trojan-activity;sid:82141686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1265916)"; flow:established,from_client; content:"GET"; http_method; content:"/hajime"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.144.235.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_21; reference:url, urlhaus.abuse.ch/url/1265916/; classtype:trojan-activity;sid:82129016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1252888)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/v1jcezvd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_18; reference:url, urlhaus.abuse.ch/url/1252888/; classtype:trojan-activity;sid:82115988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1252886)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gz3wxtar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_18; reference:url, urlhaus.abuse.ch/url/1252886/; classtype:trojan-activity;sid:82115986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1230008)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jnljbghz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1230008/; classtype:trojan-activity;sid:82093108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228819)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=140vkyfrfhbqkukc2hnw-gsvi5wjw6iyi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228819/; classtype:trojan-activity;sid:82091919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1223625)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/reqfy21x"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_12; reference:url, urlhaus.abuse.ch/url/1223625/; classtype:trojan-activity;sid:82086725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1198558)"; flow:established,from_client; content:"GET"; http_method; content:"/view/59bmj3vj18vh2/drive/storage/a/files/download|3f|id=625899581658508733"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"sites.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1198558/; classtype:trojan-activity;sid:82061658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1182816)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zxejnkdwqezrbgani5vjk2y2nhmpkg0z|7c|26|7c|revid=0b-bo0wgwxcblsui1mehkbhrlu01rwxnyrxzxanbdendmbndnpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1182816/; classtype:trojan-activity;sid:82045916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cfs9.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"cfs10.blog.daum.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; http_uri; depth:232; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; http_uri; depth:303; isdataat:!1,relative; nocase; content:"cfs7.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1143404)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"102.39.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_04_20; reference:url, urlhaus.abuse.ch/url/1143404/; classtype:trojan-activity;sid:82006504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1138786)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.39.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_04_19; reference:url, urlhaus.abuse.ch/url/1138786/; classtype:trojan-activity;sid:82001886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1061608)"; flow:established,from_client; content:"GET"; http_method; content:"/dos/nemesy13.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dl.packetstormsecurity.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2021_03_11; reference:url, urlhaus.abuse.ch/url/1061608/; classtype:trojan-activity;sid:81924708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1040535)"; flow:established,from_client; content:"GET"; http_method; content:"/agha25.tar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spaceframe.mobi.space-frame.co.za"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2021_03_01; reference:url, urlhaus.abuse.ch/url/1040535/; classtype:trojan-activity;sid:81903635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1010244)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bew39lta"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_14; reference:url, urlhaus.abuse.ch/url/1010244/; classtype:trojan-activity;sid:81873344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995049)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995049/; classtype:trojan-activity;sid:81858149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995040)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995040/; classtype:trojan-activity;sid:81858140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (984502)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/g7vaue54"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_30; reference:url, urlhaus.abuse.ch/url/984502/; classtype:trojan-activity;sid:81847602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (961009)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/00aujclx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_14; reference:url, urlhaus.abuse.ch/url/961009/; classtype:trojan-activity;sid:81824109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (957784)"; flow:established,from_client; content:"GET"; http_method; content:"/gamewd/yhdl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.caihong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_13; reference:url, urlhaus.abuse.ch/url/957784/; classtype:trojan-activity;sid:81820884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (936427)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bxjesdj7w3meuh7iatiurbsgh/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/936427/; classtype:trojan-activity;sid:81799527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935625)"; flow:established,from_client; content:"GET"; http_method; content:"/u0eukz.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"abissnet.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935625/; classtype:trojan-activity;sid:81798725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (765703)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lm/7cfvaaa9jo/"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_29; reference:url, urlhaus.abuse.ch/url/765703/; classtype:trojan-activity;sid:81628803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (763354)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/hkhchyzdynzpebzcre0lq3l2ddjizwk4f7/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"xuezha.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_29; reference:url, urlhaus.abuse.ch/url/763354/; classtype:trojan-activity;sid:81626454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (756747)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/rrrv7ilgm2dzpohaklkhewb8rkju15bmqeewccglap/"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/756747/; classtype:trojan-activity;sid:81619847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (756736)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/4ld2g8w3rrmhtgvvvpeq2orlcqm71yyxveriw5rzitvii3/"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/756736/; classtype:trojan-activity;sid:81619836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (733798)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/oct/w9hmkanqe5py4r/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_22; reference:url, urlhaus.abuse.ch/url/733798/; classtype:trojan-activity;sid:81596898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (733429)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/n/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gordon-and-son.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_22; reference:url, urlhaus.abuse.ch/url/733429/; classtype:trojan-activity;sid:81596529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (698460)"; flow:established,from_client; content:"GET"; http_method; content:"/content/inc/laljbjzxrefspp/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"gordon-and-son.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_10_15; reference:url, urlhaus.abuse.ch/url/698460/; classtype:trojan-activity;sid:81561560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; content:"GET"; http_method; content:"/paetools.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"soft.110route.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (613088)"; flow:established,from_client; content:"GET"; http_method; content:"/mikf/gallery-dl/releases/download/v1.15.0/gallery-dl.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_26; reference:url, urlhaus.abuse.ch/url/613088/; classtype:trojan-activity;sid:81476188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (610777)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/etrac/qqlox3lvjh/"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_24; reference:url, urlhaus.abuse.ch/url/610777/; classtype:trojan-activity;sid:81473877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (593578)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/jquery/jquery.js"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"chuguadventures.co.tz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_09_22; reference:url, urlhaus.abuse.ch/url/593578/; classtype:trojan-activity;sid:81456678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/x7z9wbk77tt6v9/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (549365)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/549365/; classtype:trojan-activity;sid:81412465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack1226.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (453216)"; flow:established,from_client; content:"GET"; http_method; content:"/enteihacking/mt/master/asycivic.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/453216/; classtype:trojan-activity;sid:81316316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (453035)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1g_x0a_gnyxai5glsipkq1b2mqknanuw8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/453035/; classtype:trojan-activity;sid:81316135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (452177)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=14muad9cmj6mxsd9lrccuo1egxyf5f-ty"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_03; reference:url, urlhaus.abuse.ch/url/452177/; classtype:trojan-activity;sid:81315277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (451466)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yrmkzxf4rmy9utrikbh6rgvsokehbmeo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_02; reference:url, urlhaus.abuse.ch/url/451466/; classtype:trojan-activity;sid:81314566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (447394)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sm7b9902i8v4yitepf6gzomqc84ltloi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_31; reference:url, urlhaus.abuse.ch/url/447394/; classtype:trojan-activity;sid:81310494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (446803)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gavcby-nhlq22ohbgm530exffsrg1aub"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_30; reference:url, urlhaus.abuse.ch/url/446803/; classtype:trojan-activity;sid:81309903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439389)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439389/; classtype:trojan-activity;sid:81302489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438357)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/maint/documentation/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438357/; classtype:trojan-activity;sid:81301457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438230)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/closed-disk/guarded-space/0870725-raadiviu/"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"yongtai.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438230/; classtype:trojan-activity;sid:81301330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436727)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436727/; classtype:trojan-activity;sid:81299827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436557)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/vctie/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"yongtai.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436557/; classtype:trojan-activity;sid:81299657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434320)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434320/; classtype:trojan-activity;sid:81297420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434311)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/xofsl/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434311/; classtype:trojan-activity;sid:81297411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (433042)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/documentation/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/433042/; classtype:trojan-activity;sid:81296142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432722)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/xofsl/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/432722/; classtype:trojan-activity;sid:81295822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432117)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/432117/; classtype:trojan-activity;sid:81295217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (430532)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cg1-70urc-761/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_12; reference:url, urlhaus.abuse.ch/url/430532/; classtype:trojan-activity;sid:81293632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429290)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/overview/sw94b26/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429290/; classtype:trojan-activity;sid:81292390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428089)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/payment/8o4054361916emn7j49of5zb3bgzbw29zx/"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"jkshaonv.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428089/; classtype:trojan-activity;sid:81291189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427444)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/invoice/ujn3me8cye/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427444/; classtype:trojan-activity;sid:81290544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426390)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/open-0627720493640-azq24pffjrm/guarded-space/gxkx9t42ra6yf-6x7uyx330389w/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426390/; classtype:trojan-activity;sid:81289490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426310)"; flow:established,from_client; content:"GET"; http_method; content:"/covid19/statement/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"schenckel.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426310/; classtype:trojan-activity;sid:81289410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (424629)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kdgxnbhp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_05; reference:url, urlhaus.abuse.ch/url/424629/; classtype:trojan-activity;sid:81287729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422458)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice/aog-3515110/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lindnerelektroanlagen.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422458/; classtype:trojan-activity;sid:81285558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (420521)"; flow:established,from_client; content:"GET"; http_method; content:"/css/parts_service/ly944myw/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hitstation.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_28; reference:url, urlhaus.abuse.ch/url/420521/; classtype:trojan-activity;sid:81283621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (417815)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/znhs8f1m"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_22; reference:url, urlhaus.abuse.ch/url/417815/; classtype:trojan-activity;sid:81280915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (417814)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/6xgqcgx8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_22; reference:url, urlhaus.abuse.ch/url/417814/; classtype:trojan-activity;sid:81280914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (410755)"; flow:established,from_client; content:"GET"; http_method; content:"/d35ha/processhide/master/bins/processhide32.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_10; reference:url, urlhaus.abuse.ch/url/410755/; classtype:trojan-activity;sid:81273855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (398898)"; flow:established,from_client; content:"GET"; http_method; content:"/viewpoint_support.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"support.viewpoint.fr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_06_18; reference:url, urlhaus.abuse.ch/url/398898/; classtype:trojan-activity;sid:81261998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (390013)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1am1ztjjhswzwdbvue5tke5mbkwjud0w5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_06_15; reference:url, urlhaus.abuse.ch/url/390013/; classtype:trojan-activity;sid:81253113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (390009)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hd7ffgig6btbzuy2_2kds_t4u637qxjn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_06_15; reference:url, urlhaus.abuse.ch/url/390009/; classtype:trojan-activity;sid:81253109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (374230)"; flow:established,from_client; content:"GET"; http_method; content:"/mmjbbs/673484/nqad_673484_01062020.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"xn--b1afiqif6c.xn--p1ai"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_06_02; reference:url, urlhaus.abuse.ch/url/374230/; classtype:trojan-activity;sid:81237330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (366549)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1pyl4hq8sbp5qatm1zz9vmsze1cuy2uzw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_22; reference:url, urlhaus.abuse.ch/url/366549/; classtype:trojan-activity;sid:81229649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (355363)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1osjrfvjdy1vblk4fya98jp5jlnk7rutv|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_01; reference:url, urlhaus.abuse.ch/url/355363/; classtype:trojan-activity;sid:81218463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (351490)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nndvq_2_7doyyuqvcvwmory_4lyrplb7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_04_26; reference:url, urlhaus.abuse.ch/url/351490/; classtype:trojan-activity;sid:81214590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (326350)"; flow:established,from_client; content:"GET"; http_method; content:"/builds/offers/12.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"softcatalog.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_18; reference:url, urlhaus.abuse.ch/url/326350/; classtype:trojan-activity;sid:81189450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"cfs5.tistory.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; content:"GET"; http_method; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318947)"; flow:established,from_client; content:"GET"; http_method; content:"/bero1985/berotinypascal/e34bd4164f4b7c27e7cf667dffd9274d33d6dfbe/bin/btpc.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318947/; classtype:trojan-activity;sid:81182047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314465)"; flow:established,from_client; content:"GET"; http_method; content:"/fta.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314465/; classtype:trojan-activity;sid:81177565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314464)"; flow:established,from_client; content:"GET"; http_method; content:"/documeynt9897.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314464/; classtype:trojan-activity;sid:81177564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314463)"; flow:established,from_client; content:"GET"; http_method; content:"/fvs.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314463/; classtype:trojan-activity;sid:81177563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (303582)"; flow:established,from_client; content:"GET"; http_method; content:"/com1/files/severstal_map.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"111101111.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_01_31; reference:url, urlhaus.abuse.ch/url/303582/; classtype:trojan-activity;sid:81166682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (302960)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/payment/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"zapchast-gazkotel.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_30; reference:url, urlhaus.abuse.ch/url/302960/; classtype:trojan-activity;sid:81166060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (299048)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/private_resource/interior_mgzeu_1nsltpydj/aqxdrigqe_e4k6usnwxrg/"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"www.xyffqh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_01_27; reference:url, urlhaus.abuse.ch/url/299048/; classtype:trojan-activity;sid:81162148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (294238)"; flow:established,from_client; content:"GET"; http_method; content:"/components/personal_609510040_zqauxxvgt1/close_warehouse/2539958864610_y3rb9y/"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"supercleanspb.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_01_21; reference:url, urlhaus.abuse.ch/url/294238/; classtype:trojan-activity;sid:81157338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (288508)"; flow:established,from_client; content:"GET"; http_method; content:"/omlakdj17fkcjfsd/common_module/security_lkveb9o0tx_wd3lhz42yf1slt/tlcs2lwhd3vo_38wyy7/"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"owlcity.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_14; reference:url, urlhaus.abuse.ch/url/288508/; classtype:trojan-activity;sid:81151608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (273603)"; flow:established,from_client; content:"GET"; http_method; content:"/exeim/cippe2020bj/cippe2020en_bj_zhanghao.doc"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.cippe.com.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_12_20; reference:url, urlhaus.abuse.ch/url/273603/; classtype:trojan-activity;sid:81136703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (272267)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/closed_08597_xwbav/51578533_ixwt6qqxha0o_space/h7uvgaa_hfeywxam/"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"amuletweb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_12_19; reference:url, urlhaus.abuse.ch/url/272267/; classtype:trojan-activity;sid:81135367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (272221)"; flow:established,from_client; content:"GET"; http_method; content:"/about/lm/5oj0ss1de/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dezcom.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_12_19; reference:url, urlhaus.abuse.ch/url/272221/; classtype:trojan-activity;sid:81135321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (267913)"; flow:established,from_client; content:"GET"; http_method; content:"/index_soubory/common_sector/external_area/61551354147_t4d0ky73jjywffgy/"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"oknoplastik.sk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_12_12; reference:url, urlhaus.abuse.ch/url/267913/; classtype:trojan-activity;sid:81131013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (267838)"; flow:established,from_client; content:"GET"; http_method; content:"/photoblog/lli9c05hrj/2bwx-901909-89178267-5c5xr-qfvwc/"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"olingerphoto.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_12_12; reference:url, urlhaus.abuse.ch/url/267838/; classtype:trojan-activity;sid:81130938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (254738)"; flow:established,from_client; content:"GET"; http_method; content:"/cvd/dist/fileupload/1571723382710/9.915787746614242.jpg"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"cdn.xiaoduoai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254738/; classtype:trojan-activity;sid:81117838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (254737)"; flow:established,from_client; content:"GET"; http_method; content:"/cvd/dist/fileupload/1571723350789/0.25579108623802416.jpg"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"cdn.xiaoduoai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254737/; classtype:trojan-activity;sid:81117837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (250781)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cfvi8aejp75ekq0swtl31sx3jti/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.rbcfort.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_01; reference:url, urlhaus.abuse.ch/url/250781/; classtype:trojan-activity;sid:81113881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (247651)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/rd62/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.rbcfort.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_10_22; reference:url, urlhaus.abuse.ch/url/247651/; classtype:trojan-activity;sid:81110751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (244544)"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/hx86"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"192.236.154.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_10_14; reference:url, urlhaus.abuse.ch/url/244544/; classtype:trojan-activity;sid:81107644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.244.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240568/; classtype:trojan-activity;sid:81103668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.42.105.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240550/; classtype:trojan-activity;sid:81103650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240426/; classtype:trojan-activity;sid:81103526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240123/; classtype:trojan-activity;sid:81103223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240096)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.170.48.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240096/; classtype:trojan-activity;sid:81103196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239981)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.55.243.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/239981/; classtype:trojan-activity;sid:81103081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/239019/; classtype:trojan-activity;sid:81102119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238008)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/238008/; classtype:trojan-activity;sid:81101108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (231932)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/poseidon/inc/customizer/functions/index.html"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"smeetspost.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_09_16; reference:url, urlhaus.abuse.ch/url/231932/; classtype:trojan-activity;sid:81095032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (227362)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5d418a4b9682b.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_27; reference:url, urlhaus.abuse.ch/url/227362/; classtype:trojan-activity;sid:81090462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (224805)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/fmt/v1.0.7.01/fmt_01.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_15; reference:url, urlhaus.abuse.ch/url/224805/; classtype:trojan-activity;sid:81087905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222979)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5d3e8177e87cc.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222979/; classtype:trojan-activity;sid:81086079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222972)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5c8b08b37a426.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222972/; classtype:trojan-activity;sid:81086072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222463)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/mini/v1.0.7.31/mini_02.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_05; reference:url, urlhaus.abuse.ch/url/222463/; classtype:trojan-activity;sid:81085563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222263)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.konsor.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222263/; classtype:trojan-activity;sid:81085363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222259)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"konsor.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222259/; classtype:trojan-activity;sid:81085359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222056)"; flow:established,from_client; content:"GET"; http_method; content:"/kaobeitu/news/v1.0.7.31/news_01.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"download.kaobeitu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222056/; classtype:trojan-activity;sid:81085156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222054)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/mini/v1.0.7.31/mini_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222054/; classtype:trojan-activity;sid:81085154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaobeitu/mini/v1.0.7.16/mini_04.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"download.kaobeitu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222026/; classtype:trojan-activity;sid:81085126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222010)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/fmt/v1.0.7.31/fmt_02.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222010/; classtype:trojan-activity;sid:81085110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221599)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/news/v1.0.7.16/news_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221599/; classtype:trojan-activity;sid:81084699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221598)"; flow:established,from_client; content:"GET"; http_method; content:"/kszip/mini/v1.0.7.31/mini_04.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221598/; classtype:trojan-activity;sid:81084698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221595)"; flow:established,from_client; content:"GET"; http_method; content:"/kszip/news2/v1.0.7.31/news2_02.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221595/; classtype:trojan-activity;sid:81084695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220541)"; flow:established,from_client; content:"GET"; http_method; content:"/25072019_0963.xls"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fakers.co.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_07_29; reference:url, urlhaus.abuse.ch/url/220541/; classtype:trojan-activity;sid:81083641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220223)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/news/v1.0.7.01/news_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_07_27; reference:url, urlhaus.abuse.ch/url/220223/; classtype:trojan-activity;sid:81083323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220221)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/mini/v1.0.7.01/mini_01.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_07_27; reference:url, urlhaus.abuse.ch/url/220221/; classtype:trojan-activity;sid:81083321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (219275)"; flow:established,from_client; content:"GET"; http_method; content:"/0996938c001/6e8a2a4f-40ac-464f-9a70-7c67f0a0da19.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"files.constantcontact.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_07_24; reference:url, urlhaus.abuse.ch/url/219275/; classtype:trojan-activity;sid:81082375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217608)"; flow:established,from_client; content:"GET"; http_method; content:"/2018/06/201806065969_1243.doc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"data.kaoyany.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217608/; classtype:trojan-activity;sid:81080708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; content:"GET"; http_method; content:"/meteoradminz/hidden-tear/zip/master"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210525)"; flow:established,from_client; content:"GET"; http_method; content:"/20.06.2019_130.22.doc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"fakers.co.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_06_20; reference:url, urlhaus.abuse.ch/url/210525/; classtype:trojan-activity;sid:81073625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210023)"; flow:established,from_client; content:"GET"; http_method; content:"/opolis.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.opolis.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_18; reference:url, urlhaus.abuse.ch/url/210023/; classtype:trojan-activity;sid:81073123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (208009)"; flow:established,from_client; content:"GET"; http_method; content:"/domains/updateagent/application%20files/upagent.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"old.bullydog.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_06_12; reference:url, urlhaus.abuse.ch/url/208009/; classtype:trojan-activity;sid:81071109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (206183)"; flow:established,from_client; content:"GET"; http_method; content:"/~golgo13ex/c964732.xls"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.cc9.ne.jp"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_05; reference:url, urlhaus.abuse.ch/url/206183/; classtype:trojan-activity;sid:81069283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.hseda.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203157)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hseda.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_28; reference:url, urlhaus.abuse.ch/url/203157/; classtype:trojan-activity;sid:81066257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; content:"GET"; http_method; content:"/screenmate/cute/sm1302.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.starcountry.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201513)"; flow:established,from_client; content:"GET"; http_method; content:"/wj1bsetup.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dl.dzqzd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_24; reference:url, urlhaus.abuse.ch/url/201513/; classtype:trojan-activity;sid:81064613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201410)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivos/nfe.sfx.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.caravella.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_24; reference:url, urlhaus.abuse.ch/url/201410/; classtype:trojan-activity;sid:81064510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201067)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivos/nfe.sfx.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"caravella.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_24; reference:url, urlhaus.abuse.ch/url/201067/; classtype:trojan-activity;sid:81064167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/12.2013/nrv-ppwr.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/rzr-winner_intro.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"chiptune.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200770)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200770/; classtype:trojan-activity;sid:81063870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197376)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/g1gc04s1woz64tp6ugkcifwtu7pk0_l0pue-9898692635/"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"itcomsrv.kz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197376/; classtype:trojan-activity;sid:81060476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (195172)"; flow:established,from_client; content:"GET"; http_method; content:"/eypipe/pipefile/adpopup/adpopup_1382523956.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"goto.stnts.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_13; reference:url, urlhaus.abuse.ch/url/195172/; classtype:trojan-activity;sid:81058272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (186282)"; flow:established,from_client; content:"GET"; http_method; content:"/pub/1003b/patch/patch_data/patch_0.3300/1003b.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"dl.1003b.56a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_04_27; reference:url, urlhaus.abuse.ch/url/186282/; classtype:trojan-activity;sid:81049382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (185713)"; flow:established,from_client; content:"GET"; http_method; content:"/qrtb.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xiaoma-10021647.file.myqcloud.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_04_26; reference:url, urlhaus.abuse.ch/url/185713/; classtype:trojan-activity;sid:81048813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (184801)"; flow:established,from_client; content:"GET"; http_method; content:"/tqpjo/scan/uftruaemi2h/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"redlk.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_04_25; reference:url, urlhaus.abuse.ch/url/184801/; classtype:trojan-activity;sid:81047901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (176091)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/theme261/css/msg.jpg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"sk-comtel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_12; reference:url, urlhaus.abuse.ch/url/176091/; classtype:trojan-activity;sid:81039191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (175833)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/theme261/html/com_contact/category/hp.gf"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"sk-comtel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_11; reference:url, urlhaus.abuse.ch/url/175833/; classtype:trojan-activity;sid:81038933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (173971)"; flow:established,from_client; content:"GET"; http_method; content:"/file/support/trust/en/042019/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"brightworks.cz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_04_09; reference:url, urlhaus.abuse.ch/url/173971/; classtype:trojan-activity;sid:81037071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (173425)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/ewbnm-h00hvr2ptu3kyyr_yavlsniuf-a0u/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"solutelco.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_08; reference:url, urlhaus.abuse.ch/url/173425/; classtype:trojan-activity;sid:81036525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170262)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/3"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170262/; classtype:trojan-activity;sid:81033362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170261)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/2"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170261/; classtype:trojan-activity;sid:81033361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170260)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170260/; classtype:trojan-activity;sid:81033360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (168797)"; flow:established,from_client; content:"GET"; http_method; content:"/images/1754808353/avbq-nqp_gipxnq-ip/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"writerartist.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_29; reference:url, urlhaus.abuse.ch/url/168797/; classtype:trojan-activity;sid:81031897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (165554)"; flow:established,from_client; content:"GET"; http_method; content:"/secure.myacc.resourses.com/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165554/; classtype:trojan-activity;sid:81028654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (165504)"; flow:established,from_client; content:"GET"; http_method; content:"/i203611254b019514581.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"programandojuntos.us.tempcloudsite.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165504/; classtype:trojan-activity;sid:81028604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (164277)"; flow:established,from_client; content:"GET"; http_method; content:"/corporation/new_invoice/1033530/hijmq-jo_uqgwdlyf-8e/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164277/; classtype:trojan-activity;sid:81027377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (162770)"; flow:established,from_client; content:"GET"; http_method; content:"/artluz/produtos/sendincsec/support/sec/en_en/03-2019/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"alarmline.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_20; reference:url, urlhaus.abuse.ch/url/162770/; classtype:trojan-activity;sid:81025870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (161757)"; flow:established,from_client; content:"GET"; http_method; content:"/tomatoleizhutizy/tomatoleizhutizy.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl2.360tpcdn.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_19; reference:url, urlhaus.abuse.ch/url/161757/; classtype:trojan-activity;sid:81024857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (158942)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-03/27/pub/4d8ee54db371e.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p5.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_14; reference:url, urlhaus.abuse.ch/url/158942/; classtype:trojan-activity;sid:81022042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (157610)"; flow:established,from_client; content:"GET"; http_method; content:"/stats/f06bn-kgh24-ncoviajp/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_12; reference:url, urlhaus.abuse.ch/url/157610/; classtype:trojan-activity;sid:81020710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (155567)"; flow:established,from_client; content:"GET"; http_method; content:"/rawabijob.hta"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"local-update.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_10; reference:url, urlhaus.abuse.ch/url/155567/; classtype:trojan-activity;sid:81018667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (154627)"; flow:established,from_client; content:"GET"; http_method; content:"/za.ebali"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mitreart.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_07; reference:url, urlhaus.abuse.ch/url/154627/; classtype:trojan-activity;sid:81017727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (154059)"; flow:established,from_client; content:"GET"; http_method; content:"/mz5qeapm.hta"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dl.asis.io"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_07; reference:url, urlhaus.abuse.ch/url/154059/; classtype:trojan-activity;sid:81017159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (151907)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/kegy9-vkn3d7-vjunj.view/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"adver.com.br"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_04; reference:url, urlhaus.abuse.ch/url/151907/; classtype:trojan-activity;sid:81015007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (146376)"; flow:established,from_client; content:"GET"; http_method; content:"/sendincsec/legal/secure/en/022019/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_25; reference:url, urlhaus.abuse.ch/url/146376/; classtype:trojan-activity;sid:81009476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143834)"; flow:established,from_client; content:"GET"; http_method; content:"/hl2dm/hl2dm_updater.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"update.bruss.org.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143834/; classtype:trojan-activity;sid:81006934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143833)"; flow:established,from_client; content:"GET"; http_method; content:"/hl2dm/hl2dm%5fupdater.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"update.bruss.org.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143833/; classtype:trojan-activity;sid:81006933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143301)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/raw/master/win.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143301/; classtype:trojan-activity;sid:81006401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143068)"; flow:established,from_client; content:"GET"; http_method; content:"/copy_receipt/kppte-noyz_tjl-kww/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_22; reference:url, urlhaus.abuse.ch/url/143068/; classtype:trojan-activity;sid:81006168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (142841)"; flow:established,from_client; content:"GET"; http_method; content:"/company/account/open/file/jnpvoliu3gcmmwttlpocikgwpnx/"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"energy63.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_02_22; reference:url, urlhaus.abuse.ch/url/142841/; classtype:trojan-activity;sid:81005941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (141151)"; flow:established,from_client; content:"GET"; http_method; content:"/secure/business/open/read/6ejw2ylnjos64gujbzyd/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/141151/; classtype:trojan-activity;sid:81004251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140791)"; flow:established,from_client; content:"GET"; http_method; content:"/bv5eh1ierp/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"augsburg-auto.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140791/; classtype:trojan-activity;sid:81003891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140721)"; flow:established,from_client; content:"GET"; http_method; content:"/llc/pymn-4tz_mul-r1/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"energy63.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140721/; classtype:trojan-activity;sid:81003821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140156)"; flow:established,from_client; content:"GET"; http_method; content:"/1465810408079_502.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"static.topxgun.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_19; reference:url, urlhaus.abuse.ch/url/140156/; classtype:trojan-activity;sid:81003256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (124794)"; flow:established,from_client; content:"GET"; http_method; content:"/info/invoice/pbxt-q6sq_xs-1b/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_14; reference:url, urlhaus.abuse.ch/url/124794/; classtype:trojan-activity;sid:80987894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122975)"; flow:established,from_client; content:"GET"; http_method; content:"/data/box.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dusttv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_02_13; reference:url, urlhaus.abuse.ch/url/122975/; classtype:trojan-activity;sid:80986075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122898)"; flow:established,from_client; content:"GET"; http_method; content:"/u1yk11gr/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vcpesaas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_02_13; reference:url, urlhaus.abuse.ch/url/122898/; classtype:trojan-activity;sid:80985998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122545)"; flow:established,from_client; content:"GET"; http_method; content:"/sec.accounts.send.com/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"grikom.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_02_12; reference:url, urlhaus.abuse.ch/url/122545/; classtype:trojan-activity;sid:80985645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121258)"; flow:established,from_client; content:"GET"; http_method; content:"/28758658/2018/04/28/c4284a2a6c1b60247944a03cbaf930c5.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"cdn.file6.goodid.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_02_11; reference:url, urlhaus.abuse.ch/url/121258/; classtype:trojan-activity;sid:80984358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121029)"; flow:established,from_client; content:"GET"; http_method; content:"/active/pcclear_eng_mini.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"down.pcclear.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_10; reference:url, urlhaus.abuse.ch/url/121029/; classtype:trojan-activity;sid:80984129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (118737)"; flow:established,from_client; content:"GET"; http_method; content:"/us_us/info/invoice_notice/04742192589/tlpp-l3mt_mdyhk-fp3/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"onlinetanecni.cz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_06; reference:url, urlhaus.abuse.ch/url/118737/; classtype:trojan-activity;sid:80981837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (116990)"; flow:established,from_client; content:"GET"; http_method; content:"/ltbx_h3dtc-obppcj/maj/messages/2019-02/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"airlife.bget.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_02_04; reference:url, urlhaus.abuse.ch/url/116990/; classtype:trojan-activity;sid:80980090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (115233)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sanghyun-guest.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sanghyun.nfile.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_01; reference:url, urlhaus.abuse.ch/url/115233/; classtype:trojan-activity;sid:80978333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (115231)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sanghyun.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sanghyun.nfile.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_01; reference:url, urlhaus.abuse.ch/url/115231/; classtype:trojan-activity;sid:80978331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (114988)"; flow:established,from_client; content:"GET"; http_method; content:"/6iywkl5i_mg/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pobedastaff.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_31; reference:url, urlhaus.abuse.ch/url/114988/; classtype:trojan-activity;sid:80978088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112779)"; flow:established,from_client; content:"GET"; http_method; content:"/files/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sg123.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112779/; classtype:trojan-activity;sid:80975879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112648)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sg123.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112648/; classtype:trojan-activity;sid:80975748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112647)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"igra123.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112647/; classtype:trojan-activity;sid:80975747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112642)"; flow:established,from_client; content:"GET"; http_method; content:"/files/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"igra123.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112642/; classtype:trojan-activity;sid:80975742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (111691)"; flow:established,from_client; content:"GET"; http_method; content:"/files/haeum.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"haeum.nfile.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_01_28; reference:url, urlhaus.abuse.ch/url/111691/; classtype:trojan-activity;sid:80974791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (110142)"; flow:established,from_client; content:"GET"; http_method; content:"/%d3%b2%bc%fe%d0%c5%cf%a2%b2%e9%bf%b4%c6%f7.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"down.54nb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_01_25; reference:url, urlhaus.abuse.ch/url/110142/; classtype:trojan-activity;sid:80973242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (110132)"; flow:established,from_client; content:"GET"; http_method; content:"/gcld/updates_tw/gcmgr_tw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"static.ilclock.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_01_25; reference:url, urlhaus.abuse.ch/url/110132/; classtype:trojan-activity;sid:80973232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (109220)"; flow:established,from_client; content:"GET"; http_method; content:"/de_de/tejqsyf3366492/ger/rechnungszahlung/"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"blogs.sokun.jp"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_24; reference:url, urlhaus.abuse.ch/url/109220/; classtype:trojan-activity;sid:80972320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (108283)"; flow:established,from_client; content:"GET"; http_method; content:"/bigfile/v1/urls/d/4qnwtdd-4xsuuy1xlrmzcibqjfu/ihdzyo55cus7ds4lmmkxpa"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"attach.mail.daum.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_01_23; reference:url, urlhaus.abuse.ch/url/108283/; classtype:trojan-activity;sid:80971383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106006)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin128.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106006/; classtype:trojan-activity;sid:80969106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106003)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin133.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106003/; classtype:trojan-activity;sid:80969103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106002)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd156.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106002/; classtype:trojan-activity;sid:80969102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106000)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin130.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106000/; classtype:trojan-activity;sid:80969100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105999)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin142.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105999/; classtype:trojan-activity;sid:80969099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105998)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd124.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105998/; classtype:trojan-activity;sid:80969098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105997)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin141.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105997/; classtype:trojan-activity;sid:80969097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105996)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd127.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105996/; classtype:trojan-activity;sid:80969096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105992)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd145.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105992/; classtype:trojan-activity;sid:80969092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105991)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin140.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105991/; classtype:trojan-activity;sid:80969091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105988)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd144.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105988/; classtype:trojan-activity;sid:80969088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105985)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd136.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105985/; classtype:trojan-activity;sid:80969085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105976)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin139.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105976/; classtype:trojan-activity;sid:80969076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105975)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd137.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105975/; classtype:trojan-activity;sid:80969075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105946)"; flow:established,from_client; content:"GET"; http_method; content:"/pdfreader/fmt/v1.0.1.17/fmt_01.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105946/; classtype:trojan-activity;sid:80969046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105407)"; flow:established,from_client; content:"GET"; http_method; content:"/hkhe3fktc/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"atkcgnew.evgeni7e.beget.tech"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_01_18; reference:url, urlhaus.abuse.ch/url/105407/; classtype:trojan-activity;sid:80968507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (104181)"; flow:established,from_client; content:"GET"; http_method; content:"/cfjy-2q9i_yq-se/comet/signs/payment/notification/01/16/2019/en/open-past-due-orders/"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"advustech.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_01_16; reference:url, urlhaus.abuse.ch/url/104181/; classtype:trojan-activity;sid:80967281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (104016)"; flow:established,from_client; content:"GET"; http_method; content:"/drop/css/obr.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.myvcart.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_01_16; reference:url, urlhaus.abuse.ch/url/104016/; classtype:trojan-activity;sid:80967116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (103702)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/pridmag/ttt/161485502.doc"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"sdvgpro.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_01_15; reference:url, urlhaus.abuse.ch/url/103702/; classtype:trojan-activity;sid:80966802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (103393)"; flow:established,from_client; content:"GET"; http_method; content:"/vp1bgrvz9v/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.mixturro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_01_15; reference:url, urlhaus.abuse.ch/url/103393/; classtype:trojan-activity;sid:80966493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102706)"; flow:established,from_client; content:"GET"; http_method; content:"/autoguarder/autoguarder_2.3.7.350.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl4.360.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_12; reference:url, urlhaus.abuse.ch/url/102706/; classtype:trojan-activity;sid:80965806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102548)"; flow:established,from_client; content:"GET"; http_method; content:"/doumai/tips/v1.0.1.11/tips_01.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"download.doumaibiji.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_01_11; reference:url, urlhaus.abuse.ch/url/102548/; classtype:trojan-activity;sid:80965648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102545)"; flow:established,from_client; content:"GET"; http_method; content:"/doumai/fmt/v1.0.1.11/fmt_01.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"download.doumaibiji.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_01_11; reference:url, urlhaus.abuse.ch/url/102545/; classtype:trojan-activity;sid:80965645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (98628)"; flow:established,from_client; content:"GET"; http_method; content:"/6nqq.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.hostingcloud.science"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2018_12_21; reference:url, urlhaus.abuse.ch/url/98628/; classtype:trojan-activity;sid:80961728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (98115)"; flow:established,from_client; content:"GET"; http_method; content:"/pvvwe-5ve_e-avu/invoicecodechanges/us/service-invoice"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"advustech.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_20; reference:url, urlhaus.abuse.ch/url/98115/; classtype:trojan-activity;sid:80961215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96791)"; flow:established,from_client; content:"GET"; http_method; content:"/gvhr-mmj5u8zn2kc5aoq_nkxhprvvh-t9/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"aulist.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2018_12_18; reference:url, urlhaus.abuse.ch/url/96791/; classtype:trojan-activity;sid:80959891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96660)"; flow:established,from_client; content:"GET"; http_method; content:"/l5ecamtdy/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"advustech.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_17; reference:url, urlhaus.abuse.ch/url/96660/; classtype:trojan-activity;sid:80959760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96625)"; flow:established,from_client; content:"GET"; http_method; content:"/iuia-qgkdtq2rfbxd7z_ljiaengvq-4cy/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.ardguisser.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2018_12_17; reference:url, urlhaus.abuse.ch/url/96625/; classtype:trojan-activity;sid:80959725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95728)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/shiqi/2003/06/20030620.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95728/; classtype:trojan-activity;sid:80958828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95727)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mir2/2003/05/200305252.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95727/; classtype:trojan-activity;sid:80958827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95726)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mu/2003/07/20030721.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95726/; classtype:trojan-activity;sid:80958826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95634)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/guochang/setup_tvplayer.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95634/; classtype:trojan-activity;sid:80958734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95633)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/youxi/okhan.net-2wn.rar"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95633/; classtype:trojan-activity;sid:80958733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95550)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mir2/2003/05/20030520.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95550/; classtype:trojan-activity;sid:80958650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95509)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/anquan/pjbingdianhuanyuan.rar"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95509/; classtype:trojan-activity;sid:80958609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95209)"; flow:established,from_client; content:"GET"; http_method; content:"/us/information/122018/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_14; reference:url, urlhaus.abuse.ch/url/95209/; classtype:trojan-activity;sid:80958309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95078)"; flow:established,from_client; content:"GET"; http_method; content:"/us/information/122018"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_14; reference:url, urlhaus.abuse.ch/url/95078/; classtype:trojan-activity;sid:80958178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94279)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/20140812/14078161556897.rar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"static.3001.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94279/; classtype:trojan-activity;sid:80957379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94199)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/youxi/okhan.net-2wn.rar"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"okhan.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94199/; classtype:trojan-activity;sid:80957299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94194)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/anquan/pjbingdianhuanyuan.rar"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"okhan.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94194/; classtype:trojan-activity;sid:80957294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (93513)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/telekom/rechnungonline/112018/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"artscreenstudio.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2018_12_12; reference:url, urlhaus.abuse.ch/url/93513/; classtype:trojan-activity;sid:80956613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92354)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/3"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92354/; classtype:trojan-activity;sid:80955454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92351)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/2"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92351/; classtype:trojan-activity;sid:80955451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92344)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92344/; classtype:trojan-activity;sid:80955444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91936)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-11/17/pub/4ce336b4661fd.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91936/; classtype:trojan-activity;sid:80955036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91935)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-11/04/pub/4cd2620ce3f10.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91935/; classtype:trojan-activity;sid:80955035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91933)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-08/11/pub/4e4334b150fcf.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91933/; classtype:trojan-activity;sid:80955033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91931)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-10/14/1121109/4e97e74d5dd8e.rar"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91931/; classtype:trojan-activity;sid:80955031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91928)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-12/03/519808/4cf8bc6362f34.rar"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91928/; classtype:trojan-activity;sid:80955028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91927)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2010-12/12/pub/4d043cebf1e0b.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_09; reference:url, urlhaus.abuse.ch/url/91927/; classtype:trojan-activity;sid:80955027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (91881)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2011-10/22/1164339/4ea2a4c43df54.rar"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"p6.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_08; reference:url, urlhaus.abuse.ch/url/91881/; classtype:trojan-activity;sid:80954981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86730)"; flow:established,from_client; content:"GET"; http_method; content:"/076360tad/oamo/business/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_29; reference:url, urlhaus.abuse.ch/url/86730/; classtype:trojan-activity;sid:80949830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86203)"; flow:established,from_client; content:"GET"; http_method; content:"/076360tad/oamo/business"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/86203/; classtype:trojan-activity;sid:80949303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85967)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/rc1veeex.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85967/; classtype:trojan-activity;sid:80949067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85901)"; flow:established,from_client; content:"GET"; http_method; content:"/tekiwanatain/installer.rar"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85901/; classtype:trojan-activity;sid:80949001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85881)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/5fg9yjwr.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85881/; classtype:trojan-activity;sid:80948981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85879)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/a9to40e7.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85879/; classtype:trojan-activity;sid:80948979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85878)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/e6i8pdc0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85878/; classtype:trojan-activity;sid:80948978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85877)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-07/28/117228/4wtjdjio.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85877/; classtype:trojan-activity;sid:80948977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85876)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/zwy1q6k0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85876/; classtype:trojan-activity;sid:80948976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85874)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/06/98428/07c9mfhe.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85874/; classtype:trojan-activity;sid:80948974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (84160)"; flow:established,from_client; content:"GET"; http_method; content:"/709rru/ach/business"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.uralmetalloprokat.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2018_11_23; reference:url, urlhaus.abuse.ch/url/84160/; classtype:trojan-activity;sid:80947260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (84040)"; flow:established,from_client; content:"GET"; http_method; content:"/0415jbrob/sep/smallbusiness"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.udobrit.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_11_23; reference:url, urlhaus.abuse.ch/url/84040/; classtype:trojan-activity;sid:80947140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (84037)"; flow:established,from_client; content:"GET"; http_method; content:"/5zbqf/wire/personal"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.tobeart.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_11_23; reference:url, urlhaus.abuse.ch/url/84037/; classtype:trojan-activity;sid:80947137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (80599)"; flow:established,from_client; content:"GET"; http_method; content:"/akaribins/akari.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"104.168.147.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_15; reference:url, urlhaus.abuse.ch/url/80599/; classtype:trojan-activity;sid:80943699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (80589)"; flow:established,from_client; content:"GET"; http_method; content:"/akaribins/akari.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"104.168.147.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_15; reference:url, urlhaus.abuse.ch/url/80589/; classtype:trojan-activity;sid:80943689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (80588)"; flow:established,from_client; content:"GET"; http_method; content:"/akaribins/akari.arm4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"104.168.147.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_15; reference:url, urlhaus.abuse.ch/url/80588/; classtype:trojan-activity;sid:80943688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (80585)"; flow:established,from_client; content:"GET"; http_method; content:"/akaribins/akari.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"104.168.147.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_15; reference:url, urlhaus.abuse.ch/url/80585/; classtype:trojan-activity;sid:80943685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (80581)"; flow:established,from_client; content:"GET"; http_method; content:"/akaribins/akari.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"104.168.147.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_15; reference:url, urlhaus.abuse.ch/url/80581/; classtype:trojan-activity;sid:80943681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (79978)"; flow:established,from_client; content:"GET"; http_method; content:"/worming.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.227.186.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_14; reference:url, urlhaus.abuse.ch/url/79978/; classtype:trojan-activity;sid:80943078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (79977)"; flow:established,from_client; content:"GET"; http_method; content:"/toler.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.227.186.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_14; reference:url, urlhaus.abuse.ch/url/79977/; classtype:trojan-activity;sid:80943077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (79623)"; flow:established,from_client; content:"GET"; http_method; content:"/urzfhrbbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vagler.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_11_13; reference:url, urlhaus.abuse.ch/url/79623/; classtype:trojan-activity;sid:80942723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (79342)"; flow:established,from_client; content:"GET"; http_method; content:"/bigfile/v1/urls/d/1gpusd8uwnakepjjehixnayfekq/kbdjubux_j-nvjot1z-mdw"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"attach.mail.daum.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2018_11_13; reference:url, urlhaus.abuse.ch/url/79342/; classtype:trojan-activity;sid:80942442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (78242)"; flow:established,from_client; content:"GET"; http_method; content:"/table.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.227.186.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_10; reference:url, urlhaus.abuse.ch/url/78242/; classtype:trojan-activity;sid:80941342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (75819)"; flow:established,from_client; content:"GET"; http_method; content:"/radiance.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.227.186.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_07; reference:url, urlhaus.abuse.ch/url/75819/; classtype:trojan-activity;sid:80938919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (71185)"; flow:established,from_client; content:"GET"; http_method; content:"/nykol16/kepek.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_26; reference:url, urlhaus.abuse.ch/url/71185/; classtype:trojan-activity;sid:80934285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (67439)"; flow:established,from_client; content:"GET"; http_method; content:"/zoolatogato/xruhbmzvlaghfnqcerrv.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_12; reference:url, urlhaus.abuse.ch/url/67439/; classtype:trojan-activity;sid:80930539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66694)"; flow:established,from_client; content:"GET"; http_method; content:"/autoup/client/aqclient.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pay.aqiu6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_10_11; reference:url, urlhaus.abuse.ch/url/66694/; classtype:trojan-activity;sid:80929794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66274)"; flow:established,from_client; content:"GET"; http_method; content:"/toneraruhaz/wp-admin/network/installer.rar"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_09; reference:url, urlhaus.abuse.ch/url/66274/; classtype:trojan-activity;sid:80929374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66164)"; flow:established,from_client; content:"GET"; http_method; content:"/fvlmodell/letoltes/files/scalecalc.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_09; reference:url, urlhaus.abuse.ch/url/66164/; classtype:trojan-activity;sid:80929264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (64681)"; flow:established,from_client; content:"GET"; http_method; content:"/85nojvodyz/biz/business"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kamin-premium.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_10_04; reference:url, urlhaus.abuse.ch/url/64681/; classtype:trojan-activity;sid:80927781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (62420)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.168.147.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_09_30; reference:url, urlhaus.abuse.ch/url/62420/; classtype:trojan-activity;sid:80925520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (62409)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.168.147.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_09_30; reference:url, urlhaus.abuse.ch/url/62409/; classtype:trojan-activity;sid:80925509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (62384)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.168.147.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_09_30; reference:url, urlhaus.abuse.ch/url/62384/; classtype:trojan-activity;sid:80925484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (62383)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.168.147.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_09_30; reference:url, urlhaus.abuse.ch/url/62383/; classtype:trojan-activity;sid:80925483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (62374)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.168.147.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_09_30; reference:url, urlhaus.abuse.ch/url/62374/; classtype:trojan-activity;sid:80925474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (62360)"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.168.147.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_09_30; reference:url, urlhaus.abuse.ch/url/62360/; classtype:trojan-activity;sid:80925460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (62358)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.168.147.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_09_30; reference:url, urlhaus.abuse.ch/url/62358/; classtype:trojan-activity;sid:80925458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (62349)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.168.147.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_09_30; reference:url, urlhaus.abuse.ch/url/62349/; classtype:trojan-activity;sid:80925449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (62348)"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.168.147.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_09_30; reference:url, urlhaus.abuse.ch/url/62348/; classtype:trojan-activity;sid:80925448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (59247)"; flow:established,from_client; content:"GET"; http_method; content:"/vqd0d5/"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_09_23; reference:url, urlhaus.abuse.ch/url/59247/; classtype:trojan-activity;sid:80922347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (57935)"; flow:established,from_client; content:"GET"; http_method; content:"/factures-09-2018/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hasalltalent.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_09_19; reference:url, urlhaus.abuse.ch/url/57935/; classtype:trojan-activity;sid:80921035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (57059)"; flow:established,from_client; content:"GET"; http_method; content:"/document/en/need-to-send-the-attachment"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"vgd.vg"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2018_09_17; reference:url, urlhaus.abuse.ch/url/57059/; classtype:trojan-activity;sid:80920159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (56449)"; flow:established,from_client; content:"GET"; http_method; content:"/7mn5zo8d/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vgd.vg"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2018_09_14; reference:url, urlhaus.abuse.ch/url/56449/; classtype:trojan-activity;sid:80919549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (45433)"; flow:established,from_client; content:"GET"; http_method; content:"/022bzx/swift/us/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"merctransfers.gradycares.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2018_08_21; reference:url, urlhaus.abuse.ch/url/45433/; classtype:trojan-activity;sid:80908533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (45270)"; flow:established,from_client; content:"GET"; http_method; content:"/022bzx/swift/us"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"merctransfers.gradycares.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2018_08_21; reference:url, urlhaus.abuse.ch/url/45270/; classtype:trojan-activity;sid:80908370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (44461)"; flow:established,from_client; content:"GET"; http_method; content:"/5805773c/payment/personal"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ct3-24.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_08_20; reference:url, urlhaus.abuse.ch/url/44461/; classtype:trojan-activity;sid:80907561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (44113)"; flow:established,from_client; content:"GET"; http_method; content:"/663752sludgz/oamo/us/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ct3-24.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_08_17; reference:url, urlhaus.abuse.ch/url/44113/; classtype:trojan-activity;sid:80907213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (40811)"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter/en_us/status/deposit"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bankgarantia.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_10; reference:url, urlhaus.abuse.ch/url/40811/; classtype:trojan-activity;sid:80903911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38013)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/gxfqfem5m813nva/firefox_67.3.39.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38013/; classtype:trojan-activity;sid:80901113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38011)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/dqrsgzlf8jeefw0/firefox_67.3.45.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38011/; classtype:trojan-activity;sid:80901111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38009)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/g4is5u674v6l2yy/firefox_67.3.16.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38009/; classtype:trojan-activity;sid:80901109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (37232)"; flow:established,from_client; content:"GET"; http_method; content:"/tpkmgecq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_31; reference:url, urlhaus.abuse.ch/url/37232/; classtype:trojan-activity;sid:80900332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (36522)"; flow:established,from_client; content:"GET"; http_method; content:"/files/en/statement/invoice/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_28; reference:url, urlhaus.abuse.ch/url/36522/; classtype:trojan-activity;sid:80899622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (36154)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en_us/invoice-for-sent/invoice/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_26; reference:url, urlhaus.abuse.ch/url/36154/; classtype:trojan-activity;sid:80899254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34267)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en/account/auditor-of-state-notification-of-eft-deposit/"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34267/; classtype:trojan-activity;sid:80897367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34227)"; flow:established,from_client; content:"GET"; http_method; content:"/notification-de-facture-07/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34227/; classtype:trojan-activity;sid:80897327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34178)"; flow:established,from_client; content:"GET"; http_method; content:"/notification-de-facture-07-2018/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"asl-company.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34178/; classtype:trojan-activity;sid:80897278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34102)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en/account/auditor-of-state-notification-of-eft-deposit"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34102/; classtype:trojan-activity;sid:80897202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (33107)"; flow:established,from_client; content:"GET"; http_method; content:"/newsletter/us_us/file/invoice-604371/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"kuzina-teatr.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_07_16; reference:url, urlhaus.abuse.ch/url/33107/; classtype:trojan-activity;sid:80896207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (28277)"; flow:established,from_client; content:"GET"; http_method; content:"/mc_setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"crimefreesoftware.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2018_07_04; reference:url, urlhaus.abuse.ch/url/28277/; classtype:trojan-activity;sid:80891377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (24594)"; flow:established,from_client; content:"GET"; http_method; content:"/past-due-invoices"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kakhun.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_06_28; reference:url, urlhaus.abuse.ch/url/24594/; classtype:trojan-activity;sid:80887694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (24379)"; flow:established,from_client; content:"GET"; http_method; content:"/past-due-invoices/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kakhun.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_06_28; reference:url, urlhaus.abuse.ch/url/24379/; classtype:trojan-activity;sid:80887479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (16630)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/past-due-invoice/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_06_07; reference:url, urlhaus.abuse.ch/url/16630/; classtype:trojan-activity;sid:80879730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (15711)"; flow:established,from_client; content:"GET"; http_method; content:"/status/auditor-of-state-notification-of-eft-deposit/"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_06_05; reference:url, urlhaus.abuse.ch/url/15711/; classtype:trojan-activity;sid:80878811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (14715)"; flow:established,from_client; content:"GET"; http_method; content:"/admim/mine001.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.tirtasentosa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2018_06_03; reference:url, urlhaus.abuse.ch/url/14715/; classtype:trojan-activity;sid:80877815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8435)"; flow:established,from_client; content:"GET"; http_method; content:"/give/ukbros003.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8435/; classtype:trojan-activity;sid:80871535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8434)"; flow:established,from_client; content:"GET"; http_method; content:"/give/ukbros002.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8434/; classtype:trojan-activity;sid:80871534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8433)"; flow:established,from_client; content:"GET"; http_method; content:"/give/ukbros001.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8433/; classtype:trojan-activity;sid:80871533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8432)"; flow:established,from_client; content:"GET"; http_method; content:"/give/prin001.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8432/; classtype:trojan-activity;sid:80871532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8431)"; flow:established,from_client; content:"GET"; http_method; content:"/give/obi001.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8431/; classtype:trojan-activity;sid:80871531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8430)"; flow:established,from_client; content:"GET"; http_method; content:"/give/jon001.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_06; reference:url, urlhaus.abuse.ch/url/8430/; classtype:trojan-activity;sid:80871530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (8053)"; flow:established,from_client; content:"GET"; http_method; content:"/give/was001.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tirtasentosa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_05_02; reference:url, urlhaus.abuse.ch/url/8053/; classtype:trojan-activity;sid:80871153; rev:1;) # Number of entries: 29682